[Git][security-tracker-team/security-tracker][master] Update status for pkgconf
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 21 16:45:10 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e983ac79 by Salvatore Bonaccorso at 2018-08-21T15:44:49Z
Update status for pkgconf
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -27,9 +27,9 @@ CVE-2018-1000222 (Libgd version 2.2.5 contains a Double Free Vulnerability vulne
- libgd2 <unfixed>
NOTE: https://github.com/libgd/libgd/issues/447
CVE-2018-1000221 (pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow ...)
- - pkgconf <unfixed> (low)
- [stretch] - pkgconf <no-dsa> (Minor issue)
- NOTE: https://github.com/pkgconf/pkgconf/commit/9b7affe0b1e6512c6c73d19e1220c94fdb5c8159
+ - pkgconf <not-affected> (Vulnerable code introduced post 1.5.0)
+ NOTE: Fixed by: https://github.com/pkgconf/pkgconf/commit/9b7affe0b1e6512c6c73d19e1220c94fdb5c8159
+ NOTE: Introduced by: https://github.com/pkgconf/pkgconf/commit/b46bb93cd1fe221dc4d6ff5e3ce99feda4ea31f1
CVE-2018-1000220
REJECTED
CVE-2018-1000219 (OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e983ac797f36c9b1629c84e2440a1366c3bb7f73
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e983ac797f36c9b1629c84e2440a1366c3bb7f73
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180821/c6373d13/attachment.html>
More information about the debian-security-tracker-commits
mailing list