[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Adjust status for CVE-2013-7383 for x2goserver
Salvatore Bonaccorso
carnil at debian.org
Mon Feb 19 19:44:58 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4fd90ca7 by Salvatore Bonaccorso at 2018-02-19T20:40:43+01:00
Adjust status for CVE-2013-7383 for x2goserver
The issue was fixed upstream before, and in Debian with the initial
commit, thus mark it as not-affected with a note that it was fixed with
the first upload to Debian. Thus affected code was never in Debian.
Reference the fixing commits as per
http://www.openwall.com/lists/oss-security/2014/05/19/9
- - - - -
80bb4608 by Salvatore Bonaccorso at 2018-02-19T20:44:01+01:00
Update status for CVE-2013-4376
Mark this one as well as not-affected since fixed in Debian included
with the initial upload (to unstable) and fixed upstream before.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -142595,9 +142595,11 @@ CVE-2014-3221 (Huawei Eudemon8000E firewall with software V200R001C01SPC800 and
CVE-2014-3220 (F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote ...)
NOT-FOR-US: F5 BIG-IQ
CVE-2013-7383 (x2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before ...)
- - x2goserver 4.1.0.0-1
- NOTE: Fixed by: https://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=80ff6997550749a64dd5db5684acbd47a4127ab3
- NOTE: Fixed by: https://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=c2036a1152a7e57286ffeb8e8859177f8de64a33
+ - x2goserver <not-affected> (Fixed with first upload to Debian)
+ NOTE: Fixed by: http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=5a2aa0c36ef7a57d87e3bb6f7c6b2558ed5430f7 (4.0.1.10)
+ NOTE: Fixed by: http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=b03665513ab1969b069c1351fe17cbb8b5fca256 (4.0.0.8)
+ NOTE: Fixed by: http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=8347d3fef0e5cbabe4aa48f503612fa7b9d078f8 (4.0.0.8)
+ NOTE: Fixed by: http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=bf44925ecccda436caa1cfc34f89eced9c1bd104 (4.0.0.8)
CVE-2013-7375 (SQL injection vulnerability in includes/classes/Authenticate.class.php ...)
NOT-FOR-US: PHP-Fusion
CVE-2014-3145 (The BPF_S_ANC_NLATTR_NEST extension implementation in the ...)
@@ -158911,7 +158913,7 @@ CVE-2013-4377 (Use-after-free vulnerability in the virtio-pci implementation in
- qemu-kvm <not-affected> (Introduced in 1.4)
NOTE: patches: http://thread.gmane.org/gmane.comp.emulators.qemu/234440
CVE-2013-4376 (The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server ...)
- - x2goserver 4.1.0.0-1
+ - x2goserver <not-affected> (Fixed with first upload to Debian)
NOTE: Fixed by: https://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=42264c88d7885474ebe3763b2991681ddfcfa69a
CVE-2013-4375 (The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before ...)
- xen 4.2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9763c9c0c64129fd94fdb25b84e95e195b47a0ef...80bb4608b58a6b87b30bc31de03e10ae02b459ec
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9763c9c0c64129fd94fdb25b84e95e195b47a0ef...80bb4608b58a6b87b30bc31de03e10ae02b459ec
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180219/1753f066/attachment.html>
More information about the Secure-testing-commits
mailing list