[Secure-testing-commits] r57962 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Nov 23 15:10:30 UTC 2017
Author: carnil
Date: 2017-11-23 15:10:30 +0000 (Thu, 23 Nov 2017)
New Revision: 57962
Modified:
data/CVE/list
Log:
Checked CVE-2017-16818/ceph, not affected in Debian
Basic support for IAM policies (and thus the respective code) was only
added with the 12.1.0 release of ceph. All versions in Debian thus not
affected by the issue.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-23 14:22:15 UTC (rev 57961)
+++ data/CVE/list 2017-11-23 15:10:30 UTC (rev 57962)
@@ -683,9 +683,9 @@
NOT-FOR-US: b3log Symphony
CVE-2017-16819 (A stored cross-site scripting vulnerability in the Icon Time Systems ...)
NOT-FOR-US: Icon Time Systems RTC-1000
-CVE-2017-16818
+CVE-2017-16818 [Failed assertion through user input in ceph_assert() function in rgw_iam_policy.cc]
RESERVED
- - ceph <unfixed>
+ - ceph <not-affected> (Vulnerable code introduced after 12.1.0)
NOTE: https://github.com/ceph/ceph/commit/b3118cabb8060a8cc6a01c4e8264cb18e7b1745a
CVE-2017-16817
RESERVED
More information about the Secure-testing-commits
mailing list