[Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entries which got an update in DLA-3794-1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dda6f1be by Salvatore Bonaccorso at 2024-04-25T22:38:37+02:00 Remove no-dsa tagged entries which got an update in DLA-3794-1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -204130,7 +204130,6 @@ CVE-2021-36368 (An issue was discovered in OpenSSH before 8.9. If a client is us CVE-2021-36367 (PuTTY through 0.75 proceeds with establishing an SSH session even if i ...) - putty 0.75-3 (bug #990901) [bullseye] - putty 0.74-1+deb11u1 - [buster] - putty (Minor issue) [stretch] - putty (Minor issue) NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa CVE-2021-36366 (Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards ...) @@ -290584,7 +290583,6 @@ CVE-2020-14003 RESERVED CVE-2020-14002 (PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an in ...) - putty 0.74-1 - [buster] - putty (Minor issue) [stretch] - putty (Minor issue) [jessie] - putty (Minor issue) NOTE: Introduced by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=d21041f7f8846b16ff6d72ed696d6190627e19b4 (0.68) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dda6f1be13ae20117ab660ffbb919bd31dbc8c29 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dda6f1be13ae20117ab660ffbb919bd31dbc8c29 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entries which got an update in DLA-2936-1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9c204127 by Salvatore Bonaccorso at 2022-03-21T06:02:04+01:00 Remove no-dsa tagged entries which got an update in DLA-2936-1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -135157,13 +135157,11 @@ CVE-2020-12280 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote at CVE-2020-12279 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...) - libgit2 0.28.4+dfsg.1-2 [buster] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) - [stretch] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) [jessie] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) NOTE: https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4 CVE-2020-12278 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...) - libgit2 0.28.4+dfsg.1-2 [buster] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) - [stretch] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) [jessie] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) NOTE: https://github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01 NOTE: https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c20412723d7a5acf7e91506ee82c179272daea0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c20412723d7a5acf7e91506ee82c179272daea0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entries which got an update for exiv2 in stretch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: df1276bf by Salvatore Bonaccorso at 2021-08-30T06:13:40+02:00 Remove no-dsa tagged entries which got an update for exiv2 in stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24282,7 +24282,6 @@ CVE-2021-3482 (A flaw was found in Exiv2 in versions before and including 0.27.4 {DSA-4958-1} - exiv2 (bug #986888) [bullseye] - exiv2 (Minor issue) - [stretch] - exiv2 (Minor issue; can be fixed in next update) NOTE: https://github.com/Exiv2/exiv2/issues/1522 NOTE: https://github.com/Exiv2/exiv2/commit/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da NOTE: https://github.com/Exiv2/exiv2/commit/cac151ec052d44da3dc779e9e4028e581acb128a @@ -25413,7 +25412,6 @@ CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write {DSA-4958-1} - exiv2 (bug #987736) [bullseye] - exiv2 (Minor issue) - [stretch] - exiv2 (Vulnerable code introduced later) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2 NOTE: https://github.com/Exiv2/exiv2/pull/1587 NOTE: https://github.com/Exiv2/exiv2/commit/e6a0982f7cd9282052b6e3485a458d60629ffa0b @@ -109295,7 +109293,6 @@ CVE-2019-20422 (In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/i CVE-2019-20421 (In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input ...) {DSA-4958-1} - exiv2 0.27.2-8 (low; bug #950183) - [stretch] - exiv2 (Minor issue) [jessie] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8 NOTE: https://github.com/Exiv2/exiv2/issues/1011 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df1276bf32746fe7414ae2cde801e0ee07e807f8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df1276bf32746fe7414ae2cde801e0ee07e807f8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entries which got an update in DLA 2716-1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5dfb287b by Salvatore Bonaccorso at 2021-07-22T16:21:37+02:00 Remove no-dsa tagged entries which got an update in DLA 2716-1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20667,14 +20667,12 @@ CVE-2021-28677 (An issue was discovered in Pillow before 8.2.0. For EPS data, th [experimental] - pillow 8.2.0-1 - pillow 8.1.2+dfsg-0.2 (bug #989062) [buster] - pillow (Minor issue) - [stretch] - pillow (Minor