[Git][security-tracker-team/security-tracker][master] Merge information for systemd/232-25+deb9u10 into CVE list

Salvatore Bonaccorso carnil at debian.org
Mon Apr 8 13:55:17 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
48795aab by Salvatore Bonaccorso at 2019-04-08T12:54:14Z
Merge information for systemd/232-25+deb9u10 into CVE list

The version for the DSA will be build upon the 232-25+deb9u10 packages
so superseeding the point release. Track the 'released' version
correctly as the archive has seen this via stretch-proposed-updates.

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -38671,7 +38671,7 @@ CVE-2018-15687 (A race condition in chown_one() of systemd allows an attacker to
 CVE-2018-15686 (A vulnerability in unit_deserialize of systemd allows an attacker to s ...)
 	{DLA-1580-1}
 	- systemd 239-12 (bug #912005)
-	[stretch] - systemd <no-dsa> (Minor issue)
+	[stretch] - systemd 232-25+deb9u10
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1687
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796402
 	NOTE: https://github.com/systemd/systemd/pull/10519
@@ -79961,7 +79961,7 @@ CVE-2018-1050 (All versions of Samba from 4.0.0 onwards are vulnerable to a deni
 CVE-2018-1049 (In systemd prior to 234 a race condition exists between .mount and .au ...)
 	{DLA-1580-1}
 	- systemd 234-1
-	[stretch] - systemd <postponed> (Minor issue, can either be included in future DSA or point release)
+	[stretch] - systemd 232-25+deb9u10
 	[wheezy] - systemd <postponed>  (Minor issue, can be fixed along in next DLA)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649
 	NOTE: https://github.com/systemd/systemd/pull/5916


=====================================
data/next-point-update.txt
=====================================
@@ -66,10 +66,6 @@ CVE-2018-7998
 	[stretch] - vips 8.4.5-1+deb9u1
 CVE-2019-6976
 	[stretch] - vips 8.4.5-1+deb9u1
-CVE-2018-1049
-	[stretch] - systemd 232-25+deb9u10
-CVE-2018-15686
-	[stretch] - systemd 232-25+deb9u10
 CVE-2019-5736
 	[stretch] - runc 0.1.1+dfsg1-2+deb9u1
 CVE-2018-12181



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/48795aab8015bcec9182b69a1c34688ac8117897

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/48795aab8015bcec9182b69a1c34688ac8117897
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190408/ddb766a6/attachment.html>

More information about the debian-security-tracker-commits mailing list