[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2017-9801 and CVE-2018-1294 as not affected

Salvatore Bonaccorso carnil at debian.org
Wed Jan 31 06:31:13 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e0204cc8 by Salvatore Bonaccorso at 2018-01-31T07:30:05+01:00
Mark CVE-2017-9801 and CVE-2018-1294 as not affected

Since no ever present version in Debian was affected, and the issues
fixed within or before an upstream version of the initial upload we mark
those as not-affected with a respective descprition that the issues were
fixed with/before the initial upload to Debian.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -13060,7 +13060,7 @@ CVE-2018-1295
 	RESERVED
 CVE-2018-1294
 	RESERVED
-	- commons-email 1.5-1
+	- commons-email <not-affected> (Fixed with first upload to Debian)
 	NOTE: https://marc.info/?i=CAF8HOZ+J3NkaywfbHuQpHxK9ZXeT4=4Vs9rOwCDiUdnt1QA1Yw@mail.gmail.com
 	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1777030
 CVE-2018-1293
@@ -36587,7 +36587,7 @@ CVE-2017-9803 (Solr's Kerberos plugin can be configured to use delegation tokens
 CVE-2017-9802 (The Javascript method Sling.evalString() in Apache Sling Servlets Post ...)
 	NOT-FOR-US: Apache Sling
 CVE-2017-9801 (When a call-site passes a subject for an email that contains ...)
-	- commons-email 1.5-1
+	- commons-email <not-affected> (Fixed with first upload to Debian)
 	NOTE: https://commons.apache.org/proper/commons-email/security-reports.html
 	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1801385
 	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1801388



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0204cc883e6ce664cbc58d00a1470b7cfe616e6

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0204cc883e6ce664cbc58d00a1470b7cfe616e6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180131/56490479/attachment.html>

More information about the Secure-testing-commits mailing list