[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Remove mentioning of CVE-2017-1000116 for DLA-1331-1

Salvatore Bonaccorso carnil at debian.org
Tue Apr 3 06:15:05 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a2f7ffd6 by Salvatore Bonaccorso at 2018-04-03T07:13:54+02:00
Remove mentioning of CVE-2017-1000116 for DLA-1331-1

Reason: The issue fixed in DLA-1331-1 with regard to CVE-2017-1000116 is
not a security one but a functional regression. As such CVE-2017-1000116
is fixed in the earlier update already.

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -38198,7 +38198,7 @@ CVE-2017-1000117 (A malicious third-party can give a crafted "ssh://...&quo
 	- git 1:2.14.1-1
 	NOTE: https://public-inbox.org/git/xmqqh8xf482j.fsf@gitster.mtv.corp.google.com/T/#u
 CVE-2017-1000116 (Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ...)
-	{DSA-3963-1 DLA-1331-1 DLA-1072-1}
+	{DSA-3963-1 DLA-1072-1}
 	- mercurial 4.3.1-1 (bug #871710)
 	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29
 	NOTE: 11 patches need to be applied, the following are for 4.2:


=====================================
data/DLA/list
=====================================
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -17,7 +17,7 @@
 	{CVE-2018-7225}
 	[wheezy] - libvncserver 0.9.9+dfsg-1+deb7u3
 [30 Mar 2018] DLA-1331-1 mercurial - security update
-	{CVE-2017-1000116 CVE-2018-1000132}
+	{CVE-2018-1000132}
 	[wheezy] - mercurial 2.2.2-4+deb7u7
 [30 Mar 2018] DLA-1330-1 openssl - security update
 	{CVE-2018-0739}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2f7ffd66a4cfd5f7319063e84d49ec81699aadd

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2f7ffd66a4cfd5f7319063e84d49ec81699aadd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180403/bc6199af/attachment.html>

More information about the debian-security-tracker-commits mailing list