[Git][security-tracker-team/security-tracker][master] Track fixes for three CVEs in ceph via ceph/12.2.11+dfsg1-1
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 12 21:27:13 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d052dce3 by Salvatore Bonaccorso at 2019-02-12T21:25:30Z
Track fixes for three CVEs in ceph via ceph/12.2.11+dfsg1-1
CVE-2018-14662, CVE-2018-16889 and CVE-2018-16846 were addressed in
12.2.11 upstream and included in the 12.2.11+dfsg1-1 upload to unstable.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26636,7 +26636,7 @@ CVE-2018-16890 (libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a
NOTE: Fixed by: https://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb
NOTE: Introduced by: https://github.com/curl/curl/commit/86724581b6c02d160b52f817550cfdfc9c93af62
CVE-2018-16889 (Ceph does not properly sanitize encryption keys in debug logging for ...)
- - ceph <unfixed> (low; bug #918969)
+ - ceph 12.2.11+dfsg1-1 (low; bug #918969)
[stretch] - ceph <postponed> (Minor issue)
[jessie] - ceph <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1665334
@@ -26859,7 +26859,7 @@ CVE-2018-16847 (An OOB heap buffer r/w access issue was found in the NVM Express
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=87ad860c622cc8f8916b5232bd8728c08f938fce
CVE-2018-16846 (It was found in Ceph versions before 13.2.4 that authenticated ceph ...)
- - ceph <unfixed> (bug #921947)
+ - ceph 12.2.11+dfsg1-1 (bug #921947)
NOTE: http://tracker.ceph.com/issues/35994
NOTE: https://github.com/ceph/ceph/commit/ab29bed2fc9f961fe895de1086a8208e21ddaddc
NOTE: Backport to 12.2.11: https://tracker.ceph.com/issues/37831
@@ -32343,7 +32343,7 @@ CVE-2018-14663 (An issue has been found in PowerDNS DNSDist before 1.3.3 allowin
[stretch] - dnsdist <no-dsa> (Minor issue)
NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2018-08.html
CVE-2018-14662 (It was found Ceph versions before 13.2.4 that authenticated ceph users ...)
- - ceph <unfixed> (bug #921948)
+ - ceph 12.2.11+dfsg1-1 (bug #921948)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1637327
NOTE: https://github.com/ceph/ceph/commit/a2acedd2a7e12d58af6db35edbd8a9d29c557578
CVE-2018-14661 (It was found that usage of snprintf function in feature/locks ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d052dce3db2a06489daa6a951c99c4deaf5545bb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d052dce3db2a06489daa6a951c99c4deaf5545bb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190212/bfa3804d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list