[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2018-7490/uwsgi in unstable
Salvatore Bonaccorso
carnil at debian.org
Sun Mar 18 07:51:10 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
56882526 by Salvatore Bonaccorso at 2018-03-18T08:50:46+01:00
Add fixed version for CVE-2018-7490/uwsgi in unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3065,7 +3065,7 @@ CVE-2018-7491 (In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking ...)
NOT-FOR-US: PrestaShop
CVE-2018-7490 (uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the ...)
{DSA-4142-1}
- - uwsgi <unfixed> (bug #891639)
+ - uwsgi 2.0.15-10.4 (bug #891639)
NOTE: Fixed in 2.0.17 upstream
NOTE: https://github.com/unbit/uwsgi/commit/0a480f435ea6feb63deb410ad2bf376ed3f05f8a
NOTE: https://blog.runesec.com/2018/03/01/uwsgi-path-traversal/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/568825265ee480361a4028c27b2c6b1fd809c31b
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/568825265ee480361a4028c27b2c6b1fd809c31b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180318/8756dcfe/attachment.html>
More information about the Secure-testing-commits
mailing list