[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Remove mentioning of CVE-2017-1000116 for DLA-1331-1

Mon, 02 Apr 2018 22:15:31 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a2f7ffd6 by Salvatore Bonaccorso at 2018-04-03T07:13:54+02:00
Remove mentioning of CVE-2017-1000116 for DLA-1331-1

Reason: The issue fixed in DLA-1331-1 with regard to CVE-2017-1000116 is
not a security one but a functional regression. As such CVE-2017-1000116
is fixed in the earlier update already.

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -38198,7 +38198,7 @@ CVE-2017-1000117 (A malicious third-party can give a 
crafted "ssh://...&quo
        - git 1:2.14.1-1
        NOTE: 
https://public-inbox.org/git/xmqqh8xf482j....@gitster.mtv.corp.google.com/T/#u
 CVE-2017-1000116 (Mercurial prior to 4.3 did not adequately sanitize hostnames 
passed to ...)
-       {DSA-3963-1 DLA-1331-1 DLA-1072-1}
+       {DSA-3963-1 DLA-1072-1}
        - mercurial 4.3.1-1 (bug #871710)
        NOTE: 
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29
        NOTE: 11 patches need to be applied, the following are for 4.2:


=====================================
data/DLA/list
=====================================
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -17,7 +17,7 @@
        {CVE-2018-7225}
        [wheezy] - libvncserver 0.9.9+dfsg-1+deb7u3
 [30 Mar 2018] DLA-1331-1 mercurial - security update
-       {CVE-2017-1000116 CVE-2018-1000132}
+       {CVE-2018-1000132}
        [wheezy] - mercurial 2.2.2-4+deb7u7
 [30 Mar 2018] DLA-1330-1 openssl - security update
        {CVE-2018-0739}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2f7ffd66a4cfd5f7319063e84d49ec81699aadd

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2f7ffd66a4cfd5f7319063e84d49ec81699aadd
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to