issue) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open NOTE: https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92 CVE-2021-28676 (An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecod ...) [experimental] - pillow 8.2.0-1 - pillow 8.1.2+dfsg-0.2 (bug #989062) [buster] - pillow (Minor issue) - [stretch] - pillow (Minor issue) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos NOTE: https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856 CVE-2021-28675 (An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImag ...) @@ -29086,7 +29084,6 @@ CVE-2021-25291 (An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, CVE-2021-25290 (An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there ...) - pillow 8.1.1-1 [buster] - pillow (Minor issue) - [stretch] - pillow (Minor issue) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html NOTE: https://github.com/python-pillow/Pillow/commit/e25be1e33dc526bfd1094bc778a54d8e29bf66c9 CVE-2021-25289 (An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap- ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dfb287bdaa0fc466adc0a84e8cf5f6531a4188a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dfb287bdaa0fc466adc0a84e8cf5f6531a4188a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entries which got an update in DLA 2672-1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2ae13cc5 by Salvatore Bonaccorso at 2021-06-02T20:39:27+02:00 Remove no-dsa tagged entries which got an update in DLA 2672-1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33016,7 +33016,6 @@ CVE-2021-20309 (A flaw was found in ImageMagick in versions before 7.0.11 and be - imagemagick [bullseye] - imagemagick (Minor issue) [buster] - imagemagick (Minor issue) - [stretch] - imagemagick (Minor issue; can be fixed in next update) NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/94174beff065cb5683d09d79e992c3ebbdead311 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f1e68d22d1b35459421710587a0dcbab6900b51f CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may allow attackers ...) @@ -33307,7 +33306,6 @@ CVE-2021-20245 (A flaw was found in ImageMagick in coders/webp.c. An attacker wh - imagemagick [bullseye] - imagemagick (Minor issue) [buster] - imagemagick (Minor issue) - [stretch] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/3176 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/ffb683e62ddedc6436a1b88388eb690d7ca57bf2 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a78d92dc0f468e79c3d761aae9707042952cdaca @@ -33323,7 +33321,6 @@ CVE-2021-20243 (A flaw was found in ImageMagick in MagickCore/resize.c. An attac - imagemagick [bullseye] - imagemagick (Minor issue) [buster] - imagemagick (Minor issue) - [stretch] - imagemagick (Minor issue; can be fixed in next update) NOTE: https://github.com/ImageMagick/ImageMagick/pull/3193 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/9751bd619872c8e58609fbed56c4827afa083b40 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745 (resize.c hunk) @@ -44570,7 +44567,6 @@ CVE-2020-27752 (A flaw was found in ImageMagick in MagickCore/quantum-private.h. CVE-2020-27751 (A flaw was found in ImageMagick in MagickCore/quantum-export.c. An att ...) - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) - [stretch] - imagemagick (Minor issue, UBSAN shift exponent warning) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1727 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/f60d59cc3a7e3402d403361e0985ffa56f746a82 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/879bb6a13ece5508cd983bc3d64ced23900b60ee View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ae13cc58d7f74b17bdc4c7185a9c2c880f1126a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ae13cc58d7f74b17bdc4c7185a9c2c880f1126a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entries which got an update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3eaa9756 by Salvatore Bonaccorso at 2020-05-18T06:51:22+02:00 Remove no-dsa tagged entries which got an update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -83698,7 +83698,6 @@ CVE-2018-20031 (A Denial of Service vulnerability related to preemptive item del CVE-2018-20030 (An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EX ...) - libexif 0.6.21-5.1 (bug #918730) [stretch] - libexif (Minor issue) - [jessie] - libexif (Minor issue) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/ NOTE: https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89 CVE-2018-20029 (The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6 ...) @@ -173985,7 +173984,6 @@ CVE-2017-7545 (It was discovered that the XmlUtils class in jbpmmigration 6.5 pe CVE-2017-7544 (libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulner ...) - libexif 0.6.21-2.1 (bug #876466) [stretch] - libexif (Minor issue) - [jessie] - libexif (Minor issue) [wheezy] - libexif (Minor issue) NOTE: https://sourceforge.net/p/libexif/bugs/130/ CVE-2017-7543 (A race-condition flaw was discovered in openstack-neutron before 