[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-15751 and CVE-2018-15750 will be fixed with the same patch

Thorsten Alteholz Tue, 28 Jul 2020 13:23:19 -0700


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
60152959 by Thorsten Alteholz at 2020-07-28T22:22:27+02:00
CVE-2018-15751 and CVE-2018-15750 will be fixed with the same patch

- - - - -
5592ead1 by Thorsten Alteholz at 2020-07-28T22:22:27+02:00
Reserve DLA-2294-1 for salt

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -108676,7 +108676,6 @@ CVE-2018-15751 (SaltStack Salt before 2017.7.8 and 
2018.3.x before 2018.3.3 allo
        NOTE: minimal patch: 
https://github.com/saltstack/salt/compare/v2016.11.9..v2016.11.10
 CVE-2018-15750 (Directory Traversal vulnerability in salt-api in SaltStack 
Salt before ...)
        - salt 2018.3.3+dfsg1-1 (bug #913476)
-       [stretch] - salt <no-dsa> (Minor issue)
        [jessie] - salt <not-affected> (REST netapi code was first introduced 
with v2014.7)
        NOTE: Fixed in 2016.11.10, 2017.7.8, 2018.3.3
        NOTE: 
https://docs.saltstack.com/en/latest/topics/releases/2016.11.10.html#security-fix


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Jul 2020] DLA-2294-1 salt - security update
+       {CVE-2018-15750 CVE-2018-15751}
+       [stretch] - salt 2016.11.2+ds-1+deb9u5
 [27 Jul 2020] DLA-2293-1 mercurial - security update
        {CVE-2017-17458 CVE-2018-13346 CVE-2018-13347 CVE-2018-13348 
CVE-2018-1000132 CVE-2019-3902}
        [stretch] - mercurial 4.0-1+deb9u2


=====================================
data/dla-needed.txt
=====================================
@@ -123,11 +123,6 @@ ruby-zip
   NOTE: 20200710: Vulnerable to at least CVE-2018-1000544. (lamby)
   NOTE: 20200710: Was fixed in jessie LTS via DLA-1467-1. (lamby)
 --
-salt (Thorsten Alteholz)
-  NOTE: 20200710: Vulnerable to at least CVE-2018-15751, which was
-  NOTE: 20200710: not an issue in jessie LTS. (lamby)
-  NOTE: 20200726: trying to run the test suite (thorsten)
---
 samba (Roberto C. Sánchez)
   NOTE: 20200703: Check with security team so that there's no clash for 
Stretch update. (utkarsh)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b5bac823dacacf3e516eda77308efab7951fbc1f...5592ead1e5d411ceab65f6e068f9e77d4e8a8a0f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b5bac823dacacf3e516eda77308efab7951fbc1f...5592ead1e5d411ceab65f6e068f9e77d4e8a8a0f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-15751 and CVE-2018-15750 will be fixed with the same patch

Reply via email to