[Git][security-tracker-team/security-tracker][master] Mark virtualbox for now as unfixed

Fri Nov 9 15:13:23 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
251ebe9f by Salvatore Bonaccorso at 2018-11-09T15:12:10Z
Mark virtualbox for now as unfixed

We need further assurance/confirmance that the changes in 5.2.22 are
enough to adress the issue. As long it's unconfirmed better have the
status wrongly as unfixed.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -151,10 +151,11 @@ CVE-2018-19057 (SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted I
 CVE-2018-19056 (pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" ...)
 	NOT-FOR-US: pandao Editor.md
 CVE-2018-XXXX [VirtualBox E1000 Guest-to-Host Escape]
-	- virtualbox 5.2.22-dfsg-1 (bug #913137)
+	- virtualbox <unfixed> (bug #913137)
 	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
 	NOTE: https://github.com/MorteNoir1/virtualbox_e1000_0day
-	NOTE: Extracted patch: https://paste.debian.net/plain/1051089
+	NOTE: Changes between 5.2.20 and 5.2.22: https://paste.debian.net/plain/1051089
+	TODO: confirm on if issue fixed completely with the changes in 5.2.22
 CVE-2018-19055
 	RESERVED
 CVE-2018-19054



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/251ebe9fe5f6c4df6768d659b306f2f0066b3ab1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/251ebe9fe5f6c4df6768d659b306f2f0066b3ab1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181109/358102f9/attachment-0001.html>
