[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Correct some older i-librarian CVEs

Salvatore Bonaccorso Sat, 24 Mar 2018 14:05:40 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
458221bc by Salvatore Bonaccorso at 2018-03-24T21:05:15+01:00
Correct some older i-librarian CVEs

Convert from a NFU to item referengint the RFP/ITP bug.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1945,7 +1945,7 @@ CVE-2018-1000126 (Ajenti version 2 contains an 
Information Disclosure vulnerabil
 CVE-2018-1000125 (inversoft prime-jwt version prior to version 1.3.0 or prior 
to commit ...)
        NOT-FOR-US: inversoft prime-jwt
 CVE-2018-1000124 (I Librarian I-librarian version 4.8 and earlier contains a 
XML ...)
-       NOT-FOR-US: I Librarian I-librarian
+       - i-librarian <itp> (bug #649291)
 CVE-2018-1000123 (Ionic Team Cordova plugin iOS Keychain version before commit 
...)
        NOT-FOR-US: Ionic Team Cordova plugin iOS Keychain
 CVE-2017-18231 (An issue was discovered in GraphicsMagick 1.3.26. A NULL 
pointer ...)
@@ -24691,13 +24691,13 @@ CVE-2017-1000239 (InvoicePlane version 1.4.10 is 
vulnerable to a Stored Cross Si
 CVE-2017-1000238 (InvoicePlane version 1.4.10 is vulnerable to a Arbitrary 
File Upload ...)
        NOT-FOR-US: InvoicePlane
 CVE-2017-1000237 (I, Librarian version &lt;=4.6 &amp; 4.7 is vulnerable to 
Server-Side Request ...)
-       NOT-FOR-US: I, Librarian
+       - i-librarian <itp> (bug #649291)
 CVE-2017-1000236 (I, Librarian version &lt;=4.6 &amp; 4.7 is vulnerable to 
Reflected Cross-Site ...)
-       NOT-FOR-US: I, Librarian
+       - i-librarian <itp> (bug #649291)
 CVE-2017-1000235 (I, Librarian version &lt;=4.6 &amp; 4.7 is vulnerable to OS 
Command Injection ...)
-       NOT-FOR-US: I, Librarian
+       - i-librarian <itp> (bug #649291)
 CVE-2017-1000234 (I, Librarian version &lt;=4.6 &amp; 4.7 is vulnerable to 
Directory ...)
-       NOT-FOR-US: I, Librarian
+       - i-librarian <itp> (bug #649291)
 CVE-2017-1000232 (A double-free vulnerability in str2host.c in ldns 1.7.0 have 
...)
        - ldns <unfixed> (bug #882014)
        [stretch] - ldns <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/458221bcab3a66448ecab50412ae0f0564e99abd

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/458221bcab3a66448ecab50412ae0f0564e99abd
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Correct some older i-librarian CVEs

Reply via email to