[Git][security-tracker-team/security-tracker][master] 2 commits: Add entry for incomplete fix for ant

Sat Jul 21 11:52:25 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
740657ba by Salvatore Bonaccorso at 2018-07-21T10:12:26+02:00
Add entry for incomplete fix for ant

- - - - -
3fd66586 by Salvatore Bonaccorso at 2018-07-21T12:51:48+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9005,6 +9005,11 @@ CVE-2018-10887 (A flaw was found in libgit2 before version 0.27.3. It has been .
 	- libgit2 <unfixed> (bug #903509)
 	NOTE: https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a
 	NOTE: https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22
+CVE-2018-XXXX [Incomplete fix for CVE-2018-10886]
+	- ant 1.10.5-1
+	[stretch] - ant <not-affected> (Incomplete fix for CVE-2018-10886 not applied)
+	NOTE: https://github.com/apache/ant/commit/6a41d62cb9ab4e640b72cb4de42a6c211dea645d
+	NOTE: https://github.com/apache/ant/commit/5a8c37b271677587046bfd0fea18c1675d5a6300
 CVE-2018-10886 (ant before version 1.9.12 unzip and untar targets allows the ...)
 	{DLA-1431-1}
 	- ant 1.10.4-1
@@ -28635,9 +28640,9 @@ CVE-2018-3773
 CVE-2018-3772
 	RESERVED
 CVE-2018-3771 (An XSS in statics-server <= 0.0.9 can be used via injected iframe in ...)
-	TODO: check
+	NOT-FOR-US: statics-server nodejs module
 CVE-2018-3770 (A path traversal exists in markdown-pdf version <9.0.0 that allows a ...)
-	TODO: check
+	NOT-FOR-US: markdown-pdf nodejs module
 CVE-2018-3769 (ruby-grape ruby gem suffers from a cross-site scripting (XSS) ...)
 	- ruby-grape <unfixed> (bug #903086)
 	[stretch] - ruby-grape <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/09044b25aa2b7ac6aa6b72e249a0e1de11f5e34d...3fd665869897ba35cdf13f29935c71e419542d06

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/09044b25aa2b7ac6aa6b72e249a0e1de11f5e34d...3fd665869897ba35cdf13f29935c71e419542d06
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180721/1cdb3f92/attachment-0001.html>
