[Git][security-tracker-team/security-tracker][master] Mark CVE-2018-2010{2,3}/haproxy as no-dsa

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
32a4a478 by Salvatore Bonaccorso at 2018-12-22T11:54:58Z
Mark CVE-2018-2010{2,3}/haproxy as no-dsa

haproxy could crash by spoofing response packets from a server.

Cf. https://www.mail-archive.com/haproxy@formilux.org/msg32055.html

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2801,10 +2801,12 @@ CVE-2018-20104
 	RESERVED
 CVE-2018-20103 (An issue was discovered in dns.c in HAProxy through 1.8.14. In the case ...)
 	- haproxy 1.8.15-1 (bug #916307)
+	[stretch] - haproxy <no-dsa> (Minor issue; can be fixed via point release)
 	[jessie] - haproxy <not-affected> (Vulnerable code not present)
 	NOTE: http://git.haproxy.org/?p=haproxy.git;a=commit;h=58df5aea0a0c926b2238f65908f5e9f83d1cca25
 CVE-2018-20102 (An out-of-bounds read in dns_validate_dns_response in dns.c was ...)
 	- haproxy 1.8.15-1 (bug #916308)
+	[stretch] - haproxy <no-dsa> (Minor issue; can be fixed via point release)
 	[jessie] - haproxy <not-affected> (Vulnerable code not present)
 	NOTE: http://git.haproxy.org/?p=haproxy.git;a=commit;h=efbbdf72992cd20458259962346044cafd9331c0
 CVE-2018-20101 (The codection "Import users from CSV with meta" plugin before 1.12.1 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/32a4a478ff817b56eacf99e188b5b56ea8a909ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/32a4a478ff817b56eacf99e188b5b56ea8a909ce
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181222/b2356113/attachment.html>