7.2.0 ...) @@ -205514,7 +205512,6 @@ CVE-2016-6329 (OpenVPN, when using a 64-bit block cipher, makes it easier for re CVE-2016-6328 (A vulnerability was found in libexif. An integer overflow when parsing ...) - libexif 0.6.21-2.1 (bug #873022) [stretch] - libexif (Minor issue) - [jessie] - libexif (Minor issue) [wheezy] - libexif (Minor issue) NOTE: http://libexif.cvs.sourceforge.net/viewvc/libexif/libexif/libexif/pentax/mnote-pentax-entry.c?r1=1.26&r2=1.27 CVE-2016-6327 (drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3eaa97567ee6fefb76390888f1e9cf37a19ea407 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3eaa97567ee6fefb76390888f1e9cf37a19ea407 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entries which got an update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d5def294 by Salvatore Bonaccorso at 2020-01-20T16:15:05+01:00 Remove no-dsa tagged entries which got an update According to 27cacdce393d ("DLA-2072-1: fix fixed CVEs") those three CVEs were fixed as well in the recent DLA-2072-1, thus removing the no-dsa/postponed tags. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24980,14 +24980,12 @@ CVE-2018-21016 (audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC - gpac (bug #940882) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - [jessie] - gpac (Minor issue, local DoS in function 'mp4a_AddBox') NOTE: https://github.com/gpac/gpac/issues/1180 NOTE: https://github.com/gpac/gpac/commit/ea13945f3c2dc2c21e30e2731bf2782384307a13 CVE-2018-21015 (AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remot ...) - gpac (bug #940882) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - [jessie] - gpac (Minor issue, local DoS) NOTE: https://github.com/gpac/gpac/issues/1179 NOTE: https://github.com/gpac/gpac/commit/0545bb0a01bfac6764c43bd5074e9c2d1eae495f CVE-2019-16342 @@ -33640,7 +33638,6 @@ CVE-2019-13618 (In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a he - gpac (low; bug #932242) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - [jessie] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1250 NOTE: https://github.com/gpac/gpac/commit/c23d54ed15a70b4543e3191e6ead5097cda0878b CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5def2948a22bf4d3e50da1fc1fe6a9e23d9f9b2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5def2948a22bf4d3e50da1fc1fe6a9e23d9f9b2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entries which got an update in DLA-1853-1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f8c48563 by Salvatore Bonaccorso at 2019-07-13T21:32:51Z Remove no-dsa tagged entries which got an update in DLA-1853-1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -133466,7 +133466,6 @@ CVE-2016-9879 (An issue was discovered in Pivotal Spring Security before 3.2.10, NOTE: https://pivotal.io/security/cve-2016-9879 CVE-2016-9878 (An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2 ...) - libspring-java 4.3.5-1 (bug #849167) - [jessie] - libspring-java (Minor issue) [wheezy] - libspring-java (Minor issue) NOTE: https://pivotal.io/security/cve-2016-9878 NOTE: Fixed by: https://github.com/spring-projects/spring-framework/commit/e2d6e709c3c65a4951eb096843ee75d5200cfcad (4.3.x branch) @@ -182180,7 +182179,6 @@ CVE-2015-5212 (Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffi NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2015-5212/ CVE-2015-5211 (Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4 ...) - libspring-java 4.1.9-1 - [jessie] - libspring-java (Minor issue) [wheezy] - libspring-java (Minor issue) NOTE: https://jira.spring.io/browse/SPR-13548 NOTE: https://github.com/spring-projects/spring-framework/commit/2bd1da @@ -187965,7 +187963,6 @@ CVE-2015-3193 (The Montgomery squaring implementation in crypto/bn/asm/x86_64-mo NOTE: https://www.openssl.org/news/secadv/20151203.txt CVE-2015-3192 (Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not pro ...) - libspring-java 4.1.9-1 (low; bug #796137) - [jessie] - libspring-java (Minor issue) [wheezy] - libspring-java (Minor issue) NOTE: https://pivotal.io/security/cve-2015-3192 NOTE: https://jira.spring.io/browse/SPR-13136 @@ -213116,7 +213113,6 @@ CVE-2014-3626 (The Grails Resource Plugin often has to exchange URIs for resourc NOT-FOR-US: Grails Resource Plugin CVE-2014-3625 (Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 th ...) - libspring-java 3.2.13-1 (bug #769698) - [jessie] - libspring-java (Minor issue) [wheezy] - libspring-java (Minor issue) NOTE: https://github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601 (3.2.x) NOTE: https://jira.spring.io/browse/SPR-12354 @@ -213313,7 +213309,6 @@ CVE-2014-3579 (XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo NOT-FOR-US: Apache ActiveMQ Apollo CVE-2014-3578 (Directory traversal vulnerability in Pivotal Spring Framework 3.x befo ...) - libspring-java 3.2.13-1 (low; bug #760733) - [jessie] - libspring-java (minor issue) [wheezy] - libspring-java (minor issue) NOTE: https://github.com/spring-projects/spring-framework/issues/16414 