[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] historic OBS issue

Thu, 05 Apr 2018 12:27:06 -0700 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f614ef87 by Moritz Muehlenhoff at 2018-04-05T21:26:02+02:00
historic OBS issue
resolved some TODOs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5786,17 +5786,14 @@ CVE-2018-7175 (An issue was discovered in xpdf 4.00. A 
NULL pointer dereference 
        - xpdf <unfixed> (unimportant)
        NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=613
        NOTE: src:xpdf switched to use system poppler libary in 3.02-3
-       TODO: check, poppler
 CVE-2018-7174 (An issue was discovered in xpdf 4.00. An infinite loop in 
XRef::Xref ...)
        - xpdf <unfixed> (unimportant)
        NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=605
        NOTE: src:xpdf switched to use system poppler libary in 3.02-3
-       TODO: check, poppler
 CVE-2018-7173 (A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 
allows an ...)
        - xpdf <unfixed> (unimportant)
        NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=607
        NOTE: src:xpdf switched to use system poppler libary in 3.02-3
-       TODO: check, poppler
 CVE-2018-1000068 (An improper input validation vulnerability exists in Jenkins 
versions ...)
        - jenkins <removed>
 CVE-2018-1000067 (An improper authorization vulnerability exists in Jenkins 
versions ...)
@@ -44664,7 +44661,6 @@ CVE-2017-10689 (In previous versions of Puppet Agent it 
was possible to install 
        NOTE: https://tickets.puppetlabs.com/browse/PUP-7866
        NOTE: 
https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee
        NOTE: 
https://github.com/puppetlabs/puppet/commit/983154f7e29a2a50d416d889a6fed012b9b12399
-       TODO: check, similar issue might be in ruby-puppet-forge
 CVE-2017-10688 (In LibTIFF 4.0.8, there is a assertion abort in the ...)
        {DSA-3903-1 DLA-1022-1}
        - tiff 4.0.8-3 (bug #866611)
@@ -200148,7 +200144,7 @@ CVE-2011-3180 (kiwi before 4.98.08, as used in SUSE 
Studio Onsite 1.2 before 1.2
 CVE-2011-3179 (The server process in Novell Messenger 2.1 and 2.2.x before 
2.2.1, and ...)
        NOT-FOR-US: Novell Messenger
 CVE-2011-3178 (In the web ui of the openbuildservice before 2.3.0 a code 
injection of ...)
-       TODO: check
+       - open-build-service <not-affected> (Fixed before initial upload to 
Debian)
 CVE-2011-3177 (The YaST2 network created files with world readable permissions 
which ...)
        NOT-FOR-US: YaST
 CVE-2011-3176 (Stack-based buffer overflow in the Preboot Service in Novell 
ZENworks ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f614ef87624d442799ccdbe7d59adc43a4311714

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f614ef87624d442799ccdbe7d59adc43a4311714
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to