[Git][security-tracker-team/security-tracker][master] filed bugs for some unclear issues

Moritz Muehlenhoff jmm at debian.org
Wed Oct 24 22:27:17 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4dcb429f by Moritz Muehlenhoff at 2018-10-24T21:26:49Z
filed bugs for some unclear issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2012,18 +2012,18 @@ CVE-2018-17850
 CVE-2018-17849 (Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File ...)
 	NOT-FOR-US: Navigate CMS
 CVE-2018-17848 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...)
-	- golang-golang-x-net-dev <undetermined>
-	- golang-go.net-dev <undetermined>
+	- golang-golang-x-net-dev <unfixed> (bug #911795)
+	- golang-go.net-dev <removed>
 	NOTE: https://github.com/golang/go/issues/27846
 	TODO: check, possibly introduced in later versions
 CVE-2018-17847 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...)
-	- golang-golang-x-net-dev <undetermined>
-	- golang-go.net-dev <undetermined>
+	- golang-golang-x-net-dev <unfixed> (bug #911795)
+	- golang-go.net-dev <removed>
 	NOTE: https://github.com/golang/go/issues/27846
 	TODO: check, possibly introduced in later versions
 CVE-2018-17846 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...)
-	- golang-golang-x-net-dev <undetermined>
-	- golang-go.net-dev <undetermined>
+	- golang-golang-x-net-dev <unfixed> (bug #911795)
+	- golang-go.net-dev <removed>
 	NOTE: https://github.com/golang/go/issues/27842
 	TODO: check, possibly introduced in later versions
 CVE-2018-17845
@@ -9685,9 +9685,8 @@ CVE-2018-14643 (An authentication bypass flaw was found in the smart_proxy_dynfl
 	- foreman <itp> (bug #663101)
 	NOTE: Issue in a foreman component: smart_proxy_dynflow, which might land in separate source.
 CVE-2018-14642 (An information leak vulnerability was found in Undertow. If all ...)
-	- undertow <undetermined>
+	- undertow <unfixed> (bug #911796)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1628702
-	TODO: further check, the RedHat bug 1628702 references are not public accessible
 CVE-2018-14641 (A security flaw was found in the ip_frag_reasm() function in ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/09/18/1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4dcb429f32e42f2163d426acf9506872177b98ec

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4dcb429f32e42f2163d426acf9506872177b98ec
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181024/b6c64fac/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list