[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2018-10243/libhtp

Salvatore Bonaccorso carnil at debian.org
Fri Apr 5 21:28:51 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1322cd3c by Salvatore Bonaccorso at 2019-04-05T20:24:50Z
Add CVE-2018-10243/libhtp

- - - - -
51fdf9a1 by Salvatore Bonaccorso at 2019-04-05T20:27:08Z
Track src:suricata as well for CVE-2018-10243

In jessie and stretch src:suricata used the embedded copy of libhtp.
Thus track src:suricata for CVE-2018-10243 and mark for suricata as
fixed version for the unstable following when it switched to use the
system libhtp instead of the embedded version. For src:libhtp already
tracked the fixed version for the unstable uploads.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -53133,7 +53133,11 @@ CVE-2018-10245 (A Full Path Disclosure vulnerability in AWStats through 7.6 allo
 CVE-2018-10244 (Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/ ...)
 	TODO: check
 CVE-2018-10243 (htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allow ...)
-	TODO: check
+	- libhtp 1:0.5.28-1
+	- suricata 1:4.0.0-1
+	NOTE: suricata used the embedded copy of libhtp up to before 1:4.0.0-1.
+	NOTE: https://github.com/OISF/libhtp/issues/169
+	NOTE: https://github.com/OISF/libhtp/commit/eefd4b7d2be663f6067362f29c81e6edf909145a
 CVE-2018-10242 (Suricata version 4.0.4 incorrectly handles the parsing of the SSH bann ...)
 	TODO: check
 CVE-2014-10073 (The create_response function in server/server.c in Psensor before 1.1. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/3980016f0fe72e6b08763e70e0a194dd196d20a7...51fdf9a15b775c7ce0820e6064aad598e7047ed5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/3980016f0fe72e6b08763e70e0a194dd196d20a7...51fdf9a15b775c7ce0820e6064aad598e7047ed5
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190405/4af31389/attachment.html>

More information about the debian-security-tracker-commits mailing list