[Git][security-tracker-team/security-tracker][master] Record now assigned CVEs for chromium-browser issues

Tue, 25 Sep 2018 12:42:28 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
86880474 by Salvatore Bonaccorso at 2018-09-25T19:40:46Z
Record now assigned CVEs for chromium-browser issues

In meanwhile according to

https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_11.html

two CVEs were assigned for the issues fixed in DSA-4297-1

 - CVE-2018-17458: Function signature mismatch in WebAssembly.
 - CVE-2018-17459: URL Spoofing in Omnibox

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1059,14 +1059,12 @@ CVE-2018-16948 (An issue was discovered in OpenAFS 
before 1.6.23 and 1.8.x befor
 CVE-2018-16947 (An issue was discovered in OpenAFS before 1.6.23 and 1.8.x 
before ...)
        - openafs 1.8.2-1 (bug #908616)
        NOTE: http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt
-CVE-2018-XXXX [function signature mismatch in webassembly]
+CVE-2018-17458 [function signature mismatch in webassembly]
        - chromium-browser 69.0.3497.92-1 (bug #908806)
-       [stretch] - chromium-browser 69.0.3497.92-1~deb9u1
        [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
        NOTE: Workaround for DSA-4297-1 until CVEs assigned
-CVE-2018-XXXX [url spoofing in omnibox]
+CVE-2018-17459 [url spoofing in omnibox]
        - chromium-browser 69.0.3497.92-1 (bug #908806)
-       [stretch] - chromium-browser 69.0.3497.92-1~deb9u1
        [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
        NOTE: Workaround for DSA-4297-1 until CVEs assigned
 CVE-2018-1002009


=====================================
data/DSA/list
=====================================
@@ -23,6 +23,7 @@
        {CVE-2018-17141}
        [stretch] - hylafax 3:6.0.6-7+deb9u1
 [19 Sep 2018] DSA-4297-1 chromium-browser - security update
+       {CVE-2018-17458 CVE-2018-17459}
        [stretch] - chromium-browser 69.0.3497.92-1~deb9u1
 [16 Sep 2018] DSA-4296-1 mbedtls - security update
        {CVE-2018-0497 CVE-2018-0498}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/868804740ea1a8f51e62c08607ce857482ccd609

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/868804740ea1a8f51e62c08607ce857482ccd609
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to