[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-9275/yubico-pam

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5255737c by Salvatore Bonaccorso at 2018-04-04T22:24:28+02:00
Add CVE-2018-9275/yubico-pam

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -19,7 +19,13 @@ CVE-2018-9277
 CVE-2018-9276
        RESERVED
 CVE-2018-9275 (In check_user_token in util.c in the Yubico PAM module (aka 
pam_yubico) ...)
-       TODO: check
+       - yubico-pam <unfixed>
+       [jessie] - yubico-pam <not-affected> (Vulnerable code introduced later)
+       [wheezy] - yubico-pam <not-affected> (Vulnerable code introduced later)
+       NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1088027
+       NOTE: Fixed by: 
https://github.com/Yubico/yubico-pam/commit/0f6ceabab0a8849b47f67d727aa526c2656089ba
+       NOTE: Introduced in: 
https://github.com/Yubico/yubico-pam/commit/d9780eacd9e61c5062cdabdce21c224de1884583
 (2.18)
+       NOTE: https://github.com/Yubico/yubico-pam/issues/136
 CVE-2017-18257 (The __get_data_block function in fs/f2fs/data.c in the Linux 
kernel ...)
        - linux 4.11.6-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/b86e33075ed1909d8002745b56ecf73b833db143



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5255737c5bfb8f9c986e1641d0bf4566e1ecfcda

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5255737c5bfb8f9c986e1641d0bf4566e1ecfcda
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits