[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-7490/uwsgi

Tue, 27 Feb 2018 01:25:09 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
244914b0 by Salvatore Bonaccorso at 2018-02-27T10:23:36+01:00
Add CVE-2018-7490/uwsgi

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -99,7 +99,9 @@ CVE-2018-7492 (A NULL pointer dereference was found in the 
net/rds/rdma.c ...)
 CVE-2018-7491 (In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking ...)
        NOT-FOR-US: PrestaShop
 CVE-2018-7490 (uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use 
of the ...)
-       TODO: check
+       - uwsgi <unfixed>
+       NOTE: Fixed in 2.0.17 upstream
+       NOTE: 
https://github.com/unbit/uwsgi/commit/0a480f435ea6feb63deb410ad2bf376ed3f05f8a
 CVE-2018-7489 (FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 
2.9.5 ...)
        - jackson-databind <unfixed> (bug #891614)
        NOTE: https://github.com/FasterXML/jackson-databind/issues/1931



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/244914b0b61a5c85e41f6ac597ea58bbf78c703b

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/244914b0b61a5c85e41f6ac597ea58bbf78c703b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to