Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
47f39040 by Moritz Muehlenhoff at 2019-04-26T21:17:52Z
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -107,10 +107,10 @@ CVE-2019-11505 (In GraphicsMagick from version 1.3.8 to
1.4 snapshot-20190403 Q8
CVE-2019-11504 (Zotonic before version 0.47 has mod_admin XSS. ...)
NOT-FOR-US: Zotonic
CVE-2019-11503 (snap-confine as included in snapd before 2.39 did not guard
against sy ...)
- - snapd <unfixed>
+ - snapd <unfixed> (bug #928052)
NOTE: https://github.com/snapcore/snapd/pull/6642
CVE-2019-11502 (snap-confine in snapd before 2.38 incorrectly set the
ownership of a s ...)
- - snapd <unfixed>
+ - snapd <unfixed> (bug #928052)
NOTE:
https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1
CVE-2017-18367 (libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs
that OR ...)
- golang-github-seccomp-libseccomp-golang <unfixed> (bug #927981)
@@ -234,7 +234,7 @@ CVE-2019-11463 (A memory leak in
archive_read_format_zip_cleanup in archive_read
CVE-2019-11462
RESERVED
CVE-2019-11461 (An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6
and 3.3 ...)
- - nautilus <unfixed>
+ - nautilus <unfixed> (bug #928054)
[stretch] - nautilus <not-affected> (Vulnerable embedded gnome-desktop
thumbnail script introduced later)
[jessie] - nautilus <not-affected> (Vulnerable embedded gnome-desktop
thumbnail script introduced later)
NOTE: https://gitlab.gnome.org/GNOME/nautilus/issues/987
@@ -392,19 +392,19 @@ CVE-2019-11393 (An issue was discovered in
/admin/users/update in M/Monit before
CVE-2019-11392
RESERVED
CVE-2019-11391 (An issue was discovered in OWASP ModSecurity Core Rule Set
(CRS) throu ...)
- - modsecurity-crs <unfixed>
+ - modsecurity-crs <unfixed> (bug #928053)
NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1357
CVE-2019-11390 (An issue was discovered in OWASP ModSecurity Core Rule Set
(CRS) throu ...)
- - modsecurity-crs <unfixed>
+ - modsecurity-crs <unfixed> (bug #928053)
NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1358
CVE-2019-11389 (An issue was discovered in OWASP ModSecurity Core Rule Set
(CRS) throu ...)
- - modsecurity-crs <unfixed>
+ - modsecurity-crs <unfixed> (bug #928053)
NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1356
CVE-2019-11388 (An issue was discovered in OWASP ModSecurity Core Rule Set
(CRS) throu ...)
- - modsecurity-crs <unfixed>
+ - modsecurity-crs <unfixed> (bug #928053)
NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1354
CVE-2019-11387 (An issue was discovered in OWASP ModSecurity Core Rule Set
(CRS) throu ...)
- - modsecurity-crs <unfixed>
+ - modsecurity-crs <unfixed> (bug #928053)
NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1359
CVE-2019-11386
RESERVED
@@ -47960,13 +47960,12 @@ CVE-2018-12643
CVE-2018-12642 (Froxlor through 0.9.39.5 has Incorrect Access Control for
tickets not ...)
NOT-FOR-US: Floxlor
CVE-2018-12641 (An issue was discovered in arm_pt in cplus-dem.c in GNU
libiberty, as ...)
- - binutils <unfixed> (low)
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23058
NOTE: Fixed by:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
+ NOTE: binutils not covered by security support
CVE-2018-12640 (The webService binary on Insteon HD IP Camera White 2864-222
devices h ...)
NOT-FOR-US: Insteon
CVE-2018-12639
@@ -73155,7 +73154,8 @@ CVE-2017-18010 (The E-goi Smart Marketing SMS and
Newsletters Forms plugin befor
NOT-FOR-US: E-goi Smart Marketing SMS and Newsletters Forms plugin for
WordPress
CVE-2017-18009 (In OpenCV 3.3.1, a heap-based buffer over-read exists in the
function ...)
[experimental] - opencv 3.4.4+dfsg-1~exp1
- - opencv <unfixed> (bug #924884)
+ - opencv <unfixed> (low; bug #924884)
+ [buster] - opencv <no-dsa> (Minor issue)
[stretch] - opencv <not-affected> (Vulnerable code introduced later)
[jessie] - opencv <not-affected> (Vulnerable code introduced later)
[wheezy] - opencv <not-affected> (Vulnerable code introduced later)
@@ -95119,13 +95119,11 @@ CVE-2017-13718
CVE-2017-13717
RESERVED
CVE-2017-13716 (The C++ symbol demangler routine in cplus-dem.c in libiberty,
as distr ...)
- - binutils <unfixed> (low)
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
- [wheezy] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22009
NOTE: Underlying bug is though in the C++ demangler part of libiberty,
but MITRE
NOTE: has assigned it specifically to the issue as raised within
binutils.
+ NOTE: binutils not covered by security support
CVE-2016-10503 (IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an
authenticated ...)
NOT-FOR-US: IBM
CVE-2017-13715 (The __skb_flow_dissect function in net/core/flow_dissector.c
in the Li ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/47f390405e5fb62d6616d8e96e46ca94c2b42777
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/47f390405e5fb62d6616d8e96e46ca94c2b42777
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
