[Git][security-tracker-team/security-tracker][master] Small status adjustment for CVE-2018-12689

Wed Oct 31 20:08:57 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
59b13540 by Salvatore Bonaccorso at 2018-10-31T20:08:10Z
Small status adjustment for CVE-2018-12689

The issue raised to be not a security issue at all.

Proper REJECT by MITRE requested/pending.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15116,8 +15116,10 @@ CVE-2018-12691 (Time-of-check to time-of-use (TOCTOU) race condition in ...)
 CVE-2018-12690
 	RESERVED
 CVE-2018-12689 (phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id ...)
-	- phpldapadmin <not-affected> (unreproducible; bug #902186)
+	- phpldapadmin <unfixed> (unimportant; bug #902186)
 	NOTE: https://www.exploit-db.com/exploits/44926/
+	NOTE: Non-security issue as demostrated in https://bugs.debian.org/902186
+	NOTE: and disputed as security issue. Should be properly rejected by MITRE.
 CVE-2018-12688 (tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. ...)
 	NOT-FOR-US: tinyexr
 CVE-2018-12687 (tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/59b1354026f2323b0bf98a2e1f2667cc6439ff19

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/59b1354026f2323b0bf98a2e1f2667cc6439ff19
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181031/bbd52499/attachment.html>
