D16820.diff
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

D16820.diff
View Options

	Index: security/vuxml/vuln.xml
	===================================================================
	--- security/vuxml/vuln.xml
	+++ security/vuxml/vuln.xml
	@@ -58,6 +58,35 @@
	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
	-->
	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
	+ <vuln vid="9b19b6df-a4be-11e8-9366-0028f8d09152">
	+ <topic>couchdb -- administrator privilege escalation</topic>
	+ <affects>
	+ <package>
	+ <name>couchdb</name>
	+ <range><lt>2.2.0,2</lt></range>
	+ </package>
	+ </affects>
	+ <description>
	+ <body xmlns="http://www.w3.org/1999/xhtml">
	+ <p>Apache CouchDB PMC reports:</p>
	+ <blockquote cite="https://lists.apache.org/thread.html/1052ad7a1b32b9756df4f7860f5cb5a96b739f444117325a19a4bf75@%3Cdev.couchdb.apache.org%3E">
	+ <p>Database Administrator could achieve privilege escalation to
	+ the account that CouchDB runs under, by abusing insufficient validation
	+ in the HTTP API, escaping security controls implemented in previous
	+ releases.</p>
	+ </blockquote>
	+ </body>
	+ </description>
	+ <references>
	+ <url>http://docs.couchdb.org/en/stable/cve/2018-11769.html</url>
	+ <cvename>CVE-2018-11769</cvename>
	+ </references>
	+ <dates>
	+ <discovery>2018-06-05</discovery>
	+ <entry>2018-08-08</entry>
	+ </dates>
	+ </vuln>
	+
	<vuln vid="7762d7ad-2e38-41d2-9785-c51f653ba8bd">
	<topic>botan2 -- ECDSA side channel</topic>
	<affects>
	@@ -1694,7 +1723,7 @@
	<affects>
	<package>
	<name>couchdb</name>
	- <range><lt>1.7.2</lt></range>
	+ <range><lt>1.7.2,2</lt></range>
	</package>
	</affects>
	<description>