[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-0487 and CVE-2018-0488 as not affected in Wheezy.

Sat Feb 17 19:52:48 UTC 2018

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ad74543a by Markus Koschany at 2018-02-17T20:51:56+01:00
Mark CVE-2018-0487 and CVE-2018-0488 as not affected in Wheezy.

According to the upstream advisory the version in Wheezy is not affected.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -18142,10 +18142,12 @@ CVE-2018-0489
 CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the ...)
 	- mbedtls 2.7.0-2 (bug #890287)
 	- polarssl <removed>
+	[wheezy] - polarssl <not-affected> (according to the upstream advisory < 1.2.19 not affected)
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
 CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows ...)
 	- mbedtls 2.7.0-2 (bug #890288)
 	- polarssl <removed>
+	[wheezy] - polarssl <not-affected> (according to the upstream advisory < 1.3.7 not affected)
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
 CVE-2018-0486 (Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service ...)
 	{DSA-4085-1 DLA-1242-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad74543a143dff1085532399c8531436365dfb4d

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad74543a143dff1085532399c8531436365dfb4d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180217/a1ad125a/attachment.html>
