[Git][security-tracker-team/security-tracker][master] Mark open ceph issues as no-dsa for Jessie.

Sat, 14 Jul 2018 14:35:02 -0700 

Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c303bffb by Markus Koschany at 2018-07-14T23:32:21+02:00
Mark open ceph issues as no-dsa for Jessie.

This can only be fixed by making rather intrusive code changes. In addition
two issues require an authenticated user to exploit the vulnerability. Ceph is
also not used by any sponsor.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -8009,6 +8009,7 @@ CVE-2018-10862
        - wildfly <itp> (bug #752018)
 CVE-2018-10861 (A flaw was found in the way ceph mon handles user requests. 
Any ...)
        - ceph <unfixed>
+       [jessie] - ceph <no-dsa> (Intrusive changes)
        NOTE: http://tracker.ceph.com/issues/24838
        NOTE: 
https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc
 CVE-2018-10860 (perl-archive-zip is vulnerable to a directory traversal in ...)
@@ -35169,10 +35170,12 @@ CVE-2018-1130 (Linux kernel before version 4.16-rc7 
is vulnerable to a null poin
        NOTE: Fixed by: 
https://git.kernel.org/linus/67f93df79aeefc3add4e4b31a752600f834236e2
 CVE-2018-1129 (A flaw was found in the way signature calculation was handled 
by cephx ...)
        - ceph <unfixed>
+       [jessie] - ceph <no-dsa> (Intrusive changes)
        NOTE: http://tracker.ceph.com/issues/24837
        NOTE: 
https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587
 CVE-2018-1128 (It was found that cephx authentication protocol did not verify 
ceph ...)
        - ceph <unfixed>
+       [jessie] - ceph <no-dsa> (Intrusive changes)
        NOTE: http://tracker.ceph.com/issues/24836
        NOTE: 
https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468
 CVE-2018-1127



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c303bffb5cb519254221ddcd6afb6be4cb9fed42

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c303bffb5cb519254221ddcd6afb6be4cb9fed42
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to