NOTE: https://github.com/spring-projects/spring-framework/commit/f6fddeb6eb7da625fd711ab371ff16512f431e8d View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8c48563f53de87ebd9ac5d0455883d6840add8a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8c48563f53de87ebd9ac5d0455883d6840add8a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entries which got an update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 713149b2 by Salvatore Bonaccorso at 2018-12-26T08:23:59Z Remove no-dsa tagged entries which got an update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -59129,7 +59129,6 @@ CVE-2017-1002101 (In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to CVE-2017-17457 (The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead ...) - libsndfile (low; bug #884735) [stretch] - libsndfile (Minor issue) - [jessie] - libsndfile (Minor issue) [wheezy] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/344 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f @@ -59137,7 +59136,6 @@ CVE-2017-17457 (The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 m CVE-2017-17456 (The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead ...) - libsndfile (low; bug #884735) [stretch] - libsndfile (Minor issue) - [jessie] - libsndfile (Minor issue) [wheezy] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/344 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f @@ -70745,7 +70743,6 @@ CVE-2017-14650 (A Remote Code Execution vulnerability has been found in the Hord CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the function ...) - libsndfile (bug #876783) [stretch] - libsndfile (Minor issue) - [jessie] - libsndfile (Minor issue) [wheezy] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/318 NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788 @@ -71910,14 +71907,12 @@ CVE-2017-14247 (SQL Injection exists in the EyesOfNetwork web interface (aka eon CVE-2017-14246 (An out of bounds read in the function d2ulaw_array() in ulaw.c of ...) - libsndfile (low; bug #876682) [stretch] - libsndfile (Minor issue) - [jessie] - libsndfile (Minor issue) [wheezy] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/317 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f CVE-2017-14245 (An out of bounds read in the function d2alaw_array() in alaw.c of ...) - libsndfile (low; bug #876682) [stretch] - libsndfile (Minor issue) - [jessie] - libsndfile (Minor issue) [wheezy] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/317 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f @@ -89582,7 +89577,6 @@ CVE-2017-8366 (The strescape function in ec_strings.c in Ettercap 0.8.2 allows r CVE-2017-8365 (The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote ...) {DLA-956-1} - libsndfile 1.0.27-3 (bug #862202) - [jessie] - libsndfile (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/ NOTE: https://github.com/erikd/libsndfile/issues/230 NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3 @@ -89595,7 +89589,6 @@ CVE-2017-8364 (The read_buf function in stream.c in rzip 2.1 allows remote attac CVE-2017-8363 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows ...) {DLA-956-1} - libsndfile 1.0.27-3 (bug #862203) - [jessie] - libsndfile (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/ NOTE: https://github.com/erikd/libsndfile/issues/233 NOTE: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3 @@ -89603,14 +89596,12 @@ CVE-2017-8363 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allo CVE-2017-8362 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows ...) {DLA-956-1} - libsndfile 1.0.27-3 (bug #862204) - [jessie] - libsndfile (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/ NOTE: https://github.com/erikd/libsndfile/issues/231 NOTE: https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808 CVE-2017-8361 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows ...) {DLA-956-1} - libsndfile 1.0.27-3 (bug #862205) - [jessie] - libsndfile (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-
[Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entries which got an update in DLA-1562-1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bd4819f9 by Salvatore Bonaccorso at 2018-10-31T21:44:16Z Remove no-dsa tagged entries which got an update in DLA-1562-1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12220,7 +12220,6 @@ CVE-2018-13989 (Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via CVE-2018-13988 (Poppler through 0.62 contains an out of bounds read vulnerability due ...) - poppler 0.69.0-2 (low; bug #904922) [stretch] - poppler (Minor issue) - [jessie] - poppler (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1602838 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee (poppler-0.67.0) CVE-2018-13987 @@ -20074,7 +20073,6 @@ CVE-2017-18267 (The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppl [experimental] - poppler 0.65.0-1 - poppler 0.69.0-2 (bug #898357) [stretch] - poppler (Minor issue) - [jessie] - poppler (Minor