Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
90dc8906 by Moritz Muehlenhoff at 2019-02-18T22:27:35Z
stretch triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2364,10 +2364,11 @@ CVE-2019-7754
CVE-2019-7753 (Verydows 2.0 has XSS via the
index.php?m=api&c=stats&a=count referrer ...)
NOT-FOR-US: Verydows
CVE-2018-20781 (In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the
user's ...)
- - gnome-keyring 3.28.0-1
+ - gnome-keyring 3.28.0-1 (unimportant)
NOTE:
https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781486
NOTE: https://gitlab.gnome.org/GNOME/gnome-keyring/issues/3
+ NOTE: Not a vulnerability, just a hardening patch
CVE-2019-7752
RESERVED
CVE-2019-7751
@@ -2613,6 +2614,7 @@ CVE-2019-7660
CVE-2019-7659 (Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to
cause a ...)
{DLA-1681-1}
- gsoap 2.8.75-1
+ [stretch] - gsoap <no-dsa> (Minor issue)
- r-other-x4r <undetermined>
NOTE:
https://www.genivia.com/advisory.html#Bug_in_gSOAP_versions_2.7.0_to_2.8.74_for_applications_built_with_the_WITH_COOKIES_flag_enabled_
NOTE: https://lists.debian.org/debian-lts/2019/02/msg00131.html
@@ -12469,6 +12471,7 @@ CVE-2018-20594 (An issue was discovered in hsweb 3.0.4.
It is a reflected XSS ..
NOT-FOR-US: hsweb
CVE-2018-20593 (In Mini-XML (aka mxml) v2.12, there is stack-based buffer
overflow in ...)
- mxml <unfixed>
+ [stretch] - mxml <ignored> (Minor issue)
[jessie] - mxml <no-dsa> (Minor issue, only affects the mxmldoc tool)
NOTE:
https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt
NOTE:
https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt.err
(error output)
@@ -12478,6 +12481,7 @@ CVE-2018-20593 (In Mini-XML (aka mxml) v2.12, there is
stack-based buffer overfl
NOTE: upstream tagged the issue with 'wontfix' and removed mxmldoc code
completely
CVE-2018-20592 (In Mini-XML (aka mxml) v2.12, there is a use-after-free in the
mxmlAdd ...)
- mxml <unfixed>
+ [stretch] - mxml <ignored> (Minor issue)
[jessie] - mxml <no-dsa> (Minor issue, only affected the mxmldoc tool)
NOTE:
https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_1.txt
NOTE:
https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_1.txt.err
(error output)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/90dc8906034f1c907349984be86df87d8f404cff
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/90dc8906034f1c907349984be86df87d8f404cff
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
