[Git][security-tracker-team/security-tracker][master] CVE-2018-16838: jessie not-affected

Sat, 16 Mar 2019 06:18:08 -0700 

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
01e0d8b7 by Hugo Lefeuvre at 2019-03-16T13:17:29Z
CVE-2018-16838: jessie not-affected

GPO access control was introduced later around 1.11.90

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -32100,7 +32100,11 @@ CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1 
are vulnerable to a buffer o
 CVE-2018-16838 [improper implementation of GPOs due to too restrictive 
permissions]
        RESERVED
        - sssd <unfixed>
+       [jessie] - sssd <not-affected> (GPO based access control introduced 
later)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1640820
+       NOTE: GPO based access control introduced in 
https://github.com/SSSD/sssd/commit/60cab26b12
+       NOTE: seems to presuppose configuration mistake: if sssd is not given 
enough permissions
+       NOTE: to read GPO, access is systematically granted instead of denied
        TODO: check, Bugzilla entry does not provide details
 CVE-2018-16837 (Ansible &quot;User&quot; module leaks any data which is passed 
on as a parameter ...)
        {DSA-4396-1 DLA-1576-1}


=====================================
data/dla-needed.txt
=====================================
@@ -119,8 +119,6 @@ sqlalchemy
   NOTE: 20190312:   
https://gerrit.sqlalchemy.org/#/c/sqlalchemy/sqlalchemy/+/1165/
   NOTE: 20190312:   https://github.com/sqlalchemy/sqlalchemy/issues/4481
 --
-sssd (Hugo Lefeuvre)
---
 wireshark (Thorsten Alteholz)
 --
 wordpress



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/01e0d8b763d5414ff3223b2b96a83f0bb442b6f5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/01e0d8b763d5414ff3223b2b96a83f0bb442b6f5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to