Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e4248732 by Moritz Muehlenhoff at 2019-03-05T20:38:13Z
stretch triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4561,21 +4561,25 @@ CVE-2019-7542
CVE-2018-20763 (In GPAC through 0.7.2, gf_text_get_utf8_line in ...)
{DLA-1693-1}
- gpac <unfixed> (bug #921969)
+ [stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update)
NOTE:
https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd
NOTE: https://github.com/gpac/gpac/issues/1188
CVE-2018-20762 (GPAC version 0.7.2 and earlier has a buffer overflow
vulnerability in ...)
{DLA-1693-1}
- gpac <unfixed> (bug #921969)
+ [stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update)
NOTE:
https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658
NOTE: https://github.com/gpac/gpac/issues/1187
CVE-2018-20761 (GPAC version 0.7.2 and earlier has a Buffer Overflow
vulnerability in ...)
{DLA-1693-1}
- gpac <unfixed> (bug #921969)
+ [stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update)
NOTE:
https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658
NOTE: https://github.com/gpac/gpac/issues/1186
CVE-2018-20760 (In GPAC 0.7.2, gf_text_get_utf8_line in
media_tools/text_import.c in ...)
{DLA-1693-1}
- gpac <unfixed> (bug #921969)
+ [stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update)
NOTE:
https://github.com/gpac/gpac/commit/4c1360818fc8948e9307059fba4dc47ba8ad255d
NOTE: https://github.com/gpac/gpac/issues/1177
CVE-2019-7541
@@ -30982,6 +30986,7 @@ CVE-2018-16870 (It was found that wolfssl before 3.15.7
is vulnerable to a new v
NOTE: https://github.com/wolfSSL/wolfssl/pull/1950
CVE-2018-16869 (A Bleichenbacher type side-channel based padding oracle attack
was ...)
- nettle 3.4.1~rc1-1
+ [stretch] - nettle <no-dsa> (Minor issue)
NOTE: http://cat.eyalro.net/
NOTE:
https://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007363.html
NOTE: The upstream correction is to make a new public function that
packages using
@@ -38471,6 +38476,7 @@ CVE-2018-14037 (Cross-site scripting (XSS)
vulnerability in Progress Kendo UI Ed
NOT-FOR-US: Progress Kendo UI Editor
CVE-2018-1000211 (Doorkeeper version 4.2.0 and later contains a Incorrect
Access Control ...)
- ruby-doorkeeper 4.4.2-1 (bug #903980)
+ [stretch] - ruby-doorkeeper <no-dsa> (Minor issue)
NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/891
NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1119
NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1031
@@ -40793,12 +40799,12 @@ CVE-2018-13007 (An issue was discovered in
gpmf-parser 1.1.2. There is a heap-ba
CVE-2018-13006 (An issue was discovered in MP4Box in GPAC 0.7.1. There is a
heap-based ...)
{DLA-1432-1}
- gpac <unfixed> (bug #902782)
- [stretch] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update)
NOTE:
https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86
CVE-2018-13005 (An issue was discovered in MP4Box in GPAC 0.7.1. The function
urn_Read ...)
{DLA-1432-1}
- gpac <unfixed> (bug #902782)
- [stretch] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update)
NOTE: https://github.com/gpac/gpac/issues/1088
NOTE:
https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86
CVE-2018-13004
@@ -55075,7 +55081,7 @@ CVE-2018-7719 (Acrolinx Server before 5.2.5 on Windows
allows Directory Traversa
CVE-2018-7752 (GPAC through 0.7.1 has a Buffer Overflow in the
gf_media_avc_read_sps ...)
{DLA-1693-1}
- gpac <unfixed> (bug #892526)
- [stretch] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue, will be fixed via point release)
[wheezy] - gpac <not-affected> (vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/997
NOTE:
https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4
@@ -56603,6 +56609,7 @@ CVE-2018-1000089 (Anymail django-anymail version
version 0.2 through 1.3 contain
NOTE:
https://github.com/anymail/django-anymail/commit/1a6086f2b58478d71f89bf27eb034ed81aefe5ef
CVE-2018-1000088 (Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site
Scripting ...)
- ruby-doorkeeper 4.3.1-1 (bug #891069)
+ [stretch] - ruby-doorkeeper <no-dsa> (Minor issue)
NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/969
NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/970
CVE-2018-1000087 (WolfCMS version version 0.8.3.1 contains a Reflected Cross
Site ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -38,7 +38,7 @@ mariadb-10.1
--
mercurial
-mumble
+mumble (jmm)
--
nss
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e42487324fbc083637e33f723bf9a25e5986d1db
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e42487324fbc083637e33f723bf9a25e5986d1db
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
