[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add notes for util-linux/bash-completion issue

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7ba73a2f by Salvatore Bonaccorso at 2018-03-06T21:07:40+01:00
Add notes for util-linux/bash-completion issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,8 +1,12 @@
 CVE-2018-XXXX [code execution in bash-completion for umount]
-	- bash-completion <unfixed> (bug #892179)
-	- util-linux <unfixed>
-	NOTE: Similarly fixed in bash-completion's from util-linux:
+	- bash-completion <unfixed> (unimportant)
+	- util-linux <unfixed> (bug #892179)
+	[jessie] - util-linux <not-affected> (umount completion added later)
+	NOTE: Fix in bash-completion's from util-linux:
 	NOTE: https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55#diff-a47601b5dbce9dc06c3af1deb02758c7
+	NOTE: src:util-linux/2.28-1 takes over the umount completion from
+	NOTE: src:bash-completion (which in turn starting from 1:2.1-4.3
+	NOTE: does not provide the umount completion in the binary packaage)
 CVE-2018-7718
 	RESERVED
 CVE-2018-7717 (The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7ba73a2f256dd4dfc8d8f0dc3d6b93654e40c670

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7ba73a2f256dd4dfc8d8f0dc3d6b93654e40c670
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180306/58f49adb/attachment.html>