[Git][security-tracker-team/security-tracker][master] Mark CVE-2018-11798/thrift as unimportant

Tue Jan 8 20:45:45 GMT 2019

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b802cea6 by Salvatore Bonaccorso at 2019-01-08T20:44:44Z
Mark CVE-2018-11798/thrift as unimportant

unimportant as the source is affected, but the binary packages are
configured via debian/rules --without-nodejs and thus not including the
nodejs module.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -34420,9 +34420,10 @@ CVE-2018-11800
 CVE-2018-11799 (Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 ...)
 	NOT-FOR-US: Apache Oozie
 CVE-2018-11798 (The Apache Thrift Node.js static web server in versions 0.9.2 through ...)
-	- thrift <unfixed>
+	- thrift <unfixed> (unimportant)
 	NOTE: https://issues.apache.org/jira/browse/THRIFT-4647
 	NOTE: https://github.com/apache/thrift/commit/2a2b72f6c8aef200ecee4984f011e06052288ff2
+	NOTE: src:thrift in Debian configured with --without-nodejs
 CVE-2018-11797 (In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully ...)
 	{DLA-1547-1}
 	- libpdfbox-java 1:1.8.16-1 (bug #910390)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b802cea664d0fbfefd967ad5bd535e2c8ecf2277

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b802cea664d0fbfefd967ad5bd535e2c8ecf2277
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190108/6416c323/attachment.html>
