Overview
Request 933394 accepted
Update security fixes:
* CVE-2018-18836 Fixed JSON Header Injection (an attacker could
send \n encoded in the request to inject a JSON fragment into
the response). boo#1139094
* CVE-2018-18837 Fixed HTTP Header Injection (an attacker could
send \n encoded in the request to inject an HTTP header into
the response). boo#1139095
* CVE-2018-18838 Fixed LOG Injection (an attacker could send \n
encoded in the request to inject a log line at access.log).
boo#1139098
* CVE-2018-18839 Not fixed Full Path Disclosure, since these are
intended (netdata reports the absolute filename of web files,
alarm config files and alarm handlers).
- Created by bigironman
- In state accepted
Request History
bigironman created request
Update security fixes:
* CVE-2018-18836 Fixed JSON Header Injection (an attacker could
send \n encoded in the request to inject a JSON fragment into
the response). boo#1139094
* CVE-2018-18837 Fixed HTTP Header Injection (an attacker could
send \n encoded in the request to inject an HTTP header into
the response). boo#1139095
* CVE-2018-18838 Fixed LOG Injection (an attacker could send \n
encoded in the request to inject a log line at access.log).
boo#1139098
* CVE-2018-18839 Not fixed Full Path Disclosure, since these are
intended (netdata reports the absolute filename of web files,
alarm config files and alarm handlers).
factory-auto accepted review
Check script succeeded
maintbot added netdata as a reviewer
Submission for netdata by someone who is not maintainer in the devel project (network). Please review
maintbot accepted review
ok
msmeissn accepted review
ok
licensedigger accepted review
ok
licensedigger approved review
ok
msmeissn moved maintenance target to openSUSE:Maintenance:17238
msmeissn accepted request
accepted request 933394:Thanks!
For information about the update, see https://build.opensuse.org/project/maintenance_incidents/openSUSE:Maintenance