Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2a93573c by Moritz Muehlenhoff at 2018-09-03T18:40:51Z stretch triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1862,6 +1862,7 @@ CVE-2018-1000655 (Jsish version 2.4.65 contains a CWE-476: NULL Pointer Derefere NOT-FOR-US: Jsish CVE-2018-1000654 (GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 ...) - libtasn1-6 <unfixed> (bug #906768) + [stretch] - libtasn1-6 <no-dsa> (Minor issue) [jessie] - libtasn1-6 <no-dsa> (Minor issue since this cannot be exploited at runtime) - libtasn1-3 <removed> NOTE: https://gitlab.com/gnutls/libtasn1/issues/4 @@ -6199,8 +6200,8 @@ CVE-2018-13819 (A hardcoded secret key, in CA Unified Infrastructure Management NOT-FOR-US: CA Unified Infrastructure Management CVE-2018-13818 (Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the ...) - twig 2.4.4-2 + [stretch] - twig <no-dsa> (Minor issue) NOTE: Fixed upstream in 2.4.4 - TODO: check, details CVE-2018-13817 RESERVED CVE-2018-13816 @@ -13716,11 +13717,13 @@ CVE-2018-10889 (A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. - moodle <removed> CVE-2018-10888 (A flaw was found in libgit2 before version 0.27.3. A missing check in ...) {DLA-1477-1} - - libgit2 0.27.4+dfsg.1-0.1 (bug #903508) + - libgit2 0.27.4+dfsg.1-0.1 (low; bug #903508) + [stretch] - libgit2 <no-dsa> (Minor issue) NOTE: https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3 CVE-2018-10887 (A flaw was found in libgit2 before version 0.27.3. It has been ...) {DLA-1477-1} - - libgit2 0.27.4+dfsg.1-0.1 (bug #903509) + - libgit2 0.27.4+dfsg.1-0.1 (low; bug #903509) + [stretch] - libgit2 <no-dsa> (Minor issue) NOTE: https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a NOTE: https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22 CVE-2018-XXXX [Incomplete fix for CVE-2018-10886] @@ -50699,6 +50702,7 @@ CVE-2017-15140 CVE-2017-15139 (A vulnerability was found in openstack-cinder releases up to and ...) [experimental] - cinder 2:13.0.0-1 - cinder <unfixed> + [stretch] - cinder <no-dsa> (Minor issue) [jessie] - cinder <not-affected> (ScaleIO Driver support does not exist) NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0084 NOTE: https://bugs.launchpad.net/ossn/+bug/1699573 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a93573c485852177a6867505c084b1ba08978ba -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a93573c485852177a6867505c084b1ba08978ba You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits