[Git][security-tracker-team/security-tracker][master] Add notes for CVE-2017-5188/open-build-service
Salvatore Bonaccorso
carnil at debian.org
Sat May 26 15:54:38 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
88b7848b by Salvatore Bonaccorso at 2018-05-26T16:49:11+02:00
Add notes for CVE-2017-5188/open-build-service
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -68899,6 +68899,12 @@ CVE-2017-5189 (NetIQ iManager before 3.0.3 delivered a SSL private key in a Java
CVE-2017-5188 (The bs_worker code in open build service before 20170320 followed ...)
- open-build-service <unfixed> (low)
[stretch] - open-build-service <no-dsa> (Minor issue)
+ NOTE: Fixed by: https://github.com/openSUSE/open-build-service/commit/00ec3c6f4132422f00d5c15e854755c331ef1661 (2.7.x)
+ NOTE: https://github.com/openSUSE/open-build-service/commit/8595d06570ded81d8514c8c5a147b250541bf388 (2.9.x)
+ NOTE: A followup https://bugzilla.suse.com/show_bug.cgi?id=1029824 shows
+ NOTE: it might be wise to disallow as well other types (devices, sockets,
+ NOTE: directories, symlinks, ...) and needs:
+ NOTE: https://github.com/openSUSE/open-build-service/commit/ba27c91351878bc297ec4baba0bd488a2f3b568d
CVE-2017-5187 (A Cross-Site Request Forgery (CWE-352) vulnerability in Directory ...)
NOT-FOR-US: Micro Focus
CVE-2017-5186 (Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88b7848bfa771fd4d5f75ba19f32ffe97630d431
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88b7848bfa771fd4d5f75ba19f32ffe97630d431
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180526/b0a8e17b/attachment.html>
More information about the debian-security-tracker-commits
mailing list