[Git][security-tracker-team/security-tracker][master] Add (unfortunately overlong) TODO item for CVE-2018-18653
Salvatore Bonaccorso
carnil at debian.org
Fri Oct 26 09:56:19 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
69b6c2a1 by Salvatore Bonaccorso at 2018-10-26T08:53:21Z
Add (unfortunately overlong) TODO item for CVE-2018-18653
This seem at first glance a very specific issue for the Linux kernel as
shiped in Ubuntu. But there are some remarks pointed out via
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1798863 .
The issue seem introduced via an out-of-tree patch from the Lockdown
patchset:
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/cosmic/commit/?id=03c7de9e956395f3b36f86f89b62780ad9501eef
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1798863/comments/21
is further relevant to determine our status on which combinations of
used patch and used configuration options will cause the issue.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,6 @@
CVE-2018-18653 (The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI ...)
- TODO: check
+ - linux <undetermined>
+ TODO: check, this should be very Ubuntu specific, but it is introduced with the out-of-tree patch from the Lockdown patchset https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/cosmic/commit/?id=03c7de9e956395f3b36f86f89b62780ad9501eef and so possibly affect our kernel as well in some way.
CVE-2018-18652 (A remote command execution vulnerability in Veritas NetBackup Appliance ...)
TODO: check
CVE-2018-18655 (Prayer through 1.3.5 sends a Referer header, containing a user's ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/69b6c2a1defb028a26a2b9de0c5b4c2be96368fd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/69b6c2a1defb028a26a2b9de0c5b4c2be96368fd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181026/dd8b0883/attachment.html>
More information about the debian-security-tracker-commits
mailing list