[Git][security-tracker-team/security-tracker][master] Mark CVE-2018-10897/yum-utils as unfixed

Mon, 11 Feb 2019 07:13:26 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
dae9c3b5 by Salvatore Bonaccorso at 2019-02-11T15:11:56Z
Mark CVE-2018-10897/yum-utils as unfixed

Second half of the patch was not applied 1.1.31-2.1 but not clear if
it's relevant to fix/address the issue. There will be a followup fix
including both commits and we can be on safe side by marking it fixed
with both commits applied.

Thanks: Holger Levsen

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -42478,16 +42478,13 @@ CVE-2018-10899
 CVE-2018-10898 (A vulnerability was found in openstack-tripleo-heat-templates 
before ...)
        - tripleo-heat-templates <removed>
 CVE-2018-10897 (A directory traversal issue was found in reposync, a part of 
...)
-       - yum-utils 1.1.31-2.1 (bug #921131)
+       - yum-utils <unfixed> (bug #921131)
        [stretch] - yum-utils <ignored> (Minor issue)
        [jessie] - yum-utils <ignored> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1600221
        NOTE: 
https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c
        NOTE: 
https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c
        NOTE: https://github.com/rpm-software-management/yum-utils/pull/43
-       NOTE: Second part of the patch seems missing in 1.1.31-2.1 but possibly 
not
-       NOTE: needed to address the issue.
-       TODO: check
 CVE-2018-10896 (The default cloud-init configuration, in cloud-init 0.6.2 and 
newer, ...)
        NOT-FOR-US: Red Hat-specific packaging flaw of cloud-init default config
 CVE-2018-10895 (qutebrowser before version 1.4.1 is vulnerable to a cross-site 
request ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dae9c3b51355167a0f45b3a1c3e7d6045f990f2a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dae9c3b51355167a0f45b3a1c3e7d6045f990f2a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to