Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1c00d85a by Salvatore Bonaccorso at 2018-07-13T06:06:11+02:00 Expand note for CVE-2018-1000500/busybox The upload to unstable verisoned as 1:1.27.2-3 adds the commit https://git.busybox.net/busybox/commit/networking/wget.c?id=0972c7f7a570c38edb68e1c60a45614b7a7c7d55 and now emmits a message that certificate verification is not implemented. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -3156,6 +3156,9 @@ CVE-2018-1000500 (Busybox contains a Missing SSL certificate validation vulnerab - busybox <unfixed> (unimportant) NOTE: Intentional design decision: NOTE: https://git.busybox.net/busybox/tree/networking/wget.c?id=8bc418f07eab79a9c8d26594629799f6157a9466#n74 + NOTE: https://git.busybox.net/busybox/commit/networking/wget.c?id=0972c7f7a570c38edb68e1c60a45614b7a7c7d55 + NOTE: Starting with 1:1.27.2-3 in unstable wget emmits a message that certificate + NOTE: verification is not implemented. CVE-2018-1000404 (Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier ...) TODO: check CVE-2018-12637 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1c00d85ad3ab9303e4cee31e6165b420dafa5605 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1c00d85ad3ab9303e4cee31e6165b420dafa5605 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits