Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: f614ef87 by Moritz Muehlenhoff at 2018-04-05T21:26:02+02:00 historic OBS issue resolved some TODOs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -5786,17 +5786,14 @@ CVE-2018-7175 (An issue was discovered in xpdf 4.00. A NULL pointer dereference - xpdf <unfixed> (unimportant) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=613 NOTE: src:xpdf switched to use system poppler libary in 3.02-3 - TODO: check, poppler CVE-2018-7174 (An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref ...) - xpdf <unfixed> (unimportant) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=605 NOTE: src:xpdf switched to use system poppler libary in 3.02-3 - TODO: check, poppler CVE-2018-7173 (A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an ...) - xpdf <unfixed> (unimportant) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=607 NOTE: src:xpdf switched to use system poppler libary in 3.02-3 - TODO: check, poppler CVE-2018-1000068 (An improper input validation vulnerability exists in Jenkins versions ...) - jenkins <removed> CVE-2018-1000067 (An improper authorization vulnerability exists in Jenkins versions ...) @@ -44664,7 +44661,6 @@ CVE-2017-10689 (In previous versions of Puppet Agent it was possible to install NOTE: https://tickets.puppetlabs.com/browse/PUP-7866 NOTE: https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee NOTE: https://github.com/puppetlabs/puppet/commit/983154f7e29a2a50d416d889a6fed012b9b12399 - TODO: check, similar issue might be in ruby-puppet-forge CVE-2017-10688 (In LibTIFF 4.0.8, there is a assertion abort in the ...) {DSA-3903-1 DLA-1022-1} - tiff 4.0.8-3 (bug #866611) @@ -200148,7 +200144,7 @@ CVE-2011-3180 (kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2 CVE-2011-3179 (The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and ...) NOT-FOR-US: Novell Messenger CVE-2011-3178 (In the web ui of the openbuildservice before 2.3.0 a code injection of ...) - TODO: check + - open-build-service <not-affected> (Fixed before initial upload to Debian) CVE-2011-3177 (The YaST2 network created files with world readable permissions which ...) NOT-FOR-US: YaST CVE-2011-3176 (Stack-based buffer overflow in the Preboot Service in Novell ZENworks ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f614ef87624d442799ccdbe7d59adc43a4311714 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f614ef87624d442799ccdbe7d59adc43a4311714 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits