[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2018-13259 & CVE-2018-0502 (zsh) for jessie LTS
Chris Lamb
lamby at debian.org
Thu Sep 6 09:03:59 BST 2018
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9b895ef9 by Chris Lamb at 2018-09-06T07:59:58Z
Triage CVE-2018-13259 & CVE-2018-0502 (zsh) for jessie LTS
- - - - -
6269be1c by Chris Lamb at 2018-09-06T08:00:27Z
Triage CVE-2018-13818 (twig) for jessie LTS
- - - - -
9f7a1d8d by Chris Lamb at 2018-09-06T08:03:40Z
data/dla-needed.txt: Triage curl for jessie.
- - - - -
78f76f9c by Chris Lamb at 2018-09-06T08:03:45Z
data/dla-needed.txt: Claim curl.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -6642,6 +6642,7 @@ CVE-2018-13819 (A hardcoded secret key, in CA Unified Infrastructure Management
CVE-2018-13818 (Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the ...)
- twig 2.4.4-2
[stretch] - twig <no-dsa> (Minor issue)
+ [jessie] - twig <no-dsa> (Minor issue)
NOTE: Fixed upstream in 2.4.4
CVE-2018-13817
RESERVED
@@ -7850,6 +7851,7 @@ CVE-2018-13260
CVE-2018-13259 (An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 ...)
- zsh 5.6-1 (bug #908000)
[stretch] - zsh <no-dsa> (Minor issue)
+ [jessie] - zsh <no-dsa> (Minor issue)
NOTE: https://www.zsh.org/mla/zsh-announce/136
NOTE: https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d
CVE-2018-13258
@@ -44335,6 +44337,7 @@ CVE-2018-0503
CVE-2018-0502 (An issue was discovered in zsh before 5.6. The beginning of a #! script ...)
- zsh 5.6-1 (bug #908000)
[stretch] - zsh <no-dsa> (Minor issue)
+ [jessie] - zsh <no-dsa> (Minor issue)
NOTE: https://www.zsh.org/mla/zsh-announce/136
NOTE: https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d
CVE-2018-0501 (The mirror:// method implementation in Advanced Package Tool (APT) ...)
=====================================
data/dla-needed.txt
=====================================
@@ -14,6 +14,8 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
NOTE: 20180901: No detailed information or a reproducer available at the
NOTE: moment. Check. (apo)
--
+curl (Chris Lamb)
+--
discount (Markus Koschany)
--
enigmail
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/01efeef849f0629de05988830d967b3c3a2ea39c...78f76f9ce6f14333c3c62a2c7e8b2cc561c71a9b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/01efeef849f0629de05988830d967b3c3a2ea39c...78f76f9ce6f14333c3c62a2c7e8b2cc561c71a9b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180906/5a8a0828/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list