[Git][security-tracker-team/security-tracker][master] libzypp fixed

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ed8742f3 by Moritz Muehlenhoff at 2018-05-29T15:06:52+02:00
libzypp fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -55476,7 +55476,7 @@ CVE-2017-9271 (The commandline package update tool zypper writes HTTP proxy ...)
 CVE-2017-9270 (In cryptctl before version 2.0 a malicious server could send RPC ...)
 	NOT-FOR-US: SuSE cryptctl
 CVE-2017-9269 (In libzypp before August 2018 GPG keys attached to YUM repositories ...)
-	- libzypp <unfixed> (bug #899065)
+	- libzypp 17.3.1-1 (bug #899065)
 	[jessie] - libzypp <ignored> (Minor issue)
 CVE-2017-9268 (In the open build service before 201707022 the wipetrigger and rebuild ...)
 	- open-build-service <unfixed> (low)
@@ -61481,10 +61481,10 @@ CVE-2017-7438 (NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowe
 CVE-2017-7437 (NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed ...)
 	NOT-FOR-US: NetIQ Privileged Account Manager
 CVE-2017-7436 (In libzypp before 20170803 it was possible to retrieve unsigned ...)
-	- libzypp <unfixed> (bug #899065)
+	- libzypp 17.3.1-1 (bug #899065)
 	[jessie] - libzypp <ignored> (Minor issue)
 CVE-2017-7435 (In libzypp before 20170803 it was possible to add unsigned YUM ...)
-	- libzypp <unfixed> (bug #899065)
+	- libzypp 17.3.1-1 (bug #899065)
 	[jessie] - libzypp <ignored> (Minor issue)
 CVE-2017-7434 (In the JDBC driver of NetIQ Identity Manager before 4.6 sending out ...)
 	NOT-FOR-US: NetIQ Identity Manager
@@ -173791,7 +173791,7 @@ CVE-2013-3706 (Directory traversal vulnerability in the PreBoot service in Novel
 CVE-2013-3705 (The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on ...)
 	NOT-FOR-US: Novell Client
 CVE-2013-3704 (The RPM GPG key import and handling feature in libzypp 12.15.0 and ...)
-	NOT-FOR-US: libzypp
+	- libzypp <not-affected> (Fixed before initial upload)
 CVE-2013-3703
 	RESERVED
 	NOT-FOR-US: Open Build Service



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed8742f39e4aafa3d40eeffa695975355056103c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed8742f39e4aafa3d40eeffa695975355056103c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180529/369b3cd7/attachment.html>