[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add upstream commits fixing CVE-2018-04[87]

Sebastien Delafond seb at debian.org
Wed Feb 28 10:08:25 UTC 2018 

Sebastien Delafond pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d33e8eb5 by Sébastien Delafond at 2018-02-28T11:07:39+01:00
Add upstream commits fixing CVE-2018-04[87]

Thanks to James Cowgill for identifying them.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -19390,11 +19390,14 @@ CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when
 	- polarssl <removed>
 	[wheezy] - polarssl <not-affected> (according to the upstream advisory < 1.2.19 not affected)
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
+        NOTE: https://github.com/ARMmbed/mbedtls/commit/992b6872f3ca717282ae367749a47f006d337a87
+        NOTE: https://github.com/ARMmbed/mbedtls/commit/464147cadc694379b7717afb7b517fe05cdb323f
 CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows ...)
 	- mbedtls 2.7.0-2 (bug #890288)
 	- polarssl <removed>
 	[wheezy] - polarssl <not-affected> (according to the upstream advisory < 1.3.7 not affected)
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
+        NOTE: https://github.com/ARMmbed/mbedtls/commit/28a0c727957990ac655cbe40c7eb20b7ef01167d
 CVE-2018-0486 (Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service ...)
 	{DSA-4085-1 DLA-1242-1}
 	- xmltooling 1.6.3-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d33e8eb5dc82b01f9ec22d97d8fd4bdc53f810b7

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d33e8eb5dc82b01f9ec22d97d8fd4bdc53f810b7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180228/2c693655/attachment-0001.html>

More information about the Secure-testing-commits mailing list