Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 47f39040 by Moritz Muehlenhoff at 2019-04-26T21:17:52Z buster triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -107,10 +107,10 @@ CVE-2019-11505 (In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8 CVE-2019-11504 (Zotonic before version 0.47 has mod_admin XSS. ...) NOT-FOR-US: Zotonic CVE-2019-11503 (snap-confine as included in snapd before 2.39 did not guard against sy ...) - - snapd <unfixed> + - snapd <unfixed> (bug #928052) NOTE: https://github.com/snapcore/snapd/pull/6642 CVE-2019-11502 (snap-confine in snapd before 2.38 incorrectly set the ownership of a s ...) - - snapd <unfixed> + - snapd <unfixed> (bug #928052) NOTE: https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1 CVE-2017-18367 (libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR ...) - golang-github-seccomp-libseccomp-golang <unfixed> (bug #927981) @@ -234,7 +234,7 @@ CVE-2019-11463 (A memory leak in archive_read_format_zip_cleanup in archive_read CVE-2019-11462 RESERVED CVE-2019-11461 (An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.3 ...) - - nautilus <unfixed> + - nautilus <unfixed> (bug #928054) [stretch] - nautilus <not-affected> (Vulnerable embedded gnome-desktop thumbnail script introduced later) [jessie] - nautilus <not-affected> (Vulnerable embedded gnome-desktop thumbnail script introduced later) NOTE: https://gitlab.gnome.org/GNOME/nautilus/issues/987 @@ -392,19 +392,19 @@ CVE-2019-11393 (An issue was discovered in /admin/users/update in M/Monit before CVE-2019-11392 RESERVED CVE-2019-11391 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...) - - modsecurity-crs <unfixed> + - modsecurity-crs <unfixed> (bug #928053) NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1357 CVE-2019-11390 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...) - - modsecurity-crs <unfixed> + - modsecurity-crs <unfixed> (bug #928053) NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1358 CVE-2019-11389 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...) - - modsecurity-crs <unfixed> + - modsecurity-crs <unfixed> (bug #928053) NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1356 CVE-2019-11388 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...) - - modsecurity-crs <unfixed> + - modsecurity-crs <unfixed> (bug #928053) NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1354 CVE-2019-11387 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...) - - modsecurity-crs <unfixed> + - modsecurity-crs <unfixed> (bug #928053) NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1359 CVE-2019-11386 RESERVED @@ -47960,13 +47960,12 @@ CVE-2018-12643 CVE-2018-12642 (Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not ...) NOT-FOR-US: Floxlor CVE-2018-12641 (An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as ...) - - binutils <unfixed> (low) - [stretch] - binutils <ignored> (Minor issue) - [jessie] - binutils <ignored> (Minor issue) + - binutils <unfixed> (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099 NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23058 NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9 + NOTE: binutils not covered by security support CVE-2018-12640 (The webService binary on Insteon HD IP Camera White 2864-222 devices h ...) NOT-FOR-US: Insteon CVE-2018-12639 @@ -73155,7 +73154,8 @@ CVE-2017-18010 (The E-goi Smart Marketing SMS and Newsletters Forms plugin befor NOT-FOR-US: E-goi Smart Marketing SMS and Newsletters Forms plugin for WordPress CVE-2017-18009 (In OpenCV 3.3.1, a heap-based buffer over-read exists in the function ...) [experimental] - opencv 3.4.4+dfsg-1~exp1 - - opencv <unfixed> (bug #924884) + - opencv <unfixed> (low; bug #924884) + [buster] - opencv <no-dsa> (Minor issue) [stretch] - opencv <not-affected> (Vulnerable code introduced later) [jessie] - opencv <not-affected> (Vulnerable code introduced later) [wheezy] - opencv <not-affected> (Vulnerable code introduced later) @@ -95119,13 +95119,11 @@ CVE-2017-13718 CVE-2017-13717 RESERVED CVE-2017-13716 (The C++ symbol demangler routine in cplus-dem.c in libiberty, as distr ...) - - binutils <unfixed> (low) - [stretch] - binutils <ignored> (Minor issue) - [jessie] - binutils <ignored> (Minor issue) - [wheezy] - binutils <ignored> (Minor issue) + - binutils <unfixed> (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22009 NOTE: Underlying bug is though in the C++ demangler part of libiberty, but MITRE NOTE: has assigned it specifically to the issue as raised within binutils. + NOTE: binutils not covered by security support CVE-2016-10503 (IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated ...) NOT-FOR-US: IBM CVE-2017-13715 (The __skb_flow_dissect function in net/core/flow_dissector.c in the Li ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/47f390405e5fb62d6616d8e96e46ca94c2b42777 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/47f390405e5fb62d6616d8e96e46ca94c2b42777 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits