[Git][security-tracker-team/security-tracker][master] Mark CVE-2017-18641/lxc-templates now as unimportant

Sat, 27 Jan 2024 23:44:29 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d5c54386 by Salvatore Bonaccorso at 2024-01-28T08:42:14+01:00
Mark CVE-2017-18641/lxc-templates now as unimportant

There is no security commitment from upstream and lxc-templates are
essentially deprecated in favour of using distrobuilder. That said, to
date there is no distrobuilder package in Debian.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -281194,10 +281194,7 @@ CVE-2020-8814
 CVE-2018-21034 (In Argo versions prior to v1.5.0-rc1, it was possible for 
authenticate ...)
        NOT-FOR-US: Argo
 CVE-2017-18641 (In LXC 2.0, many template scripts download code over cleartext 
HTTP, a ...)
-       - lxc-templates <unfixed> (bug #988730)
-       [bookworm] - lxc-templates <ignored> (Minor issue)
-       [bullseye] - lxc-templates <ignored> (Minor issue)
-       [buster] - lxc-templates <ignored> (Minor issue)
+       - lxc-templates <unfixed> (bug #988730; unimportant)
        - lxc 1:3.0.3-1 (low)
        [stretch] - lxc <no-dsa> (Minor issue)
        [jessie] - lxc <ignored> 
(https://lists.debian.org/debian-lts/2020/02/msg00102.html)
@@ -281205,6 +281202,8 @@ CVE-2017-18641 (In LXC 2.0, many template scripts 
download code over cleartext H
        NOTE: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447
        NOTE: Some of the templates were switched to fetch the pacakges over 
HTTPS, cf.
        NOTE: https://github.com/lxc/lxc/pull/1371 for the lxc-fedora template.
+       NOTE: No security commitments from upstream and lxc-ltemplates 
deprecated in favour of
+       NOTE: distrobuilder.
 CVE-2020-8813 (graph_realtime.php in Cacti 1.2.8 allows remote attackers to 
execute a ...)
        {DLA-3252-1}
        - cacti 1.2.10+ds1-1 (bug #951832)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5c543867f1d76d989495df3639fe9eb10ffcd3b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5c543867f1d76d989495df3639fe9eb10ffcd3b
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to