[Git][security-tracker-team/security-tracker][master] 2 commits: Put notes below packages
Salvatore Bonaccorso
carnil at debian.org
Mon Aug 20 12:30:04 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a9e924d7 by Salvatore Bonaccorso at 2018-08-20T11:27:58Z
Put notes below packages
Only a style change, not needed, but more inline with other entries.
- - - - -
b303c281 by Salvatore Bonaccorso at 2018-08-20T11:29:50Z
Reserve DSA number for linux update
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -27305,14 +27305,14 @@ CVE-2018-5390 (Linux kernel versions 4.9+ can be forced to make very expensive c
NOTE: https://www.kb.cert.org/vuls/id/962459
CVE-2018-5389 [low-entropy passphrase in IKEv1 can be brute-forced]
RESERVED
- NOTE: https://www.usenix.org/conference/usenixsecurity18/presentation/felsch
- NOTE: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-felsch.pdf
- NOTE: https://www.usenix.org/sites/default/files/conference/protected-files/security18_slides_felsch.pdf
- NOTE: vulnerability in IKEv1 protocol, not fixable in implementation; use strong passphrase or public-ley cryptography)
- strongswan <unfixed> (unimportant)
- libreswan <unfixed> (unimportant)
- ipsec-tools <unfixed> (unimportant)
- isakmpd <unfixed> (unimportant)
+ NOTE: https://www.usenix.org/conference/usenixsecurity18/presentation/felsch
+ NOTE: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-felsch.pdf
+ NOTE: https://www.usenix.org/sites/default/files/conference/protected-files/security18_slides_felsch.pdf
+ NOTE: vulnerability in IKEv1 protocol, not fixable in implementation; use strong passphrase or public-ley cryptography)
CVE-2018-5388 (In stroke_socket.c in strongSwan before 5.6.3, a missing packet length ...)
{DSA-4229-1}
- strongswan 5.6.3-1
=====================================
data/DSA/list
=====================================
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,6 @@
+[20 Aug 2018] DSA-4279-1 linux - security update
+ {CVE-2018-3620 CVE-2018-3646}
+ [stretch] - linux 4.9.110-3+deb9u3
[19 Aug 2018] DSA-4278-1 jetty9 - security update
{CVE-2017-7656 CVE-2017-7657 CVE-2017-7658}
[stretch] - jetty9 9.2.21-1+deb9u1
=====================================
data/dsa-needed.txt
=====================================
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -40,7 +40,7 @@ libidn
--
libspring-java
--
-linux (benh, carnil)
+linux
Wait until more issues have piled up
--
mariadb-10.1/stable
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b49b79f0704d5e6c8a83dbf79bf18deb9fc44669...b303c2818a3315fab8171f0b07b117d664084824
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b49b79f0704d5e6c8a83dbf79bf18deb9fc44669...b303c2818a3315fab8171f0b07b117d664084824
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180820/ded21f69/attachment.html>
More information about the debian-security-tracker-commits
mailing list