Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 893550fa by Thorsten Alteholz at 2018-10-24T13:47:21Z follow security team with ignored CVEs for binutil - - - - - 41f09ad0 by Thorsten Alteholz at 2018-10-24T13:47:57Z claim tiff - - - - - 7056598c by Thorsten Alteholz at 2018-10-24T13:52:40Z add xen to dla-needed.txt - - - - - 40f59cca by Thorsten Alteholz at 2018-10-24T13:56:33Z fix typo, the package is named drupal7 - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -49,16 +49,19 @@ CVE-2018-18608 (DedeCMS 5.7 SP2 allows XSS via the function named GetPageList de CVE-2018-18607 (An issue was discovered in elf_link_input_bfd in elflink.c in the ...) - binutils <unfixed> [stretch] - binutils <ignored> (Minor issue) + [jessie] - binutils <ignored> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23805 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=102def4da826b3d9e169741421e5e67e8731909a CVE-2018-18606 (An issue was discovered in the merge_strings function in merge.c in the ...) - binutils <unfixed> [stretch] - binutils <ignored> (Minor issue) + [jessie] - binutils <ignored> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23806 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc CVE-2018-18605 (A heap-based buffer over-read issue was discovered in the function ...) - binutils <unfixed> [stretch] - binutils <ignored> (Minor issue) + [jessie] - binutils <ignored> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23804 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ab419ddbb2cdd17ca83618990f2cacf904ce1d61 CVE-2018-18604 @@ -390,13 +393,13 @@ CVE-2018-18462 CVE-2018-XXXX [Injection in DefaultMailSystem::mail()] - drupal7 <removed> (bug #911337) [stretch] - drupal7 7.52-2+deb9u5 - [jessie] - drupal 7.32-1+deb8u13 + [jessie] - drupal7 7.32-1+deb8u13 NOTE: https://www.drupal.org/sa-core-2018-006 NOTE: http://cgit.drupalcode.org/drupal/commit/?id=ee301cf5ebff3534b59fcece583b3a0e4f094f15 CVE-2018-XXXX [External URL injection through URL aliases] - drupal7 <removed> (bug #911336) [stretch] - drupal7 7.52-2+deb9u5 - [jessie] - drupal 7.32-1+deb8u13 + [jessie] - drupal7 7.32-1+deb8u13 NOTE: https://www.drupal.org/sa-core-2018-006 NOTE: http://cgit.drupalcode.org/drupal/commit/?id=ee301cf5ebff3534b59fcece583b3a0e4f094f15 CVE-2018-18461 (The Arigato Autoresponder and Newsletter (aka bft-autoresponder) ...) ===================================== data/dla-needed.txt ===================================== @@ -87,3 +87,7 @@ symfony (Thorsten Alteholz) -- thunderbird (Emilio Pozuelo) -- +tiff (Thorsten Alteholz) +-- +xen +-- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/81533b119a0f3a0e0bf3a2d08de5843cfa9fcac5...40f59cca587af4953cc520724a23889674c77f39 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/81533b119a0f3a0e0bf3a2d08de5843cfa9fcac5...40f59cca587af4953cc520724a23889674c77f39 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits