[Git][security-tracker-team/security-tracker][master] Record now assigned CVEs for chromium-browser issues

Salvatore Bonaccorso carnil at debian.org
Tue Sep 25 20:42:19 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
86880474 by Salvatore Bonaccorso at 2018-09-25T19:40:46Z
Record now assigned CVEs for chromium-browser issues

In meanwhile according to

https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_11.html

two CVEs were assigned for the issues fixed in DSA-4297-1

 - CVE-2018-17458: Function signature mismatch in WebAssembly.
 - CVE-2018-17459: URL Spoofing in Omnibox

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1059,14 +1059,12 @@ CVE-2018-16948 (An issue was discovered in OpenAFS before 1.6.23 and 1.8.x befor
 CVE-2018-16947 (An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before ...)
 	- openafs 1.8.2-1 (bug #908616)
 	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt
-CVE-2018-XXXX [function signature mismatch in webassembly]
+CVE-2018-17458 [function signature mismatch in webassembly]
 	- chromium-browser 69.0.3497.92-1 (bug #908806)
-	[stretch] - chromium-browser 69.0.3497.92-1~deb9u1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	NOTE: Workaround for DSA-4297-1 until CVEs assigned
-CVE-2018-XXXX [url spoofing in omnibox]
+CVE-2018-17459 [url spoofing in omnibox]
 	- chromium-browser 69.0.3497.92-1 (bug #908806)
-	[stretch] - chromium-browser 69.0.3497.92-1~deb9u1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	NOTE: Workaround for DSA-4297-1 until CVEs assigned
 CVE-2018-1002009


=====================================
data/DSA/list
=====================================
@@ -23,6 +23,7 @@
 	{CVE-2018-17141}
 	[stretch] - hylafax 3:6.0.6-7+deb9u1
 [19 Sep 2018] DSA-4297-1 chromium-browser - security update
+	{CVE-2018-17458 CVE-2018-17459}
 	[stretch] - chromium-browser 69.0.3497.92-1~deb9u1
 [16 Sep 2018] DSA-4296-1 mbedtls - security update
 	{CVE-2018-0497 CVE-2018-0498}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/868804740ea1a8f51e62c08607ce857482ccd609

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/868804740ea1a8f51e62c08607ce857482ccd609
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180925/0eb883b1/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list