Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8168e9ce by Salvatore Bonaccorso at 2018-02-11T22:22:58+01:00 Update information for CVE-2018-1000024/squid3 The Debian builds do Build-Depends on libexpat1-dev and libxml2-dev for ESI support since 3.1.0.14-2. The CVE-2018-1000024 problem is limited to Squid custom ESI parser, which vulnerable is present, but since Squid is built to use libxml2 or the libexpat XML parsers it does not have the problem in the resulting binary package. Mark it thus as unimportant. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -4318,11 +4318,12 @@ CVE-2018-1000024 (The Squid Software Foundation Squid HTTP Caching Proxy version [experimental] - squid 4.0.23-1~exp8 - squid <removed> [wheezy] - squid <not-affected> (Not affected according to upstream advisory) - - squid3 <unfixed> (bug #888719) + - squid3 <unfixed> (bug #888719; unimportant) NOTE: src:squid as source package reintroduced for 4.x in experimental NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_1.patch NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_1.txt + NOTE: Squid3 in Debian builds to use the libxml2 or libexpat XML parsers. CVE-2018-1000022 (Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to ...) - electrum 3.0.5-1 (bug #886683) [stretch] - electrum <ignored> (Unable to connect to current Etherum servers and thus not exploitable, scheduled for removal at #887412) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8168e9ce47d32d77dac32e7e9a6dc4c7e7dd27c1 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8168e9ce47d32d77dac32e7e9a6dc4c7e7dd27c1 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits