[Git][security-tracker-team/security-tracker][master] Add CVE-2018-20406/python*
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 25 00:07:02 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d62f7417 by Salvatore Bonaccorso at 2018-12-25T00:06:31Z
Add CVE-2018-20406/python*
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -67,7 +67,14 @@ CVE-2018-20408 (An issue was discovered in Bento4 1.5.1-627. There is a memory l
CVE-2018-20407 (An issue was discovered in Bento4 1.5.1-627. There is a memory leak in ...)
NOT-FOR-US: Bento4
CVE-2018-20406 (Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a ...)
- TODO: check
+ - python3.7 3.7.0-7
+ - python3.6 3.6.7~rc1-1
+ - python3.5 <removed>
+ - python3.4 <removed>
+ NOTE: https://bugs.python.org/issue34656
+ NOTE: https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd (master)
+ NOTE: https://github.com/python/cpython/commit/ef4306b24c9034d6b37bb034e2ebe82e745d4b77 (3.7)
+ NOTE: https://github.com/python/cpython/commit/71a9c65e74a70b6ed39adc4ba81d311ac1aa2acc (3.6)
CVE-2018-20405 (BigTree 4.3 allows full path disclosure via authenticated admin/news/ ...)
NOT-FOR-US: BigTree CMS
CVE-2018-20404
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d62f74174ccef8dc347971012071e2e18483fac8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d62f74174ccef8dc347971012071e2e18483fac8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181225/5d2f8bbf/attachment.html>
More information about the debian-security-tracker-commits
mailing list