[Git][security-tracker-team/security-tracker][master] Add CVE-2018-20406/python*

Salvatore Bonaccorso carnil at debian.org
Tue Dec 25 00:07:02 GMT 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d62f7417 by Salvatore Bonaccorso at 2018-12-25T00:06:31Z
Add CVE-2018-20406/python*

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67,7 +67,14 @@ CVE-2018-20408 (An issue was discovered in Bento4 1.5.1-627. There is a memory l
 CVE-2018-20407 (An issue was discovered in Bento4 1.5.1-627. There is a memory leak in ...)
 	NOT-FOR-US: Bento4
 CVE-2018-20406 (Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a ...)
-	TODO: check
+	- python3.7 3.7.0-7
+	- python3.6 3.6.7~rc1-1
+	- python3.5 <removed>
+	- python3.4 <removed>
+	NOTE: https://bugs.python.org/issue34656
+	NOTE: https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd (master)
+	NOTE: https://github.com/python/cpython/commit/ef4306b24c9034d6b37bb034e2ebe82e745d4b77 (3.7)
+	NOTE: https://github.com/python/cpython/commit/71a9c65e74a70b6ed39adc4ba81d311ac1aa2acc (3.6)
 CVE-2018-20405 (BigTree 4.3 allows full path disclosure via authenticated admin/news/ ...)
 	NOT-FOR-US: BigTree CMS
 CVE-2018-20404



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d62f74174ccef8dc347971012071e2e18483fac8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d62f74174ccef8dc347971012071e2e18483fac8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181225/5d2f8bbf/attachment.html>


More information about the debian-security-tracker-commits mailing list