Univention Bugzilla – Full Text Bug Listing |
Summary: | mono: Multiple issues (4.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.2 | ||
Target Milestone: | UCS 4.2-5-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) |
Description
Quality Assurance
2018-11-05 08:42:10 CET
--- mirror/ftp/4.2/unmaintained/4.2-0/source/mono_3.2.8+dfsg-10.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/mono_3.2.8+dfsg-10+deb8u1.dsc @@ -1,3 +1,16 @@ +3.2.8+dfsg-10+deb8u1 [Thu, 01 Nov 2018 17:03:59 +0100] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2009-0689: Mono’s string-to-double parser may crash, on specially + crafted input. This could theoretically lead to arbitrary code execution. + * CVE-2018-1002208: Mono embeds the sharplibzip library which is vulnerable + to directory traversal, allowing attackers to write to arbitrary files via a + ../ (dot dot slash) in a Zip archive entry that is mishandled during + extraction. This vulnerability is also known as 'Zip-Slip'. + The Mono developers intend to remove sharplibzip from the sources entirely. + It is recommended to fetch the latest version by using the nuget package + manager instead. + 3.2.8+dfsg-10 [Thu, 19 Mar 2015 10:30:24 +0000] Jo Shields <jo.shields@xamarin.com>: * [037e3b5] Mono's implementation of the SSL/TLS stack failed to check <http://10.200.17.11/4.2-5/#6619244166901362470> OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] 06282e309c Bug #48097: mono 3.2.8+dfsg-10+deb8u1 doc/errata/staging/mono.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) [4.2-5] 4b534c0f19 Bug #47787: EOL UCS-4.2-4 2018-10-31 doc/errata/staging/mono.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.2-5] 004f2ac6d1 Bug #48097: mono 3.2.8+dfsg-10+deb8u1 doc/errata/staging/mono.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) |