[Git][security-tracker-team/security-tracker][master] Add details for CVE-2018-1115

[Christoph Berg]

Christoph Berg pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7300d23e by Christoph Berg at 2018-05-10T17:26:38+02:00
Add details for CVE-2018-1115

No DSA needed, the issue is minor (non-default configuration, and the
only impact is that users can rotate the log file)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -26728,8 +26728,15 @@ CVE-2018-1117
 	RESERVED
 CVE-2018-1116
 	RESERVED
-CVE-2018-1115
-	RESERVED
+CVE-2018-1115 [public execution privileges on pg_rotate_logfile() in adminpack extension]
+	- postgresql-10 10.4-1
+	- postgresql-9.6 <removed>
+	[stretch] - postgresql-9.6 <no-dsa> (Minor issue)
+	- postgresql-9.4 <removed>
+	[jessie] - postgresql-9.4 <not-affected> (Code not present)
+	- postgresql-9.1 <removed>
+	[jessie] - postgresql-9.1 <not-affected> (Code not present)
+	[wheezy] - postgresql-9.1 <not-affected> (Code not present)
 CVE-2018-1114 [File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service]
 	RESERVED
 	- undertow 1.4.25-1 (bug #897247)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7300d23e06846e4638aa870f5f1daffaafd4798e

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7300d23e06846e4638aa870f5f1daffaafd4798e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180510/e45d921f/attachment.html>