[Git][security-tracker-team/security-tracker][master] 2 commits: Add for now flatpak under CVE-2019-5736

Salvatore Bonaccorso carnil at debian.org
Tue Feb 12 05:31:39 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2af58e40 by Salvatore Bonaccorso at 2019-02-12T05:29:58Z
Add for now flatpak under CVE-2019-5736

Probably both lxc (but it is disputed as security issue upstream) and
flatpak would need separate CVEs here given the issue is similar but no
common code is affected.

Add a repsective TODO, to make clear this needs to be clarified with
MITRE.

- - - - -
c06f7b65 by Salvatore Bonaccorso at 2019-02-12T05:31:15Z
Use same style in NOTE section

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4965,12 +4965,14 @@ CVE-2018-20679 (An issue was discovered in BusyBox before 1.30.0. An out of boun
 CVE-2018-20678
 	RESERVED
 CVE-2019-5736 (runc through 1.0-rc6, as used in Docker before 18.09.2 and other ...)
-	- runc <unfixed> (bug #922050)
+	- flatpak 1.2.3-1 (bug #922059)
 	- lxc <unfixed> (unimportant)
+	- runc <unfixed> (bug #922050)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/02/11/2
 	NOTE: runc: Fixed by: https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
-	NOTE: lxc: Fixed by https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d
+	NOTE: lxc: Fixed by: https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d
 	NOTE: Not considered a security issue by LXC upstream
+	TODO: flatpak (and lxc) probably would need a separate CVE as the issue is similar but they do not share respective code.
 CVE-2019-5735
 	RESERVED
 CVE-2019-5734



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/89c368c5837c29a0acb7017ad1de6af8d3203c65...c06f7b656babc0d370f1717445d879235987b150

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/89c368c5837c29a0acb7017ad1de6af8d3203c65...c06f7b656babc0d370f1717445d879235987b150
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190212/869c5193/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list