[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-7490/uwsgi
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 27 09:23:53 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
244914b0 by Salvatore Bonaccorso at 2018-02-27T10:23:36+01:00
Add CVE-2018-7490/uwsgi
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -99,7 +99,9 @@ CVE-2018-7492 (A NULL pointer dereference was found in the net/rds/rdma.c ...)
CVE-2018-7491 (In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking ...)
NOT-FOR-US: PrestaShop
CVE-2018-7490 (uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the ...)
- TODO: check
+ - uwsgi <unfixed>
+ NOTE: Fixed in 2.0.17 upstream
+ NOTE: https://github.com/unbit/uwsgi/commit/0a480f435ea6feb63deb410ad2bf376ed3f05f8a
CVE-2018-7489 (FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 ...)
- jackson-databind <unfixed> (bug #891614)
NOTE: https://github.com/FasterXML/jackson-databind/issues/1931
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/244914b0b61a5c85e41f6ac597ea58bbf78c703b
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/244914b0b61a5c85e41f6ac597ea58bbf78c703b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180227/d7c37861/attachment.html>
More information about the Secure-testing-commits
mailing list