[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update information for CVE-2018-1000024/squid3

Sun, 11 Feb 2018 13:28:12 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8168e9ce by Salvatore Bonaccorso at 2018-02-11T22:22:58+01:00
Update information for CVE-2018-1000024/squid3

The Debian builds do Build-Depends on libexpat1-dev and libxml2-dev for
ESI support since 3.1.0.14-2. The CVE-2018-1000024 problem is limited to
Squid custom ESI parser, which vulnerable is present, but since Squid is
built to use libxml2 or the libexpat XML parsers it does not have the
problem in the resulting binary package. Mark it thus as unimportant.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4318,11 +4318,12 @@ CVE-2018-1000024 (The Squid Software Foundation Squid 
HTTP Caching Proxy version
        [experimental] - squid 4.0.23-1~exp8
        - squid <removed>
        [wheezy] - squid <not-affected> (Not affected according to upstream 
advisory)
-       - squid3 <unfixed> (bug #888719)
+       - squid3 <unfixed> (bug #888719; unimportant)
        NOTE: src:squid as source package reintroduced for 4.x in experimental
        NOTE: Squid 3.5: 
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch
        NOTE: Squid 4: 
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_1.patch
        NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
+       NOTE: Squid3 in Debian builds to use the libxml2 or libexpat XML 
parsers.
 CVE-2018-1000022 (Electrum Technologies GmbH Electrum Bitcoin Wallet version 
prior to ...)
        - electrum 3.0.5-1 (bug #886683)
        [stretch] - electrum <ignored> (Unable to connect to current Etherum 
servers and thus not exploitable, scheduled for removal at #887412)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8168e9ce47d32d77dac32e7e9a6dc4c7e7dd27c1

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8168e9ce47d32d77dac32e7e9a6dc4c7e7dd27c1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to