[Secure-testing-commits] r57962 - data/CVE

Salvatore Bonaccorso Thu, 23 Nov 2017 07:10:47 -0800

Author: carnil
Date: 2017-11-23 15:10:30 +0000 (Thu, 23 Nov 2017)
New Revision: 57962


Modified:
   data/CVE/list
Log:
Checked CVE-2017-16818/ceph, not affected in Debian

Basic support for IAM policies (and thus the respective code) was only
added with the 12.1.0 release of ceph. All versions in Debian thus not
affected by the issue.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-11-23 14:22:15 UTC (rev 57961)
+++ data/CVE/list       2017-11-23 15:10:30 UTC (rev 57962)
@@ -683,9 +683,9 @@
        NOT-FOR-US: b3log Symphony
 CVE-2017-16819 (A stored cross-site scripting vulnerability in the Icon Time 
Systems ...)
        NOT-FOR-US: Icon Time Systems RTC-1000
-CVE-2017-16818
+CVE-2017-16818 [Failed assertion through user input in ceph_assert() function 
in rgw_iam_policy.cc]
        RESERVED
-       - ceph <unfixed>
+       - ceph <not-affected> (Vulnerable code introduced after 12.1.0)
        NOTE: 
https://github.com/ceph/ceph/commit/b3118cabb8060a8cc6a01c4e8264cb18e7b1745a
 CVE-2017-16817
        RESERVED


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57962 - data/CVE

Reply via email to