[Git][security-tracker-team/security-tracker][master] Add reference to upstream commit for CVE-2018-17937/gpsd

Fri Mar 22 20:28:45 GMT 2019

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
624d8fee by Salvatore Bonaccorso at 2019-03-22T20:27:18Z
Add reference to upstream commit for CVE-2018-17937/gpsd

Upstream project is not very transparent here to mention which are the
needed fixes. The issue is both present in gpsd and microjson and
correlating both projects and the information from
https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01 leads to
http://git.savannah.nongnu.org/cgit/gpsd.git/commit/?id=7646cbd04055a50b157312ba6b376e88bd398c19

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30348,6 +30348,8 @@ CVE-2018-17938 (Zimbra Collaboration before 8.8.10 GA allows text content spoofi
 CVE-2018-17937 (gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open  ...)
 	[experimental] - gpsd 3.18.1-1
 	- gpsd <unfixed>
+	NOTE: http://git.savannah.nongnu.org/cgit/gpsd.git/commit/?id=7646cbd04055a50b157312ba6b376e88bd398c19
+	TODO: check if more commits needed
 CVE-2018-17936 (NUUO CMS All versions 3.3 and prior the application allows the upload  ...)
 	NOT-FOR-US: NUUO CMS
 CVE-2018-17935 (All versions of Telecrane F25 Series Radio Controls before 00.0A use f ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/624d8fee67d97fc67b58cebae37c71ebf680b5c9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/624d8fee67d97fc67b58cebae37c71ebf680b5c9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190322/4bc5a2eb/attachment.html>
