[Git][security-tracker-team/security-tracker][master] Add NOTE and TODO for one part of the CVE-2018-10897/yum-utils fix

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2943bbfc by Salvatore Bonaccorso at 2019-02-11T14:56:35Z
Add NOTE and TODO for one part of the CVE-2018-10897/yum-utils fix

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -42480,6 +42480,9 @@ CVE-2018-10897 (A directory traversal issue was found in reposync, a part of ...
 	NOTE: https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c
 	NOTE: https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c
 	NOTE: https://github.com/rpm-software-management/yum-utils/pull/43
+	NOTE: Second part of the patch seems missing in 1.1.31-2.1 but possibly not
+	NOTE: needed to address the issue.
+	TODO: check
 CVE-2018-10896 (The default cloud-init configuration, in cloud-init 0.6.2 and newer, ...)
 	NOT-FOR-US: Red Hat-specific packaging flaw of cloud-init default config
 CVE-2018-10895 (qutebrowser before version 1.4.1 is vulnerable to a cross-site request ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2943bbfc6f2a887eb15140ff46b44994f4f12d75

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2943bbfc6f2a887eb15140ff46b44994f4f12d75
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190211/aa73e110/attachment.html>