[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] dla-needed: zsh, no-dsa: roundcube
Antoine Beaupré
anarcat at debian.org
Wed Feb 28 21:38:51 UTC 2018
Antoine Beaupré pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e9c7407c by Antoine Beaupré at 2018-02-28T16:38:38-05:00
dla-needed: zsh, no-dsa: roundcube
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -963,6 +963,7 @@ CVE-2018-1000071 [Permissions issue in enigma plugin allows exfiltration secret
RESERVED
- roundcube <unfixed>
[stretch] - roundcube <no-dsa> (Minor issue)
+ [wheezy] - roundcube <no-dsa> (Minor issue)
NOTE: https://github.com/roundcube/roundcubemail/issues/6173
NOTE: https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt
NOTE: Can be mitigated by moving home folder outside the scope of the webserver
=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -102,3 +102,4 @@ xen
--
xmltooling (Markus Koschany)
--
+zsh
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9c7407c65d974ba4ddd8c67f638be97312bf26b
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9c7407c65d974ba4ddd8c67f638be97312bf26b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180228/b9942f05/attachment-0001.html>
More information about the Secure-testing-commits
mailing list