[Git][security-tracker-team/security-tracker][master] Add CVE-2018-11751/puppet
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 16 06:23:12 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
89956942 by Salvatore Bonaccorso at 2020-01-16T07:21:33+01:00
Add CVE-2018-11751/puppet
For now kept it as undetermined, but it looks as per references that the
issue is fixed in 6.4.0 upstream and would affect all earlier 6.x
versions.
Needs triage to see all previous versions are affected by the issue and
then move the status from undetermined to unfixed.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -93278,6 +93278,9 @@ CVE-2018-11753
CVE-2018-11752 (Previous releases of the Puppet cisco_ios module output SSH session de ...)
NOT-FOR-US: cisco_ios Puppet module
CVE-2018-11751 (Previous versions of Puppet Agent didn't verify the peer in the SSL co ...)
+ - puppet <undetermined>
+ NOTE: https://puppet.com/security/cve/CVE-2018-11751/
+ NOTE: https://tickets.puppetlabs.com/browse/PUP-9459
TODO: check
CVE-2018-11750 (Previous releases of the Puppet cisco_ios module did not validate a ho ...)
NOT-FOR-US: cisco_ios Puppet module
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/899569424a0e0991fa735b9bf1189268fb23a2e0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/899569424a0e0991fa735b9bf1189268fb23a2e0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200116/a60ede39/attachment.html>
More information about the debian-security-tracker-commits
mailing list