[Git][security-tracker-team/security-tracker][master] Decouple entry for flatpak from CVE-2019-5736, should get an own CVE

Salvatore Bonaccorso carnil at debian.org
Tue Feb 12 09:47:38 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0816f6c8 by Salvatore Bonaccorso at 2019-02-12T09:46:59Z
Decouple entry for flatpak from CVE-2019-5736, should get an own CVE

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4981,15 +4981,15 @@ CVE-2018-20679 (An issue was discovered in BusyBox before 1.30.0. An out of boun
 	NOTE: is needed to fix the issue completely.
 CVE-2018-20678
 	RESERVED
-CVE-2019-5736 (runc through 1.0-rc6, as used in Docker before 18.09.2 and other ...)
+CVE-2019-XXXX [issue similar to CVE-2019-5736 for runc]
 	- flatpak 1.2.3-1 (bug #922059)
+CVE-2019-5736 (runc through 1.0-rc6, as used in Docker before 18.09.2 and other ...)
 	- lxc <unfixed> (unimportant)
 	- runc <unfixed> (bug #922050)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/02/11/2
 	NOTE: runc: Fixed by: https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
 	NOTE: lxc: Fixed by: https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d
 	NOTE: Not considered a security issue by LXC upstream
-	TODO: flatpak (and lxc) probably would need a separate CVE as the issue is similar but they do not share respective code.
 CVE-2019-5735
 	RESERVED
 CVE-2019-5734



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0816f6c8dde855dfb774cfe327608cdc9ae697ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0816f6c8dde855dfb774cfe327608cdc9ae697ad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190212/ba1bc24c/attachment.html>

More information about the debian-security-tracker-commits mailing list