[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-7409/unixodbc: add fixed by note

Santiago R.R. santiago at debian.org
Mon Feb 26 20:33:05 UTC 2018 

Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af0ef051 by Santiago Ruano Rincón at 2018-02-26T21:32:19+01:00
CVE-2018-7409/unixodbc: add fixed by note

Signed-off-by: Santiago Ruano Rincón <santiagorr at riseup.net>

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -157,12 +157,9 @@ CVE-2017-18195
 	RESERVED
 CVE-2012-6709 (ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate ...)
 	- elinks <unfixed> (bug #891575)
-	- links2 2.6-1 (bug #694658; bug #510417)
+	- links2 2.7-1 (bug #694658)
 	NOTE: Patch proposed upstream (when using): http://lists.linuxfromscratch.org/pipermail/elinks-dev/2015-June/002099.html
 	NOTE: tested links2 against badssl.com, no apparent issue back in wheezy
-	NOTE: src:links2/2.6-1 adds verify-ssl-certs-510417.diff to verify SSL certs.
-	NOTE: src:links2 upstream in 2.11 adds support for verifying SSL certificates.
-	TODO: double check links2 again, since #694658 claims not all issues are fixed
 CVE-2018-7422
 	RESERVED
 CVE-2018-7421 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector ...)
@@ -222,6 +219,7 @@ CVE-2018-7410
 	RESERVED
 CVE-2018-7409 (In unixODBC before 2.3.5, there is a buffer overflow in the ...)
 	- unixodbc <unfixed>
+	NOTE: Fixed by: https://sourceforge.net/p/unixodbc/code/136/
 CVE-2018-7408 (An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked ...)
 	- npm <not-affected> (Vulnerable code introduced later)
 CVE-2018-7407



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/af0ef05174e5fefdcb4c22d647c46a6057b86c4a

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/af0ef05174e5fefdcb4c22d647c46a6057b86c4a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180226/278fedd0/attachment.html>

More information about the Secure-testing-commits mailing list