[Git][security-tracker-team/security-tracker][master] Mark open ceph issues as no-dsa for Jessie.

Markus Koschany apo at debian.org
Sat Jul 14 22:34:26 BST 2018 

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c303bffb by Markus Koschany at 2018-07-14T23:32:21+02:00
Mark open ceph issues as no-dsa for Jessie.

This can only be fixed by making rather intrusive code changes. In addition
two issues require an authenticated user to exploit the vulnerability. Ceph is
also not used by any sponsor.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -8009,6 +8009,7 @@ CVE-2018-10862
 	- wildfly <itp> (bug #752018)
 CVE-2018-10861 (A flaw was found in the way ceph mon handles user requests. Any ...)
 	- ceph <unfixed>
+	[jessie] - ceph <no-dsa> (Intrusive changes)
 	NOTE: http://tracker.ceph.com/issues/24838
 	NOTE: https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc
 CVE-2018-10860 (perl-archive-zip is vulnerable to a directory traversal in ...)
@@ -35169,10 +35170,12 @@ CVE-2018-1130 (Linux kernel before version 4.16-rc7 is vulnerable to a null poin
 	NOTE: Fixed by: https://git.kernel.org/linus/67f93df79aeefc3add4e4b31a752600f834236e2
 CVE-2018-1129 (A flaw was found in the way signature calculation was handled by cephx ...)
 	- ceph <unfixed>
+	[jessie] - ceph <no-dsa> (Intrusive changes)
 	NOTE: http://tracker.ceph.com/issues/24837
 	NOTE: https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587
 CVE-2018-1128 (It was found that cephx authentication protocol did not verify ceph ...)
 	- ceph <unfixed>
+	[jessie] - ceph <no-dsa> (Intrusive changes)
 	NOTE: http://tracker.ceph.com/issues/24836
 	NOTE: https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468
 CVE-2018-1127



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c303bffb5cb519254221ddcd6afb6be4cb9fed42

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c303bffb5cb519254221ddcd6afb6be4cb9fed42
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180714/5e7bd86a/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list