[Git][security-tracker-team/security-tracker][master] Assign the new CVE-2018-13043 to the devscripts issue.
Mattia Rizzolo
mattia at debian.org
Sun Jul 1 23:01:23 BST 2018
Mattia Rizzolo pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2d0856ca by Mattia Rizzolo at 2018-07-01T23:39:27+02:00
Assign the new CVE-2018-13043 to the devscripts issue.
Signed-off-by: Mattia Rizzolo <mattia at debian.org>
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -369,7 +369,7 @@ CVE-2018-12884 (In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticate
CVE-2018-1000205 (U-Boot contains a CWE-20: Improper Input Validation vulnerability in ...)
- u-boot <unfixed> (unimportant)
NOTE: No security impact as supported/packaged in Debian
-CVE-2018-XXXX [grep-excuses: uses YAML::Syck in a unsafe way]
+CVE-2018-13043 [code execution in grep-excuses through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing]
- devscripts <unfixed> (low; bug #902409)
[stretch] - devscripts <no-dsa> (Minor issue)
[jessie] - devscripts <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d0856ca1923b10972ae26fd8bd23bc04f1b5296
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d0856ca1923b10972ae26fd8bd23bc04f1b5296
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180701/be61a859/attachment.html>
More information about the debian-security-tracker-commits
mailing list