[Git][security-tracker-team/security-tracker][master] stretch triage

Fri, 08 Feb 2019 11:25:35 -0800 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9bbe4753 by Moritz Muehlenhoff at 2019-02-08T19:24:43Z
stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -672,12 +672,14 @@ CVE-2019-1000021 (slixmpp version before commit 
7cd73b594e8122dddf847953fcfc85ab
        NOTE: 
https://lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416
 CVE-2019-1000020 (libarchive version commit 
5a98dcf8a86364b3c2c469c85b93647dfb139961 ...)
        {DLA-1668-1}
-       - libarchive 3.3.3-4
+       - libarchive 3.3.3-4 (low)
+       [stretch] - libarchive <no-dsa> (Minor issue)
        NOTE: https://github.com/libarchive/libarchive/pull/1120
        NOTE: 
https://github.com/libarchive/libarchive/commit/8312eaa576014cd9b965012af51bc1f967b12423
 CVE-2019-1000019 (libarchive version commit 
bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 ...)
        {DLA-1668-1}
-       - libarchive 3.3.3-4
+       - libarchive 3.3.3-4 (low)
+       [stretch] - libarchive <no-dsa> (Minor issue)
        NOTE: https://github.com/libarchive/libarchive/pull/1120
        NOTE: 
https://github.com/libarchive/libarchive/commit/65a23f5dbee4497064e9bb467f81138a62b0dae1
 CVE-2019-1000017 (Chamilo Chamilo-lms version 1.11.8 and earlier contains an 
Incorrect ...)
@@ -8581,7 +8583,8 @@ CVE-2019-3826 [Stored DOM cross-site scripting (XSS) 
attack via crafted URL]
        [stretch] - prometheus <not-affected> (Only affects 2.1.0 onwards)
        NOTE: https://github.com/prometheus/prometheus/pull/5163
 CVE-2019-3825 (A vulnerability was discovered in gdm before 3.31.4. When timed 
login ...)
-       - gdm3 <unfixed>
+       - gdm3 <unfixed> (low)
+       [stretch] - gdm3 <no-dsa> (Minor issue)
        NOTE: https://gitlab.gnome.org/GNOME/gdm/issues/460
 CVE-2019-3824
        RESERVED
@@ -69492,6 +69495,7 @@ CVE-2018-1321 (An administrator with report and 
template entitlements in Apache
 CVE-2018-1320 (Apache Thrift Java client library versions 0.5.0 through 0.11.0 
can ...)
        {DLA-1662-1}
        - libthrift-java 0.9.1-2.1 (bug #918736)
+       [stretch] - libthrift-java <no-dsa> (Minor issue)
        NOTE: https://issues.apache.org/jira/browse/THRIFT-4506
        NOTE: 
https://github.com/apache/thrift/commit/d973409661f820d80d72c0034d06a12348c8705e
 CVE-2018-1319 (In Apache Allura prior to 1.8.1, attackers may craft URLs that 
cause ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9bbe4753f3f59b50b2f6508f735fd369b8eb1f37

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9bbe4753f3f59b50b2f6508f735fd369b8eb1f37
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to