[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2018-13259 & CVE-2018-0502 (zsh) for jessie LTS

Thu Sep 6 09:03:59 BST 2018

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b895ef9 by Chris Lamb at 2018-09-06T07:59:58Z
Triage CVE-2018-13259 & CVE-2018-0502 (zsh) for jessie LTS

- - - - -
6269be1c by Chris Lamb at 2018-09-06T08:00:27Z
Triage CVE-2018-13818 (twig) for jessie LTS

- - - - -
9f7a1d8d by Chris Lamb at 2018-09-06T08:03:40Z
data/dla-needed.txt: Triage curl for jessie.

- - - - -
78f76f9c by Chris Lamb at 2018-09-06T08:03:45Z
data/dla-needed.txt: Claim curl.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6642,6 +6642,7 @@ CVE-2018-13819 (A hardcoded secret key, in CA Unified Infrastructure Management
 CVE-2018-13818 (Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the ...)
 	- twig 2.4.4-2
 	[stretch] - twig <no-dsa> (Minor issue)
+	[jessie] - twig <no-dsa> (Minor issue)
 	NOTE: Fixed upstream in 2.4.4
 CVE-2018-13817
 	RESERVED
@@ -7850,6 +7851,7 @@ CVE-2018-13260
 CVE-2018-13259 (An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 ...)
 	- zsh 5.6-1 (bug #908000)
 	[stretch] - zsh <no-dsa> (Minor issue)
+	[jessie] - zsh <no-dsa> (Minor issue)
 	NOTE: https://www.zsh.org/mla/zsh-announce/136
 	NOTE: https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d
 CVE-2018-13258
@@ -44335,6 +44337,7 @@ CVE-2018-0503
 CVE-2018-0502 (An issue was discovered in zsh before 5.6. The beginning of a #! script ...)
 	- zsh 5.6-1 (bug #908000)
 	[stretch] - zsh <no-dsa> (Minor issue)
+	[jessie] - zsh <no-dsa> (Minor issue)
 	NOTE: https://www.zsh.org/mla/zsh-announce/136
 	NOTE: https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d
 CVE-2018-0501 (The mirror:// method implementation in Advanced Package Tool (APT) ...)


=====================================
data/dla-needed.txt
=====================================
@@ -14,6 +14,8 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
   NOTE: 20180901: No detailed information or a reproducer available at the
   NOTE: moment. Check. (apo)
 --
+curl (Chris Lamb)
+--
 discount (Markus Koschany)
 --
 enigmail



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/01efeef849f0629de05988830d967b3c3a2ea39c...78f76f9ce6f14333c3c62a2c7e8b2cc561c71a9b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/01efeef849f0629de05988830d967b3c3a2ea39c...78f76f9ce6f14333c3c62a2c7e8b2cc561c71a9b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180906/5a8a0828/attachment-0001.html>
