[Git][security-tracker-team/security-tracker][master] 2 commits: NFU (confirmed by maintainer)

Moritz Muehlenhoff jmm at debian.org
Wed Jul 18 22:30:59 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
662d27f7 by Moritz Muehlenhoff at 2018-07-18T23:29:24+02:00
NFU (confirmed by maintainer)

- - - - -
fc5b408f by Moritz Muehlenhoff at 2018-07-18T23:30:37+02:00
additional znc refs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -745,10 +745,12 @@ CVE-2018-14055 (ZNC before 1.7.1-rc1 does not properly validate untrusted lines 
 	- znc 1.7.1-1 (bug #903787)
 	NOTE: https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
 	NOTE: https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
+	NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/4
 CVE-2018-14056 (ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web ...)
 	{DLA-1427-1}
 	- znc 1.7.1-1 (bug #903788)
 	NOTE: https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
+	NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/5
 CVE-2018-14053
 	RESERVED
 CVE-2018-14052 (An issue has been found in libwav through 2017-04-20. It is a SEGV in ...)
@@ -15023,7 +15025,7 @@ CVE-2018-8358
 CVE-2018-8357
 	RESERVED
 CVE-2018-8356 (A security feature bypass vulnerability exists when Microsoft .NET ...)
-	TODO: check, could affect mono packages
+	NOT-FOR-US: Microsoft .NET, doesn't affect src:mono
 CVE-2018-8355
 	RESERVED
 CVE-2018-8354



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4da76ea722d40f15ce0a144ff12e58f708603c35...fc5b408ff4c8c2bf4ef50a3f375166b46f09632b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4da76ea722d40f15ce0a144ff12e58f708603c35...fc5b408ff4c8c2bf4ef50a3f375166b46f09632b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180718/6afa7e46/attachment.html>

More information about the debian-security-tracker-commits mailing list