[Git][security-tracker-team/security-tracker][master] stretch triage

Mon, 03 Sep 2018 11:41:57 -0700 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2a93573c by Moritz Muehlenhoff at 2018-09-03T18:40:51Z
stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1862,6 +1862,7 @@ CVE-2018-1000655 (Jsish version 2.4.65 contains a 
CWE-476: NULL Pointer Derefere
        NOT-FOR-US: Jsish
 CVE-2018-1000654 (GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, 
libtasn1-4.12 ...)
        - libtasn1-6 <unfixed> (bug #906768)
+       [stretch] - libtasn1-6 <no-dsa> (Minor issue)
        [jessie] - libtasn1-6 <no-dsa> (Minor issue since this cannot be 
exploited at runtime)
        - libtasn1-3 <removed>
        NOTE: https://gitlab.com/gnutls/libtasn1/issues/4
@@ -6199,8 +6200,8 @@ CVE-2018-13819 (A hardcoded secret key, in CA Unified 
Infrastructure Management
        NOT-FOR-US: CA Unified Infrastructure Management
 CVE-2018-13818 (Twig before 2.4.4 allows Server-Side Template Injection (SSTI) 
via the ...)
        - twig 2.4.4-2
+       [stretch] - twig <no-dsa> (Minor issue)
        NOTE: Fixed upstream in 2.4.4
-       TODO: check, details
 CVE-2018-13817
        RESERVED
 CVE-2018-13816
@@ -13716,11 +13717,13 @@ CVE-2018-10889 (A flaw was found in moodle before 
versions 3.5.1, 3.4.4, 3.3.7.
        - moodle <removed>
 CVE-2018-10888 (A flaw was found in libgit2 before version 0.27.3. A missing 
check in ...)
        {DLA-1477-1}
-       - libgit2 0.27.4+dfsg.1-0.1 (bug #903508)
+       - libgit2 0.27.4+dfsg.1-0.1 (low; bug #903508)
+       [stretch] - libgit2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3
 CVE-2018-10887 (A flaw was found in libgit2 before version 0.27.3. It has been 
...)
        {DLA-1477-1}
-       - libgit2 0.27.4+dfsg.1-0.1 (bug #903509)
+       - libgit2 0.27.4+dfsg.1-0.1 (low; bug #903509)
+       [stretch] - libgit2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a
        NOTE: 
https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22
 CVE-2018-XXXX [Incomplete fix for CVE-2018-10886]
@@ -50699,6 +50702,7 @@ CVE-2017-15140
 CVE-2017-15139 (A vulnerability was found in openstack-cinder releases up to 
and ...)
        [experimental] - cinder 2:13.0.0-1
        - cinder <unfixed>
+       [stretch] - cinder <no-dsa> (Minor issue)
        [jessie] - cinder <not-affected> (ScaleIO Driver support does not exist)
        NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0084
        NOTE: https://bugs.launchpad.net/ossn/+bug/1699573



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a93573c485852177a6867505c084b1ba08978ba

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a93573c485852177a6867505c084b1ba08978ba
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to