[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-5702/transmission assigned
Salvatore Bonaccorso
carnil at debian.org
Mon Jan 15 16:43:39 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
770b1da5 by Salvatore Bonaccorso at 2018-01-15T17:41:56+01:00
CVE-2018-5702/transmission assigned
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -697,10 +697,8 @@ CVE-2016-10706 (The Jetpack plugin before 4.0.3 for WordPress has XSS via a craf
NOT-FOR-US: WordPress plugin jetpack
CVE-2016-10705 (The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes ...)
NOT-FOR-US: WordPress plugin jetpack
-CVE-2018-XXXX [rpc session-id mechanism design flaw results in RCE]
+CVE-2018-5702 [rpc session-id mechanism design flaw results in RCE]
- transmission <unfixed> (bug #886990)
- [stretch] - transmission 2.92-2+deb9u1
- [jessie] - transmission 2.84-0.2+deb8u1
NOTE: http://www.openwall.com/lists/oss-security/2018/01/12/1
NOTE: https://github.com/transmission/transmission/pull/468
NOTE: Proposed patch: https://patch-diff.githubusercontent.com/raw/transmission/transmission/pull/468.diff
=====================================
data/DSA/list
=====================================
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,4 +1,5 @@
[14 Jan 2018] DSA-4087-1 transmission - security update
+ {CVE-2018-5702}
[jessie] - transmission 2.84-0.2+deb8u1
[stretch] - transmission 2.92-2+deb9u1
[13 Jan 2018] DSA-4086-1 libxml2 - security update
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/770b1da5683991a886cc85d0749808049d98a03c
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/770b1da5683991a886cc85d0749808049d98a03c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180115/edac06b1/attachment.html>
More information about the Secure-testing-commits
mailing list