[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2018-3741/ruby-rails-html-sanitizer as no-dsa

Mon, 01 Jun 2020 01:47:03 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8d266c5f by Salvatore Bonaccorso at 2020-06-01T10:45:09+02:00
Mark CVE-2018-3741/ruby-rails-html-sanitizer as no-dsa

- - - - -
9168297a by Salvatore Bonaccorso at 2020-06-01T10:46:07+02:00
Mark CVE-2018-1687{7,8}/pacemaker as no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -98650,12 +98650,14 @@ CVE-2018-16879 (Ansible Tower before version 3.3.3 
does not set a secure channel
        NOT-FOR-US: Ansible Tower
 CVE-2018-16878 (A flaw was found in pacemaker up to and including version 
2.0.1. An in ...)
        - pacemaker 2.0.1-3 (bug #927714)
+       [stretch] - pacemaker <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
        NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master)
        NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1)
        NOTE: https://lists.clusterlabs.org/pipermail/users/2019-May/025822.html
 CVE-2018-16877 (A flaw was found in the way pacemaker's client-server 
authentication w ...)
        - pacemaker 2.0.1-3 (bug #927714)
+       [stretch] - pacemaker <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
        NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master)
        NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1)
@@ -135076,6 +135078,7 @@ CVE-2018-3742
        REJECTED
 CVE-2018-3741 (There is a possible XSS vulnerability in all 
rails-html-sanitizer gem  ...)
        - ruby-rails-html-sanitizer 1.0.4-1 (bug #893994)
+       [stretch] - ruby-rails-html-sanitizer <no-dsa> (Minor issue; can be 
fixed via point release)
        NOTE: 
https://github.com/rails/rails-html-sanitizer/commit/f3ba1a839a35f2ba7f941c15e239a1cb379d56ae
 CVE-2018-3740 (A specially crafted HTML fragment can cause Sanitize gem for 
Ruby to a ...)
        {DSA-4358-1}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03cbd54692f5b96204c490562e7869a6810ffca1...9168297aaf874ae06580779946e34db20a4d08f7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03cbd54692f5b96204c490562e7869a6810ffca1...9168297aaf874ae06580779946e34db20a4d08f7
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to