[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2018-10243/libhtp

Fri, 05 Apr 2019 13:29:09 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1322cd3c by Salvatore Bonaccorso at 2019-04-05T20:24:50Z
Add CVE-2018-10243/libhtp

- - - - -
51fdf9a1 by Salvatore Bonaccorso at 2019-04-05T20:27:08Z
Track src:suricata as well for CVE-2018-10243

In jessie and stretch src:suricata used the embedded copy of libhtp.
Thus track src:suricata for CVE-2018-10243 and mark for suricata as
fixed version for the unstable following when it switched to use the
system libhtp instead of the embedded version. For src:libhtp already
tracked the fixed version for the unstable uploads.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -53133,7 +53133,11 @@ CVE-2018-10245 (A Full Path Disclosure vulnerability 
in AWStats through 7.6 allo
 CVE-2018-10244 (Suricata version 4.0.4 incorrectly handles the parsing of an 
EtherNet/ ...)
        TODO: check
 CVE-2018-10243 (htp_parse_authorization_digest in htp_parsers.c in LibHTP 
0.5.26 allow ...)
-       TODO: check
+       - libhtp 1:0.5.28-1
+       - suricata 1:4.0.0-1
+       NOTE: suricata used the embedded copy of libhtp up to before 1:4.0.0-1.
+       NOTE: https://github.com/OISF/libhtp/issues/169
+       NOTE: 
https://github.com/OISF/libhtp/commit/eefd4b7d2be663f6067362f29c81e6edf909145a
 CVE-2018-10242 (Suricata version 4.0.4 incorrectly handles the parsing of the 
SSH bann ...)
        TODO: check
 CVE-2014-10073 (The create_response function in server/server.c in Psensor 
before 1.1. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/3980016f0fe72e6b08763e70e0a194dd196d20a7...51fdf9a15b775c7ce0820e6064aad598e7047ed5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/3980016f0fe72e6b08763e70e0a194dd196d20a7...51fdf9a15b775c7ce0820e6064aad598e7047ed5
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to