[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-7032 as fixed for mr/1.16
Salvatore Bonaccorso
carnil at debian.org
Sat Feb 17 08:29:53 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0f6f51be by Salvatore Bonaccorso at 2018-02-17T09:27:44+01:00
Mark CVE-2018-7032 as fixed for mr/1.16
The src:mr 1.16 source package was made an empty source package (thus in
particular not containing anymore webcheckout) for transition purposes
to webcheckout. The mr package was not 'taken' over by src:myrepos thus
this transtition solution.
Given 1.16 removed all scripts, the issue is not present source-wise in
jessie.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -526,9 +526,10 @@ CVE-2018-7032 (webcheckout in myrepos through 1.20171231 does not sanitize URLs
- myrepos <unfixed> (bug #840014)
[stretch] - myrepos <no-dsa> (Minor issue)
[jessie] - myrepos <no-dsa> (Minor issue)
- - mr <removed>
- [jessie] - mr <no-dsa> (Minor issue)
+ - mr 1.16
[wheezy] - mr <no-dsa> (Minor issue)
+ NOTE: 1.16 was made a source-based transitional package to myrepos not containg
+ NOTE: in particular webcheckout anymore.
CVE-2018-6956
RESERVED
CVE-2018-6955
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f6f51bea314bfdeb3143e7b6716e18ba6b0ae74
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f6f51bea314bfdeb3143e7b6716e18ba6b0ae74
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180217/73c22603/attachment.html>
More information about the Secure-testing-commits
mailing list