issue) [wheezy] - poppler (Minor issue) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=104942 NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103238 @@ -20786,7 +20784,6 @@ CVE-2018-10769 (The transferProxy and approveProxy functions of a smart contract NOT-FOR-US: smart contract CVE-2018-10768 (There is a NULL pointer dereference in the AnnotPath::getCoordsLength ...) - poppler 0.38.0-2 - [jessie] - poppler (Minor issue) [wheezy] - poppler (Vulnerable code is not present) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=106408 NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=942adfc25e7a00ac3cf032ced2d8949e99099f70 (poppler-0.37) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd4819f9afd948e1e3b5822f3ca4398a12d91d06 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd4819f9afd948e1e3b5822f3ca4398a12d91d06 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entries which got an update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: afd37adf by Salvatore Bonaccorso at 2018-09-06T20:19:43Z Remove no-dsa tagged entries which got an update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29044,7 +29044,6 @@ CVE-2018-5773 (An issue was discovered in markdown2 (aka python-markdown2) throu CVE-2017-18043 (Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) ...) {DSA-4213-1 DLA-1497-1} - qemu 1:2.10.0+dfsg-2 - [jessie] - qemu (Can be fixed along in a future DSA) [wheezy] - qemu (vulnerable code not present) - qemu-kvm [wheezy] - qemu-kvm (vulnerable code not present) @@ -29432,7 +29431,6 @@ CVE-2018-5684 (In Libav through 12.2, there is an invalid memcpy call in the ... CVE-2018-5683 (The vga_draw_text function in Qemu allows local OS guest privileged ...) {DSA-4213-1 DLA-1497-1} - qemu 1:2.12~rc3+dfsg-1 (bug #887392) - [jessie] - qemu (Minor issue, can be fixed along in future DSA) [wheezy] - qemu (Minor issue, can be fixed along in next DLA) - qemu-kvm [wheezy] - qemu-kvm (Minor issue, can be fixed along in next DLA) @@ -46411,7 +46409,6 @@ CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 before build 13530 all CVE-2017-16845 (hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values ...) {DSA-4213-1 DLA-1497-1} - qemu 1:2.12~rc3+dfsg-1 (bug #882136) - [jessie] - qemu (Minor issue) [wheezy] - qemu (Can be fixed along in a future update) - qemu-kvm [wheezy] - qemu-kvm (Can be fixed along in a future update) @@ -50941,7 +50938,6 @@ CVE-2017-15590 (An issue was discovered in Xen through 4.9.x allowing x86 guest CVE-2017-15289 (The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow ...) {DSA-4213-1 DLA-1497-1} - qemu 1:2.11+dfsg-1 (bug #880832) - [jessie] - qemu (Minor issue) [wheezy] - qemu (Can be fixed along in a future update) - qemu-kvm [wheezy] - qemu-kvm (Can be fixed along in a future update) @@ -51838,7 +51834,6 @@ CVE-2017-15039 (Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 vi CVE-2017-15038 (Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU ...) {DSA-4213-1 DLA-1497-1 DLA-1129-1 DLA-1128-1} - qemu 1:2.10.0+dfsg-2 (bug #877890) - [jessie] - qemu (Minor issue) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html CVE-2017-15037 (In FreeBSD through 11.1, the smb_strdupin function in ...) @@ -64689,7 +64684,6 @@ CVE-2017-10808 CVE-2017-10806 (Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick ...) {DSA-3925-1 DLA-1497-1} - qemu 1:2.8+dfsg-7 (bug #867751) - [jessie] - qemu (Minor issue) [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) @@ -68347,7 +68341,6 @@ CVE-2017-9503 (QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 H {DLA-1497-1} - qemu 1:2.10.0-1 (bug #865754) [stretch] - qemu (Minor issue, can be included in future update) - [jessie] - qemu (Minor issue) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm [wheezy] - qemu-kvm (Vulnerable code not present) @@ -68760,7 +68753,6 @@ CVE-2017-9375 (QEMU (aka Quick Emulator), when built with USB xHCI controller .. CVE-2017-9374 (Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI ...) {DSA-3920-1 DLA-1497-1} - qemu 1:2.8+dfsg-7 (bug #864568) - [jessie] - qemu (Minor issue) [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) @@ -68946,7 +68938,6 @@ CVE-2017-9334 (An incorrect "pair?" check in the Scheme "length&q CVE-2017-9330 (QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI ...) {DSA-3920-1 DLA-1497-1} - qemu 1:2.8+dfsg-7 (bug #863943) - [jessie] - qemu (Minor issue) [wheezy] - qemu (Vulnerable code no present) - qemu-kvm [wheezy] - qemu-kvm (Vulnerable code no present) @@ -71865,7 +71856,6 @@ CVE-2017-8380 (Buffer overflow in the "megasas_mmio_write" function in CVE-2017-8379 (Memory leak in the keyboard input event handlers support in QEMU (aka ...) {DLA-1497-1} - qemu 1:2.8+dfsg-5 (bug #862289) - [jessie] - qemu (Minor issue) [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) @@ -72132,7 +72122,6 @@ CVE-2017-8310 (Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2. CVE-2017-8309 (Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows ...) {DLA-1497-1 DLA-1071-