[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] mbedtls/2.7.0-2 uploaded to unstable adressing three CVEs

Salvatore Bonaccorso carnil at debian.org
Thu Feb 15 20:43:24 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d3e15857 by Salvatore Bonaccorso at 2018-02-15T21:42:19+01:00
mbedtls/2.7.0-2 uploaded to unstable adressing three CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -203,8 +203,7 @@ CVE-2018-6957
 CVE-2017-18188 (OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks ...)
 	NOT-FOR-US: opentmpfiles
 CVE-2017-18187 (In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an ...)
-	[experimental] - mbedtls 2.7.0-1
-	- mbedtls <unfixed>
+	- mbedtls 2.7.0-2
 	- polarssl <removed>
 	NOTE: https://github.com/ARMmbed/mbedtls/commit/83c9f495ffe70c7dd280b41fdfd4881485a3bc28
 CVE-2018-7032 (webcheckout in myrepos through 1.20171231 does not sanitize URLs that ...)
@@ -17773,13 +17772,11 @@ CVE-2018-0490
 CVE-2018-0489
 	RESERVED
 CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the ...)
-	[experimental] - mbedtls 2.7.0-1
-	- mbedtls <unfixed> (bug #890287)
+	- mbedtls 2.7.0-2 (bug #890287)
 	- polarssl <removed>
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
 CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows ...)
-	[experimental] - mbedtls 2.7.0-1
-	- mbedtls <unfixed> (bug #890288)
+	- mbedtls 2.7.0-2 (bug #890288)
 	- polarssl <removed>
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
 CVE-2018-0486 (Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d3e1585792f911e1ac5d4dd2fad0501f9f7d3ae4

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d3e1585792f911e1ac5d4dd2fad0501f9f7d3ae4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180215/f7294c8b/attachment.html>

More information about the Secure-testing-commits mailing list