[Git][security-tracker-team/security-tracker][master] Demote crossroads severity to unimportant

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a9c21a93 by Salvatore Bonaccorso at 2018-10-26T06:41:27Z
Demote crossroads severity to unimportant

The issue is only exploitable during package build itself. For stable it
is ever unlikely that the package is ever rebuild (unless another fix
would be needed).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,8 +1,8 @@
 CVE-2018-18655 [information disclosure]
 	- prayer <unfixed> (bug #911842)
 CVE-2018-18654 [package build vulnerable to insecure use of /tmp]
-	- crossroads <unfixed> (bug #911877)
-	[stretch] - crossroads <no-dsa> (Minor issue; can be fixed via point release)
+	- crossroads <unfixed> (unimportant; bug #911877)
+	NOTE: Issue exploitable only during build of package
 CVE-2018-18651 (An issue was discovered in Xpdf 4.00. catalog->getNumPages() in ...)
 	TODO: check
 CVE-2018-18650 (An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a9c21a9382d2163aaca0f41a6c5eea596135c17f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a9c21a9382d2163aaca0f41a6c5eea596135c17f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181026/41c6956f/attachment-0001.html>