[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update notes for CVE-2018-1000061/mbedtls

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aedc16d9 by Salvatore Bonaccorso at 2018-02-11T20:30:59+01:00
Update notes for CVE-2018-1000061/mbedtls

Futher analysis by upstream and the original reporter showed that the
thought issue leading to the CVE-2018-1000061 is invalid as security
issue and the code working as intended.

For the time beeing marking the issue as unimportant showing the
non-issue status. The original reporter is in progress to get the CVE
properly rejected.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -21,8 +21,9 @@ CVE-2018-6882
 CVE-2018-1000062 (WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File ...)
 	NOT-FOR-US: WonderCMS
 CVE-2018-1000061 (ARM mbedTLS version development branch, 2.7.0 and earlier contains a ...)
-	- mbedtls <unfixed>
+	- mbedtls <unfixed> (unimportant)
 	NOTE: https://github.com/ARMmbed/mbedtls/issues/1356
+	NOTE: Non-issue as further analysis has shown and issue in progress to be rejected
 CVE-2018-1000060 (Sensu, Inc. Sensu Core version Before 1.2.0 & before commit ...)
 	- sensu <itp> (bug #838484)
 CVE-2018-1000059 (ValidFormBuilder version 4.5.4 contains a PHP Object Injection ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aedc16d9b149cb10847b4650534d77664a8d4e06

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aedc16d9b149cb10847b4650534d77664a8d4e06
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180211/446bd047/attachment.html>