[Git][security-tracker-team/security-tracker][master] Mark cantata as ignored

Mon Jun 18 21:19:23 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ad2752fa by Salvatore Bonaccorso at 2018-06-18T22:18:27+02:00
Mark cantata as ignored

As stated in the notes, this is not fully correct tracking. See NOTEs
and we might actually revert this part and mark not-affected instead
after discussion.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -70,10 +70,15 @@ CVE-2018-12521
 	RESERVED
 CVE-2018-XXXX [cantata-mounter D-Bus service local privilege escalation and other security issues]
 	- cantata <unfixed> (bug #901798)
+	[stretch] - cantata <ignored> (cantata-mounter and service not installed)
+	[jessie] - cantata <ignored> (cantata-mounter and service not installed)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/06/18/1
 	NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
 	NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
 	NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
+	NOTE: no-dsa/ignored status is not fully correct, but we cannot state
+	NOTE: "unimportant" severity just for one suite and unstable is more severily
+	NOTE: affected.
 CVE-2018-12520
 	RESERVED
 CVE-2018-12519



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad2752fa2f4f231d2f4dcff89136f57b467877f0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad2752fa2f4f231d2f4dcff89136f57b467877f0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180618/a86527a5/attachment.html>
