[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Lower the lower bound for introducing versions for electrum issue
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 11 05:48:09 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
680e2b12 by Salvatore Bonaccorso at 2018-01-11T06:46:18+01:00
Lower the lower bound for introducing versions for electrum issue
Change in 2.6.3->2.6.4 for the damon was fixing one part of the damon
relative to the jsonprc. In 2.6 the RequestHandler was moved to the
damon part so mark at least 2.6 as well as problematic. This might be
not fully correst still but is inline with the upstream advisory
claiming only versions starting from 2.6 are affected.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -91,7 +91,7 @@ CVE-2017-18023 (Office Tracker 11.2.5 has XSS via the logincount parameter to th
NOT-FOR-US: Office Tracker
CVE-2018-XXXX [Password protect the JSONRPC interface]
- electrum 3.0.5-1 (bug #886683)
- [jessie] - electrum <not-affected> (Only affects >= 2.6.4)
+ [jessie] - electrum <not-affected> (Only affects >= 2.6)
NOTE: https://github.com/spesmilo/electrum/issues/3374
NOTE: http://www.openwall.com/lists/oss-security/2018/01/10/4
CVE-2018-5300
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/680e2b127c6d133f54e619511222da76e3ab05e7
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/680e2b127c6d133f54e619511222da76e3ab05e7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180111/a5cb3bfd/attachment.html>
More information about the Secure-testing-commits
mailing list