[Git][security-tracker-team/security-tracker][master] Expand note for CVE-2018-1000500/busybox

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c00d85a by Salvatore Bonaccorso at 2018-07-13T06:06:11+02:00
Expand note for CVE-2018-1000500/busybox

The upload to unstable verisoned as 1:1.27.2-3 adds the commit

https://git.busybox.net/busybox/commit/networking/wget.c?id=0972c7f7a570c38edb68e1c60a45614b7a7c7d55

and now emmits a message that certificate verification is not
implemented.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3156,6 +3156,9 @@ CVE-2018-1000500 (Busybox contains a Missing SSL certificate validation vulnerab
 	- busybox <unfixed> (unimportant)
 	NOTE: Intentional design decision:
 	NOTE: https://git.busybox.net/busybox/tree/networking/wget.c?id=8bc418f07eab79a9c8d26594629799f6157a9466#n74
+	NOTE: https://git.busybox.net/busybox/commit/networking/wget.c?id=0972c7f7a570c38edb68e1c60a45614b7a7c7d55
+	NOTE: Starting with 1:1.27.2-3 in unstable wget emmits a message that certificate
+	NOTE: verification is not implemented.
 CVE-2018-1000404 (Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier ...)
 	TODO: check
 CVE-2018-12637



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1c00d85ad3ab9303e4cee31e6165b420dafa5605

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1c00d85ad3ab9303e4cee31e6165b420dafa5605
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180713/f0ec0484/attachment.html>