[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-7262 as not affected in Debian according to investigation of maintainer

Salvatore Bonaccorso carnil at debian.org
Sat Mar 17 16:29:01 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
956515b3 by Salvatore Bonaccorso at 2018-03-17T17:28:04+01:00
Mark CVE-2018-7262 as not affected in Debian according to investigation of maintainer

See: https://bugs.debian.org/891963#15

Thanks: Gaudenz Steinlin

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3895,7 +3895,11 @@ CVE-2018-7263 (The mad_decoder_run() function in decoder.c in Underbit libmad th
 	TODO: clarify with MITRE why this CVE was additionally assigned
 CVE-2018-7262 [Malformed HTTP requests handled in rgw_civetweb.cc:RGW::init_env() can lead to NULL pointer dereference]
 	RESERVED
-	- ceph <unfixed> (bug #891963)
+	- ceph <not-affected> (Issue introducer later)
+	NOTE: See details in https://bugs.debian.org/891963#15 . Ceph as present in
+	NOTE: Debian up to 10.2.5-7.2 is not vulnerable as they contain an older
+	NOTE: version of the embedded webserver in RADOS gateway which does not return
+	NOTE: null strings on malformed HTTP requests.
 	NOTE: Original pull request: https://github.com/ceph/ceph/pull/20403
 	NOTE: Superseeded by: https://github.com/ceph/ceph/pull/20488
 CVE-2018-7261 (There are multiple Persistent XSS vulnerabilities in Radiant CMS ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/956515b30281869c4772d22ea9f0e9dfe036db59

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/956515b30281869c4772d22ea9f0e9dfe036db59
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180317/c18f0677/attachment.html>

More information about the Secure-testing-commits mailing list