Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 956515b3 by Salvatore Bonaccorso at 2018-03-17T17:28:04+01:00 Mark CVE-2018-7262 as not affected in Debian according to investigation of maintainer See: https://bugs.debian.org/891963#15 Thanks: Gaudenz Steinlin - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -3895,7 +3895,11 @@ CVE-2018-7263 (The mad_decoder_run() function in decoder.c in Underbit libmad th TODO: clarify with MITRE why this CVE was additionally assigned CVE-2018-7262 [Malformed HTTP requests handled in rgw_civetweb.cc:RGW::init_env() can lead to NULL pointer dereference] RESERVED - - ceph <unfixed> (bug #891963) + - ceph <not-affected> (Issue introducer later) + NOTE: See details in https://bugs.debian.org/891963#15 . Ceph as present in + NOTE: Debian up to 10.2.5-7.2 is not vulnerable as they contain an older + NOTE: version of the embedded webserver in RADOS gateway which does not return + NOTE: null strings on malformed HTTP requests. NOTE: Original pull request: https://github.com/ceph/ceph/pull/20403 NOTE: Superseeded by: https://github.com/ceph/ceph/pull/20488 CVE-2018-7261 (There are multiple Persistent XSS vulnerabilities in Radiant CMS ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/956515b30281869c4772d22ea9f0e9dfe036db59 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/956515b30281869c4772d22ea9f0e9dfe036db59 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits