[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update information for CVE-2018-1000024/squid3
Salvatore Bonaccorso
carnil at debian.org
Sun Feb 11 21:27:21 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8168e9ce by Salvatore Bonaccorso at 2018-02-11T22:22:58+01:00
Update information for CVE-2018-1000024/squid3
The Debian builds do Build-Depends on libexpat1-dev and libxml2-dev for
ESI support since 3.1.0.14-2. The CVE-2018-1000024 problem is limited to
Squid custom ESI parser, which vulnerable is present, but since Squid is
built to use libxml2 or the libexpat XML parsers it does not have the
problem in the resulting binary package. Mark it thus as unimportant.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4318,11 +4318,12 @@ CVE-2018-1000024 (The Squid Software Foundation Squid HTTP Caching Proxy version
[experimental] - squid 4.0.23-1~exp8
- squid <removed>
[wheezy] - squid <not-affected> (Not affected according to upstream advisory)
- - squid3 <unfixed> (bug #888719)
+ - squid3 <unfixed> (bug #888719; unimportant)
NOTE: src:squid as source package reintroduced for 4.x in experimental
NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_1.patch
NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
+ NOTE: Squid3 in Debian builds to use the libxml2 or libexpat XML parsers.
CVE-2018-1000022 (Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to ...)
- electrum 3.0.5-1 (bug #886683)
[stretch] - electrum <ignored> (Unable to connect to current Etherum servers and thus not exploitable, scheduled for removal at #887412)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8168e9ce47d32d77dac32e7e9a6dc4c7e7dd27c1
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8168e9ce47d32d77dac32e7e9a6dc4c7e7dd27c1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180211/4ab4d390/attachment.html>
More information about the Secure-testing-commits
mailing list