[Git][security-tracker-team/security-tracker][master] Add todo for CVE-2018-1067

Salvatore Bonaccorso carnil at debian.org
Fri Apr 27 05:01:37 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d83ef714 by Salvatore Bonaccorso at 2018-04-27T06:01:16+02:00
Add todo for CVE-2018-1067

It is unclear where the issue lies and the Red Hat report does not share
much information. It is known that the CVE CVE-2018-1067 is for an
incomplete fix for CVE-2016-4993. The CVE-2016-4993 is unspecific to
directly an issue in undertow but rather seem to indicate the issue is
in (its use) in WildFly.

This needs more clarification and either mark both as NFU, both
associated with src:undertow with appropriate state (depending on if the
incomplete fix was applied in any Debian released version).

Futher is to check with the maintainer if undertow might just be removed
from Debian.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -25370,6 +25370,7 @@ CVE-2018-1068 (A flaw was found in the Linux 4.x kernel's implementation of 32-b
 	NOTE: non-standard setups
 CVE-2018-1067
 	RESERVED
+	TODO: check, unclear if issue is in src:untertow or in its use in WildFly (issue is incomplete fix for CVE-2016-4993, which might need an update depending on the result)
 CVE-2018-1066 (The Linux kernel before version 4.11 is vulnerable to a NULL pointer ...)
 	- linux 4.11.6-1
 	[wheezy] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d83ef7149b5293d3b50d93bd0e046211f7e5a9a4

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d83ef7149b5293d3b50d93bd0e046211f7e5a9a4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180427/c2e686c4/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list