[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add further information for CVE-2018-1000005/curl

Salvatore Bonaccorso carnil at debian.org
Wed Jan 24 07:24:13 UTC 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2a05b0d0 by Salvatore Bonaccorso at 2018-01-24T08:23:45+01:00
Add further information for CVE-2018-1000005/curl

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1083,7 +1083,11 @@ CVE-2018-5732
 CVE-2018-1000005 [HTTP/2 trailer out-of-bounds read]
 	RESERVED
 	- curl <unfixed>
+	[jessie] - curl <not-affected> (Vulnerable code introduce later)
+	[wheezy] - curl <not-affected> (Vulnerable code introduce later)
+	NOTE: https://github.com/curl/curl/pull/2231
 	NOTE: https://curl.haxx.se/docs/adv_2018-824a.html
+	NOTE: Introduced by: https://github.com/curl/curl/commit/0761a51ee0551ad9e5
 	NOTE: Patch: https://github.com/curl/curl/commit/fa3dbb9a147488a294.patch
 CVE-2018-5731
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a05b0d09a1d490b66f5eda44670aea547be8bbd

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a05b0d09a1d490b66f5eda44670aea547be8bbd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180124/5ffbc230/attachment-0001.html>


More information about the Secure-testing-commits mailing list