[Git][security-tracker-team/security-tracker][master] Add specific note for CVE-2018-10886
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 25 20:39:09 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dac883de by Salvatore Bonaccorso at 2018-07-25T21:37:26+02:00
Add specific note for CVE-2018-10886
This is now unfortunate because the CVE will be rejected.
> The assignment of CVE-2018-10886 is withdrawn as Apache Ant is not
> in Red Hat's scope as a CNA. The Apache project will follow up
> with MITRE.
Keep the entry complete for a (short) while to see how it evolves.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9337,6 +9337,8 @@ CVE-2018-10886 (ant before version 1.9.12 unzip and untar targets allows the ...
NOTE: https://github.com/apache/ant/commit/f72406d53cfb3b3425cc9d000eea421a0e05d8fe
NOTE: https://github.com/apache/ant/commit/857095da5153fd18504b46f276d84f1e76a66970
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1584407
+ NOTE: The CVE will be rejected, as it was assigned by Red Hat's CNA but is out of
+ NOTE: scope of the assigning CNA.
CVE-2018-10885 (In atomic-openshift before version 3.10.9 a malicious network-policy ...)
NOT-FOR-US: atomic-openshift
CVE-2018-10884
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dac883de5b7bef0ab48633e80687aeb91259af0f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dac883de5b7bef0ab48633e80687aeb91259af0f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180725/13e8ff7c/attachment.html>
More information about the debian-security-tracker-commits
mailing list