Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b79e5971 by Moritz Muehlenhoff at 2018-03-14T22:59:03+01:00
jakarta-jmeter no-dsa
libgcrypt, afflib unimportant
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1400,8 +1400,9 @@ CVE-2018-8052
CVE-2018-8051
RESERVED
CVE-2018-8050 (The af_get_page() function in lib/afflib_pages.cpp in AFFLIB
(aka ...)
- - afflib <unfixed> (bug #892599)
+ - afflib <unfixed> (unimportant; bug #892599)
NOTE:
https://github.com/sshock/AFFLIBv3/commit/435a2ca802358a3debb6d164d2c33049131df81c
+ NOTE: Negligable security impact
CVE-2018-8049
RESERVED
CVE-2018-8048
@@ -4907,14 +4908,17 @@ CVE-2018-6831
CVE-2018-6830
RESERVED
CVE-2018-6829 (cipher/elgamal.c in Libgcrypt through 1.8.2, when used to
encrypt ...)
- - libgcrypt20 <unfixed>
- - libgcrypt11 <removed>
+ - libgcrypt20 <unfixed> (unimportant)
+ - libgcrypt11 <removed> (unimportant)
- gnupg1 <unfixed> (unimportant)
- gnupg <removed> (unimportant)
NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal
NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
NOTE:
https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
NOTE: GnuPG uses ElGamal in hybrid mode only.
+ NOTE: This is not a vulnerability in libgcrypt, but in an application
using
+ NOTE: it in an insecure manner, see also
+ NOTE:
https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004401.html
CVE-2018-6828
RESERVED
CVE-2018-6827 (VOBOT CLOCK before 0.99.30 devices do not verify X.509
certificates ...)
@@ -19670,7 +19674,9 @@ CVE-2018-1298 (A Denial of Service vulnerability was
found in Apache Qpid Broker
NOTE:
https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=30ca170
NOTE:
https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=4b9fb37
CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x
and ...)
- - jakarta-jmeter <unfixed>
+ - jakarta-jmeter <unfixed> (low)
+ [stretch] - jakarta-jmeter <no-dsa> (Minor issue)
+ [jessie] - jakarta-jmeter <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/1
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
CVE-2018-1296
@@ -19695,7 +19701,9 @@ CVE-2018-1289
CVE-2018-1288
RESERVED
CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only
(RMI ...)
- - jakarta-jmeter <unfixed>
+ - jakarta-jmeter <unfixed> (low)
+ [stretch] - jakarta-jmeter <no-dsa> (Minor issue)
+ [jessie] - jakarta-jmeter <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/2
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
CVE-2018-1286 (In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on
privileged ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b79e5971b61f155ea6ab97a62423743040237310
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b79e5971b61f155ea6ab97a62423743040237310
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
