[Git][security-tracker-team/security-tracker][master] amanda non-issues

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
554ac35f by Moritz Muehlenhoff at 2018-11-22T19:55:38Z
amanda non-issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2216,13 +2216,15 @@ CVE-2018-18633
 CVE-2018-18632
 	RESERVED
 CVE-2016-10730 (An issue was discovered in Amanda 3.3.1. A user with backup privileges ...)
-	- amanda <undetermined>
+	- amanda <unfixed> (unimportant)
 	NOTE: https://www.exploit-db.com/exploits/39244/
-	TODO: check
+	NOTE: /usr/lib/amanda/application/amstar can only be run by members of the backup
+	NOTE: group (which is root-equivalent due to being able to perform restores e.g.)
 CVE-2016-10729 (An issue was discovered in Amanda 3.3.1. A user with backup privileges ...)
-	- amanda <undetermined>
+	- amanda <unfixed> (unimportant)
 	NOTE: https://www.exploit-db.com/exploits/39217/
-	TODO: check
+	NOTE: /usr/lib/amanda/runtar can only be run by members of the backup
+	NOTE: group (which is root-equivalent due to being able to perform restores e.g.)
 CVE-2018-18883 (An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 ...)
 	- xen <unfixed>
 	[stretch] - xen <not-affected> (Only affects 4.9 and later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/554ac35f5c016c83ec6fb0c0582d05e921356d04

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/554ac35f5c016c83ec6fb0c0582d05e921356d04
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181122/7775bdf2/attachment-0001.html>