[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update entry for CVE-2015-1418, keep TODO until clarified with MITRE

Thu, 05 Apr 2018 21:05:12 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a6ac9a25 by Salvatore Bonaccorso at 2018-04-06T06:04:03+02:00
Update entry for CVE-2015-1418, keep TODO until clarified with MITRE

Same issue is in src:patch as well as shown by
https://bugs.debian.org/894993 and
https://rachelbythebay.com/w/2018/04/05/bangpatch/ with a crafted patch
file.

For now associate CVE-2015-1418 as well with src:patch but clarfication
with MITRE is pending if the src:patch issue should get a new
identifier bsdpatch and GNU patch being different sources.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -128158,7 +128158,11 @@ CVE-2015-1419 (Unspecified vulnerability in vsftpd 
3.0.2 and earlier allows remo
        NOTE: http://seclists.org/oss-sec/2015/q1/389
        NOTE: Not a real security feature according the manpage and upstream
 CVE-2015-1418 (patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before ...)
-       TODO: check
+       - patch <unfixed> (bug #894993)
+       NOTE: https://rachelbythebay.com/w/2018/04/05/bangpatch/
+       NOTE: 
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:18.bsdpatch.asc
+       NOTE: 
https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/013_patch.patch.sig
+       TODO: The CVE is actually specifically for "bsdpatch", asked MITRE for 
clarification on scope (i.e. if we should get a new CVE for src:patch)
 CVE-2015-1417 (The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, ...)
        - kfreebsd-10 10.2-1 (unimportant)
        NOTE: kfreebsd not covered by security support in Jessie



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a6ac9a25a288b83168ec1cc1ea7441341face70e

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a6ac9a25a288b83168ec1cc1ea7441341face70e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to