[Git][security-tracker-team/security-tracker][master] new issues in beep, mbedtls and busybox

Moritz Muehlenhoff jmm at debian.org
Thu Jun 28 11:05:27 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b4b379de by Moritz Muehlenhoff at 2018-06-28T12:04:52+02:00
new issues in beep, mbedtls and busybox

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -718,7 +718,7 @@ CVE-2018-1000534 (Joplin version prior to 1.0.90 contains a XSS evolving into co
 CVE-2018-1000533 (klaussilveira GitList version <= 0.6 contains a Passing incorrectly ...)
 	NOT-FOR-US: klaussilveira GitList
 CVE-2018-1000532 (beep version 1.3 and up contains a External Control of File Name or ...)
-	TODO: check
+	- beep <unfixed>
 CVE-2018-1000531 (inversoft prime-jwt version prior to commit ...)
 	NOT-FOR-US: prime-jwt
 CVE-2018-1000530
@@ -742,13 +742,16 @@ CVE-2018-1000522
 CVE-2018-1000521 (BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: BigTree-CMS
 CVE-2018-1000520 (ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows ...)
-	TODO: check
+	- mbedtls <unfixed>
+	- polarssl <removed>
+	NOTE: https://github.com/ARMmbed/mbedtls/issues/1561	
 CVE-2018-1000519 (aio-libs aiohttp-session contains a Session Fixation vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: aio-libs aiohttp-session
 CVE-2018-1000518 (aaugustin websockets version 4 contains a CWE-409: Improper Handling ...)
 	NOT-FOR-US: aaugustin websockets
 CVE-2018-1000517 (BusyBox project BusyBox wget version prior to commit ...)
-	TODO: check
+	- busybox <unfixed> (low)
+	NOTE: https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e
 CVE-2018-1000516 (The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper ...)
 	NOT-FOR-US: Galaxy Project Galaxy
 CVE-2018-1000515 (ventrian News-Articles version NewsArticles.00.09.11 contains a XML ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4b379dec34e5cbf7174b1367364536336cd158a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4b379dec34e5cbf7174b1367364536336cd158a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180628/db364226/attachment.html>

More information about the debian-security-tracker-commits mailing list