[Git][security-tracker-team/security-tracker][master] Process CVE-2018-1165{0,1}/greylog2

Sat Jun 2 07:33:20 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
63e09b9c by Salvatore Bonaccorso at 2018-06-02T08:32:03+02:00
Process CVE-2018-1165{0,1}/greylog2

It's a in meanwhile closed itp bug, but we track one further CVE for
greylog2 with the itp. We might change all occurences to NFU in case it
is ever unlikely there will be another attempt for packaging.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -46,9 +46,9 @@ CVE-2018-11652 (CSV Injection vulnerability in Nikto 2.1.6 and earlier allows re
 	[jessie] - nikto <no-dsa> (non-free not supported)
 	NOTE: https://github.com/sullo/nikto/commit/e759b3300aace5314fe3d30800c8bd83c81c29f7
 CVE-2018-11651 (Graylog before v2.4.4 has an XSS security issue with unescaped text in ...)
-	TODO: check
+	- graylog2 <itp> (bug #652273)
 CVE-2018-11650 (Graylog before v2.4.4 has an XSS security issue with unescaped text in ...)
-	TODO: check
+	- graylog2 <itp> (bug #652273)
 CVE-2018-11649 (Hue 3.12 has XSS via the /pig/save/ name and script parameters. ...)
 	TODO: check
 CVE-2018-11648



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/63e09b9ca33a1632283a64d81acb5899e9197c78

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/63e09b9ca33a1632283a64d81acb5899e9197c78
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180602/b956c8ac/attachment.html>
