Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1d75db76 by Moritz Muehlenhoff at 2018-09-03T21:08:47Z Remove stretch annotation from ffmpeg entry as n/a in general More stretch triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -218,6 +218,7 @@ CVE-2018-16324 (In IceWarp Server 12.0.3.1 and before, there is XSS in the /webm NOT-FOR-US: IceWarp Server CVE-2018-16323 (ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data ...) - imagemagick <unfixed> (bug #907776) + [stretch] - imagemagick <postponed> (Can be fixed along in next DSA) [jessie] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786 CVE-2018-16322 @@ -780,19 +781,22 @@ CVE-2018-16060 CVE-2018-16059 RESERVED CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...) - - wireshark 2.6.3-1 + - wireshark 2.6.3-1 (low) + [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14884 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c48d6a6d60c5c9111838a945966b6cb8750777be NOTE: https://www.wireshark.org/security/wnpa-sec-2018-44.html CVE-2018-16057 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...) - - wireshark 2.6.3-1 + - wireshark 2.6.3-1 (low) + [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15022 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4ac83382dc49f9f7b62bffb3cfc508cdaa1e7be5 NOTE: https://www.wireshark.org/security/wnpa-sec-2018-46.html CVE-2018-16056 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...) - - wireshark 2.6.3-1 + - wireshark 2.6.3-1 (low) + [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <not-affected> (vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14994 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f98fbce64cb230e94a2cafc410a3cedad657b485 @@ -4894,6 +4898,7 @@ CVE-2018-14370 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 CVE-2018-14369 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...) {DLA-1451-1} - wireshark 2.6.2-1 + [stretch] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14869 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=038cd225bfa54e2a7ade4043118796334920a61e NOTE: https://www.wireshark.org/security/wnpa-sec-2018-41.html @@ -5035,6 +5040,7 @@ CVE-2018-14345 (An issue was discovered in SDDM through 0.17.0. If configured wi NOTE: https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98 CVE-2018-14344 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...) - wireshark 2.6.2-1 + [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <not-affected> (Vulnerable code not present, introduced in v1.99.1rc0-224-g6720c80bab) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14672 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f7153685b39a164aea09ba7f96ebb648b8328ae @@ -7354,7 +7360,6 @@ CVE-2018-13306 RESERVED CVE-2018-13305 (In FFmpeg 4.0.1, due to a missing check for negative values of the ...) - ffmpeg <not-affected> (Vulnerable code not present) - [stretch] - ffmpeg <not-affected> (Vulnerable code not present) - libav <undetermined> NOTE: https://github.com/FFmpeg/FFmpeg/commit/d08d4a8c7387e758d439b0592782e4cfa2b4d6a4 NOTE: https://github.com/FFmpeg/FFmpeg/commit/d08d4a8c7387e758d439b0592782e4cfa2b4d6a4#commitcomment-30094223 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d75db76825e9cb576b113f8f34346a54fde9794 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d75db76825e9cb576b113f8f34346a54fde9794 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits