Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: e4248732 by Moritz Muehlenhoff at 2019-03-05T20:38:13Z stretch triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -4561,21 +4561,25 @@ CVE-2019-7542 CVE-2018-20763 (In GPAC through 0.7.2, gf_text_get_utf8_line in ...) {DLA-1693-1} - gpac <unfixed> (bug #921969) + [stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update) NOTE: https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd NOTE: https://github.com/gpac/gpac/issues/1188 CVE-2018-20762 (GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in ...) {DLA-1693-1} - gpac <unfixed> (bug #921969) + [stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update) NOTE: https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658 NOTE: https://github.com/gpac/gpac/issues/1187 CVE-2018-20761 (GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in ...) {DLA-1693-1} - gpac <unfixed> (bug #921969) + [stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update) NOTE: https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658 NOTE: https://github.com/gpac/gpac/issues/1186 CVE-2018-20760 (In GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in ...) {DLA-1693-1} - gpac <unfixed> (bug #921969) + [stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update) NOTE: https://github.com/gpac/gpac/commit/4c1360818fc8948e9307059fba4dc47ba8ad255d NOTE: https://github.com/gpac/gpac/issues/1177 CVE-2019-7541 @@ -30982,6 +30986,7 @@ CVE-2018-16870 (It was found that wolfssl before 3.15.7 is vulnerable to a new v NOTE: https://github.com/wolfSSL/wolfssl/pull/1950 CVE-2018-16869 (A Bleichenbacher type side-channel based padding oracle attack was ...) - nettle 3.4.1~rc1-1 + [stretch] - nettle <no-dsa> (Minor issue) NOTE: http://cat.eyalro.net/ NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007363.html NOTE: The upstream correction is to make a new public function that packages using @@ -38471,6 +38476,7 @@ CVE-2018-14037 (Cross-site scripting (XSS) vulnerability in Progress Kendo UI Ed NOT-FOR-US: Progress Kendo UI Editor CVE-2018-1000211 (Doorkeeper version 4.2.0 and later contains a Incorrect Access Control ...) - ruby-doorkeeper 4.4.2-1 (bug #903980) + [stretch] - ruby-doorkeeper <no-dsa> (Minor issue) NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/891 NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1119 NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1031 @@ -40793,12 +40799,12 @@ CVE-2018-13007 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-ba CVE-2018-13006 (An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based ...) {DLA-1432-1} - gpac <unfixed> (bug #902782) - [stretch] - gpac <no-dsa> (Minor issue) + [stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update) NOTE: https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86 CVE-2018-13005 (An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read ...) {DLA-1432-1} - gpac <unfixed> (bug #902782) - [stretch] - gpac <no-dsa> (Minor issue) + [stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update) NOTE: https://github.com/gpac/gpac/issues/1088 NOTE: https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86 CVE-2018-13004 @@ -55075,7 +55081,7 @@ CVE-2018-7719 (Acrolinx Server before 5.2.5 on Windows allows Directory Traversa CVE-2018-7752 (GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps ...) {DLA-1693-1} - gpac <unfixed> (bug #892526) - [stretch] - gpac <no-dsa> (Minor issue) + [stretch] - gpac <no-dsa> (Minor issue, will be fixed via point release) [wheezy] - gpac <not-affected> (vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/997 NOTE: https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4 @@ -56603,6 +56609,7 @@ CVE-2018-1000089 (Anymail django-anymail version version 0.2 through 1.3 contain NOTE: https://github.com/anymail/django-anymail/commit/1a6086f2b58478d71f89bf27eb034ed81aefe5ef CVE-2018-1000088 (Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting ...) - ruby-doorkeeper 4.3.1-1 (bug #891069) + [stretch] - ruby-doorkeeper <no-dsa> (Minor issue) NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/969 NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/970 CVE-2018-1000087 (WolfCMS version version 0.8.3.1 contains a Reflected Cross Site ...) ===================================== data/dsa-needed.txt ===================================== @@ -38,7 +38,7 @@ mariadb-10.1 -- mercurial -mumble +mumble (jmm) -- nss -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e42487324fbc083637e33f723bf9a25e5986d1db -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e42487324fbc083637e33f723bf9a25e5986d1db You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits