[Git][security-tracker-team/security-tracker][master] Remove CVE-2018-418{2,3} for list of fixed CVEs in DSA-4243-1

Fri Jul 13 20:19:33 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2bc4e3dd by Salvatore Bonaccorso at 2018-07-13T21:19:22+02:00
Remove CVE-2018-418{2,3} for list of fixed CVEs in DSA-4243-1

The two issues are specifc cups-exec issues under MacOS X. Thus marking
as not-affected although a more proper tracking might be to just mark
them as well as fixed with the respective commit but mark them as
unimportant given they do not affect the binary packages in Debian.

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -26179,13 +26179,11 @@ CVE-2018-4184 (An issue was discovered in certain Apple products. macOS before .
 	NOT-FOR-US: Apple (Speech component)
 CVE-2018-4183 [cups-exec Sandbox Bypass Due to Profile Misconfiguration]
 	RESERVED
-	{DSA-4243-1}
-	- cups 2.2.8-2
+	- cups <not-affected> (MacOS X specific issue)
 	NOTE: Fixed by: https://github.com/apple/cups/commit/d47f6aec436e0e9df6554436e391471097686ecc
 CVE-2018-4182 [cups-exec Sandbox Bypass Due to Insecure Error Handling]
 	RESERVED
-	{DSA-4243-1}
-	- cups 2.2.8-2
+	- cups <not-affected> (MacOS X specific issue)
 	NOTE: Fixed by: https://github.com/apple/cups/commit/d47f6aec436e0e9df6554436e391471097686ecc
 CVE-2018-4181 [Limited Local File Reads as Root via cupsd.conf Include Directive]
 	RESERVED


=====================================
data/DSA/list
=====================================
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -2,7 +2,7 @@
 	{CVE-2017-17689 CVE-2018-5188 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374}
 	[stretch] - thunderbird 1:52.9.1-1~deb9u1
 [11 Jul 2018] DSA-4243-1 cups - security update
-	{CVE-2017-15400 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 CVE-2018-6553}
+	{CVE-2017-15400 CVE-2018-4180 CVE-2018-4181 CVE-2018-6553}
 	[stretch] - cups 2.2.1-8+deb9u2
 [09 Jul 2018] DSA-4242-1 ruby-sprockets - security update
 	{CVE-2018-3760}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bc4e3dd773b6a27ff1d30c8b35ed97596d8e940

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bc4e3dd773b6a27ff1d30c8b35ed97596d8e940
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180713/c2ffb71a/attachment-0001.html>
