[Git][security-tracker-team/security-tracker][master] Update status for CVE-2018-1000802

Salvatore Bonaccorso carnil at debian.org
Fri Sep 21 10:25:21 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2f4fc825 by Salvatore Bonaccorso at 2018-09-21T09:24:46Z
Update status for CVE-2018-1000802

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -323,10 +323,16 @@ CVE-2018-17155
 CVE-2018-17154
 	RESERVED
 CVE-2018-1000802 (Python Software Foundation Python (CPython) version 2.7 contains a ...)
+	- python3.7 <not-affected> (Fixed before initial upload)
+	- python3.6 <not-affected> (Fixed before initial upload)
+	- python3.5 <not-affected> (Fixed before initial upload)
+	- python3.4 <removed>
 	- python2.7 <unfixed>
 	NOTE: https://bugs.python.org/issue34540
 	NOTE: https://github.com/python/cpython/pull/8985/commits/add531a1e55b0a739b0f42582f1c9747e5649ace
-	TODO: check, issue is possibly specific to 2.7 only, so not listing here any other python source packages at the moment
+	NOTE: Later versions did remove _call_external_zip with
+	NOTE: https://github.com/python/cpython/commit/a0934b2c1b939fdebee8dc18d49a0f6c52324773
+	NOTE: which used distutils.spawn.
 CVE-2018-17153 (It was discovered that the Western Digital My Cloud device through ...)
 	NOT-FOR-US: Western Digital My Cloud device
 CVE-2018-17152



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2f4fc8254a33731cf3ca6111d68ade3b85e8841f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2f4fc8254a33731cf3ca6111d68ade3b85e8841f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180921/f44f9c3b/attachment.html>


More information about the debian-security-tracker-commits mailing list