Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: c303bffb by Markus Koschany at 2018-07-14T23:32:21+02:00 Mark open ceph issues as no-dsa for Jessie. This can only be fixed by making rather intrusive code changes. In addition two issues require an authenticated user to exploit the vulnerability. Ceph is also not used by any sponsor. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -8009,6 +8009,7 @@ CVE-2018-10862 - wildfly <itp> (bug #752018) CVE-2018-10861 (A flaw was found in the way ceph mon handles user requests. Any ...) - ceph <unfixed> + [jessie] - ceph <no-dsa> (Intrusive changes) NOTE: http://tracker.ceph.com/issues/24838 NOTE: https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc CVE-2018-10860 (perl-archive-zip is vulnerable to a directory traversal in ...) @@ -35169,10 +35170,12 @@ CVE-2018-1130 (Linux kernel before version 4.16-rc7 is vulnerable to a null poin NOTE: Fixed by: https://git.kernel.org/linus/67f93df79aeefc3add4e4b31a752600f834236e2 CVE-2018-1129 (A flaw was found in the way signature calculation was handled by cephx ...) - ceph <unfixed> + [jessie] - ceph <no-dsa> (Intrusive changes) NOTE: http://tracker.ceph.com/issues/24837 NOTE: https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587 CVE-2018-1128 (It was found that cephx authentication protocol did not verify ceph ...) - ceph <unfixed> + [jessie] - ceph <no-dsa> (Intrusive changes) NOTE: http://tracker.ceph.com/issues/24836 NOTE: https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468 CVE-2018-1127 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c303bffb5cb519254221ddcd6afb6be4cb9fed42 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c303bffb5cb519254221ddcd6afb6be4cb9fed42 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits