Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: babb564d by Moritz Muehlenhoff at 2019-02-22T19:57:12Z stretch triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1271,7 +1271,8 @@ CVE-2019-8402 CVE-2018-20782 (The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages. ...) NOT-FOR-US: WooCommerce plugin CVE-2016-10742 (Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before ...) - - zabbix 1:3.0.17+dfsg-1 + - zabbix 1:3.0.17+dfsg-1 (low) + [stretch] - zabbix <no-dsa> (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-10272 NOTE: https://support.zabbix.com/browse/ZBX-13133 CVE-2019-8401 @@ -5275,6 +5276,7 @@ CVE-2019-6690 [improper input validation in gnupg.GPG.encrypt() and gnupg.GPG.de RESERVED {DLA-1675-1} - python-gnupg 0.4.4-1 + [stretch] - python-gnupg <no-dsa> (Minor issue) NOTE: https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability NOTE: https://github.com/vsajip/python-gnupg/commit/39eca266dd837e2ad89c94eb17b7a6f50b25e7cf#diff-88b99bb28683bd5b7e3a204826ead112 NOTE: https://github.com/vsajip/python-gnupg/commit/3003b654ca1c29b0510a54b9848571b3ad57df19#diff-88b99bb28683bd5b7e3a204826ead112 @@ -6411,7 +6413,8 @@ CVE-2019-6246 (An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling NOTE: https://github.com/svgpp/svgpp/issues/70 CVE-2019-6245 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in ...) {DLA-1656-1} - - agg 1:2.4-r127+dfsg1-1 (bug #919322) + - agg 1:2.4-r127+dfsg1-1 (low; bug #919322) + [stretch] - agg <no-dsa> (Minor issue) - svgpp <unfixed> (bug #919321) NOTE: https://github.com/svgpp/svgpp/issues/70 NOTE: Fixed in src:agg with: https://sourceforge.net/p/agg/svn/119/ @@ -26578,6 +26581,7 @@ CVE-2018-1000808 (Python Cryptographic Authority pyopenssl version Before 17.5.0 NOTE: https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509 CVE-2018-1000807 (Python Cryptographic Authority pyopenssl version prior to version ...) - pyopenssl 17.5.0-1 + [stretch] - pyopenssl <no-dsa> (Minor issue) [jessie] - pyopenssl <no-dsa> (Minor issue, but also requires at least cryptography 2.1.4 which exposes the X509_up_ref method) NOTE: https://github.com/pyca/pyopenssl/pull/723 NOTE: https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/babb564dff6eff5e7af22a5392f2ffe4d3ca4144 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/babb564dff6eff5e7af22a5392f2ffe4d3ca4144 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits