[Git][security-tracker-team/security-tracker][master] 3 commits: Reference Red Hat bug id for ansible issue

Wed Oct 24 20:03:40 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b0365104 by Salvatore Bonaccorso at 2018-10-24T18:52:10Z
Reference Red Hat bug id for ansible issue

- - - - -
b59d0d7d by Salvatore Bonaccorso at 2018-10-24T18:53:07Z
Fix typo in source package name for DLA-1550-1/drupal7

- - - - -
5dc5fbc8 by Salvatore Bonaccorso at 2018-10-24T19:00:32Z
Add CVE-2018-15756/libspring-java

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4315,7 +4315,7 @@ CVE-2018-16838
 	RESERVED
 CVE-2018-16837 (Ansible "User" module leaks any data which is passed on as a parameter ...)
 	- ansible <unfixed>
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1640642
 CVE-2018-16836 (Rubedo through 3.4.0 contains a Directory Traversal vulnerability in ...)
 	NOT-FOR-US: Rubedo CMS
 CVE-2018-16835
@@ -7072,7 +7072,8 @@ CVE-2018-15758 (Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prio
 CVE-2018-15757
 	RESERVED
 CVE-2018-15756 (Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, ...)
-	TODO: check
+	- libspring-java <unfixed>
+	NOTE: https://pivotal.io/security/cve-2018-15756
 CVE-2018-15755 (Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2018-15754


=====================================
data/DLA/list
=====================================
@@ -7,8 +7,8 @@
 [20 Oct 2018] DLA-1551-1 exiv2 - security update
 	{CVE-2018-10958 CVE-2018-10999 CVE-2018-16336}
 	[jessie] - exiv2 0.24-4.1+deb8u2
-[19 Oct 2018] DLA-1550-1 drupal - security update
-	[jessie] - drupal 7.32-1+deb8u13
+[19 Oct 2018] DLA-1550-1 drupal7 - security update
+	[jessie] - drupal7 7.32-1+deb8u13
 [18 Oct 2018] DLA-1549-1 xen - security update
 	{CVE-2017-14316 CVE-2017-14317 CVE-2017-14319 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15597 CVE-2017-17046 CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 CVE-2018-10471 CVE-2018-10982}
 	[jessie] - xen 4.4.4lts2-0+deb8u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/84b7ee5da6b131b85bc6fb03234a055ba8f2870e...5dc5fbc8b05407bd4c40afb29a75200cf5159c4d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/84b7ee5da6b131b85bc6fb03234a055ba8f2870e...5dc5fbc8b05407bd4c40afb29a75200cf5159c4d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181024/846bc355/attachment.html>
