[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-7667 as no-dsa
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 21 06:14:45 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b873cad0 by Salvatore Bonaccorso at 2018-03-21T07:14:24+01:00
Mark CVE-2018-7667 as no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2674,6 +2674,8 @@ CVE-2018-7668 (TestLink through 1.9.16 allows remote attackers to read arbitrary
NOT-FOR-US: TestLink
CVE-2018-7667 (Adminer through 4.3.1 has SSRF via the server parameter. ...)
- adminer 4.5.0-1 (bug #893668)
+ [stretch] - adminer <no-dsa> (Minor issue, issue can be mitigated by upfront application firewalling)
+ [jessie] - adminer <no-dsa> (Minor issue, issue can be mitigated by upfront application firewalling)
NOTE: http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt
NOTE: https://github.com/vrana/adminer/commit/0fae40fb611b5c8167fa2b8d40bf576a8935a380
NOTE: adminer 4.4.0 disallows connecting to privileged ports, and thus not "enumerating"
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b873cad030fcd84f6c3add8ce3d71e13882c17ac
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b873cad030fcd84f6c3add8ce3d71e13882c17ac
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180321/9348f382/attachment.html>
More information about the Secure-testing-commits
mailing list