[Git][security-tracker-team/security-tracker][master] Record now assigned CVEs for chromium-browser issues
Salvatore Bonaccorso
carnil at debian.org
Tue Sep 25 20:42:19 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
86880474 by Salvatore Bonaccorso at 2018-09-25T19:40:46Z
Record now assigned CVEs for chromium-browser issues
In meanwhile according to
https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_11.html
two CVEs were assigned for the issues fixed in DSA-4297-1
- CVE-2018-17458: Function signature mismatch in WebAssembly.
- CVE-2018-17459: URL Spoofing in Omnibox
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1059,14 +1059,12 @@ CVE-2018-16948 (An issue was discovered in OpenAFS before 1.6.23 and 1.8.x befor
CVE-2018-16947 (An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before ...)
- openafs 1.8.2-1 (bug #908616)
NOTE: http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt
-CVE-2018-XXXX [function signature mismatch in webassembly]
+CVE-2018-17458 [function signature mismatch in webassembly]
- chromium-browser 69.0.3497.92-1 (bug #908806)
- [stretch] - chromium-browser 69.0.3497.92-1~deb9u1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
NOTE: Workaround for DSA-4297-1 until CVEs assigned
-CVE-2018-XXXX [url spoofing in omnibox]
+CVE-2018-17459 [url spoofing in omnibox]
- chromium-browser 69.0.3497.92-1 (bug #908806)
- [stretch] - chromium-browser 69.0.3497.92-1~deb9u1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
NOTE: Workaround for DSA-4297-1 until CVEs assigned
CVE-2018-1002009
=====================================
data/DSA/list
=====================================
@@ -23,6 +23,7 @@
{CVE-2018-17141}
[stretch] - hylafax 3:6.0.6-7+deb9u1
[19 Sep 2018] DSA-4297-1 chromium-browser - security update
+ {CVE-2018-17458 CVE-2018-17459}
[stretch] - chromium-browser 69.0.3497.92-1~deb9u1
[16 Sep 2018] DSA-4296-1 mbedtls - security update
{CVE-2018-0497 CVE-2018-0498}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/868804740ea1a8f51e62c08607ce857482ccd609
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/868804740ea1a8f51e62c08607ce857482ccd609
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180925/0eb883b1/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list