[Git][security-tracker-team/security-tracker][master] Update information on CVE-2018-8035

Fri May 3 13:31:49 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5be0b457 by Salvatore Bonaccorso at 2019-05-03T12:28:47Z
Update information on CVE-2018-8035

Originally assigned to uimaj, but the CVE is assigned to UIMA DUCC a
subproject of Apache UIMA itself. DUCC is a Linuc cluster controller
esigned to scale out any UIMA pipeline, but it's not included in
src:uimaj source.

As such if triaging was correct here, this is actually a NFU.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61024,7 +61024,7 @@ CVE-2018-8036 (In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefu
 	[jessie] - libpdfbox-java <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/06/29/2
 CVE-2018-8035 (This vulnerability relates to the user's browser processing of DUCC we ...)
-	- uimaj <unfixed>
+	NOT-FOR-US: UIMA DUCC (subproject of Apache UIMA)
 	NOTE: https://uima.apache.org/security_report#CVE-2018-8035
 CVE-2018-8034 (The host name verification when using TLS with the WebSocket client wa ...)
 	{DSA-4281-1 DLA-1491-1 DLA-1453-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5be0b457049a11c92cf422393d2022129b66dd7e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5be0b457049a11c92cf422393d2022129b66dd7e
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190503/9f5ed8b4/attachment.html>
