[Git][security-tracker-team/security-tracker][master] Demote CVE-2018-5709 to unimportant

Salvatore Bonaccorso carnil at debian.org
Sun Apr 29 18:26:32 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
865743ce by Salvatore Bonaccorso at 2018-04-29T19:25:16+02:00
Demote CVE-2018-5709 to unimportant

Although the potential integer overlfow issue is there, it's not a
security sensitive issue as respective codepaths are only run on trusted
input. Still the CVE was not rejected, tus demote severity to
unimportant.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -13084,9 +13084,11 @@ CVE-2018-5710 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16
 	[wheezy] - krb5 <not-affected> (all strlen() parameters are checked for NULL)
 	NOTE: https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service(DoS)
 CVE-2018-5709 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. ...)
-	- krb5 <unfixed> (bug #889684)
+	- krb5 <unfixed> (unimportant; bug #889684)
 	[wheezy] - krb5 <no-dsa> (Minor issue, according to Red Hat this is not a bug)
 	NOTE: https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
+	NOTE: non-issue, codepath is only run on trusted input, potential integer
+	NOTE: overflow is non-issue
 CVE-2018-5708 (An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on ...)
 	NOT-FOR-US: D-Link
 CVE-2018-5707



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/865743cec661e8c1d47425190e9675a16083da53

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/865743cec661e8c1d47425190e9675a16083da53
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180429/c4ee9d7e/attachment.html>

More information about the debian-security-tracker-commits mailing list