Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: c39d1a54 by Moritz Muehlenhoff at 2020-05-28T19:02:51+02:00 new ntp issue NFUs add and take ffmpeg - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -119642,7 +119642,13 @@ CVE-2018-8958 CVE-2018-8957 (CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related ...) NOT-FOR-US: CoverCMS CVE-2018-8956 (ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote att ...) - TODO: check + - ntp <unfixed> (low) + [buster] - ntp <no-dsa> (Minor issue) + [stretch] - ntp <no-dsa> (Minor issue) + NOTE: MISC:https://arxiv.org/abs/2005.01783 + NOTE: MISC:https://nikhiltripathi.in/NTP_attack.pdf + NOTE: MISC:https://tools.ietf.org/html/rfc5905 + TODO: check ntpsec CVE-2018-8955 (The installer for BitDefender GravityZone relies on an encoded string ...) NOT-FOR-US: BitDefender GravityZone CVE-2018-8954 (CA Workload Control Center before r11.4 SP6 allows remote attackers to ...) @@ -229757,7 +229763,7 @@ CVE-2015-7948 CVE-2015-7947 REJECTED CVE-2015-7946 (Information Exposure vulnerability in Unity8 as used on the Ubuntu pho ...) - TODO: check + NOT-FOR-US: Unity8 (predates Lomiri) CVE-2015-7945 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti befo ...) {DSA-3431-1} - ganeti 2.15.2-1 (bug #809538) @@ -274934,7 +274940,7 @@ CVE-2014-1424 (apparmor_parser in the apparmor package before 2.8.95~2430-0ubunt NOTE: affected one that we ever had in Debian (2.8.96~2652) did not NOTE: include the faulty patch. CVE-2014-1423 (signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch ...) - TODO: check + NOT-FOR-US: signond from Ubuntu Touch CVE-2014-1422 RESERVED CVE-2014-1421 (mountall 1.54, as used in Ubuntu 14.10, does not properly handle the u ...) @@ -292528,7 +292534,7 @@ CVE-2013-1868 (Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and CVE-2013-1867 (Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerabi ...) NOT-FOR-US: Gemalto Tokend CVE-2013-1866 (OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerab ...) - TODO: check + NOT-FOR-US: OpenSC.tokend (different from src:opensc) CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform revocatio ...) - keystone <not-affected> (only affects folsom) NOTE: fixed in experimental with keystone/2012.2.3-2 ===================================== data/dsa-needed.txt ===================================== @@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa -- chromium -- +ffmpeg (jmm) +-- jruby/oldstable -- libopenmpt View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c39d1a5463ac7d451a8b4cc349ca60dcf387ed9f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c39d1a5463ac7d451a8b4cc349ca60dcf387ed9f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits