[Secure-testing-commits] r58863 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Dec 23 12:09:08 UTC 2017
Author: carnil
Date: 2017-12-23 12:09:08 +0000 (Sat, 23 Dec 2017)
New Revision: 58863
Modified:
data/CVE/list
Log:
Update status for CVE-2017-17840
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-23 11:31:33 UTC (rev 58862)
+++ data/CVE/list 2017-12-23 12:09:08 UTC (rev 58863)
@@ -53,15 +53,17 @@
CVE-2017-17841
RESERVED
CVE-2017-17840 (An issue was discovered in Open-iSCSI through 2.0.875. A local attacker ...)
- - open-iscsi <unfixed> (bug #885021)
+ - open-iscsi 2.0.874-5 (bug #885021)
[stretch] - open-iscsi <no-dsa> (Minor issue)
- [jessie] - open-iscsi <no-dsa> (Minor issue)
+ [jessie] - open-iscsi <ignored> (Minor issue, iscsiuio not built in this version, source affected)
[wheezy] - open-iscsi <ignored> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/12/13/2
NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1072312
NOTE: Specfic CVE fixed by https://github.com/open-iscsi/open-iscsi/pull/72/commits/b9c33683bdc0aed28ffe31c3f3d50bf5cdf519ea
NOTE: But all of the commits in https://github.com/open-iscsi/open-iscsi/pull/72
NOTE: should be applied.
+ NOTE: Not marking the issue as unimportant, since vulnerable source is present, but
+ NOTE: not in all suites iscsiuio is built.
CVE-2017-17839
RESERVED
CVE-2017-17838
More information about the Secure-testing-commits
mailing list