[Git][security-tracker-team/security-tracker][master] Mark CVE-2017-18641/lxc-templates now as unimportant
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Jan 28 07:44:18 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d5c54386 by Salvatore Bonaccorso at 2024-01-28T08:42:14+01:00
Mark CVE-2017-18641/lxc-templates now as unimportant
There is no security commitment from upstream and lxc-templates are
essentially deprecated in favour of using distrobuilder. That said, to
date there is no distrobuilder package in Debian.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -281194,10 +281194,7 @@ CVE-2020-8814
CVE-2018-21034 (In Argo versions prior to v1.5.0-rc1, it was possible for authenticate ...)
NOT-FOR-US: Argo
CVE-2017-18641 (In LXC 2.0, many template scripts download code over cleartext HTTP, a ...)
- - lxc-templates <unfixed> (bug #988730)
- [bookworm] - lxc-templates <ignored> (Minor issue)
- [bullseye] - lxc-templates <ignored> (Minor issue)
- [buster] - lxc-templates <ignored> (Minor issue)
+ - lxc-templates <unfixed> (bug #988730; unimportant)
- lxc 1:3.0.3-1 (low)
[stretch] - lxc <no-dsa> (Minor issue)
[jessie] - lxc <ignored> (https://lists.debian.org/debian-lts/2020/02/msg00102.html)
@@ -281205,6 +281202,8 @@ CVE-2017-18641 (In LXC 2.0, many template scripts download code over cleartext H
NOTE: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447
NOTE: Some of the templates were switched to fetch the pacakges over HTTPS, cf.
NOTE: https://github.com/lxc/lxc/pull/1371 for the lxc-fedora template.
+ NOTE: No security commitments from upstream and lxc-ltemplates deprecated in favour of
+ NOTE: distrobuilder.
CVE-2020-8813 (graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute a ...)
{DLA-3252-1}
- cacti 1.2.10+ds1-1 (bug #951832)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5c543867f1d76d989495df3639fe9eb10ffcd3b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5c543867f1d76d989495df3639fe9eb10ffcd3b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240128/7110a9d8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list