Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: b79e5971 by Moritz Muehlenhoff at 2018-03-14T22:59:03+01:00 jakarta-jmeter no-dsa libgcrypt, afflib unimportant - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1400,8 +1400,9 @@ CVE-2018-8052 CVE-2018-8051 RESERVED CVE-2018-8050 (The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka ...) - - afflib <unfixed> (bug #892599) + - afflib <unfixed> (unimportant; bug #892599) NOTE: https://github.com/sshock/AFFLIBv3/commit/435a2ca802358a3debb6d164d2c33049131df81c + NOTE: Negligable security impact CVE-2018-8049 RESERVED CVE-2018-8048 @@ -4907,14 +4908,17 @@ CVE-2018-6831 CVE-2018-6830 RESERVED CVE-2018-6829 (cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt ...) - - libgcrypt20 <unfixed> - - libgcrypt11 <removed> + - libgcrypt20 <unfixed> (unimportant) + - libgcrypt11 <removed> (unimportant) - gnupg1 <unfixed> (unimportant) - gnupg <removed> (unimportant) NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki NOTE: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html NOTE: GnuPG uses ElGamal in hybrid mode only. + NOTE: This is not a vulnerability in libgcrypt, but in an application using + NOTE: it in an insecure manner, see also + NOTE: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004401.html CVE-2018-6828 RESERVED CVE-2018-6827 (VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates ...) @@ -19670,7 +19674,9 @@ CVE-2018-1298 (A Denial of Service vulnerability was found in Apache Qpid Broker NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=30ca170 NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=4b9fb37 CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x and ...) - - jakarta-jmeter <unfixed> + - jakarta-jmeter <unfixed> (low) + [stretch] - jakarta-jmeter <no-dsa> (Minor issue) + [jessie] - jakarta-jmeter <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/1 NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039 CVE-2018-1296 @@ -19695,7 +19701,9 @@ CVE-2018-1289 CVE-2018-1288 RESERVED CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI ...) - - jakarta-jmeter <unfixed> + - jakarta-jmeter <unfixed> (low) + [stretch] - jakarta-jmeter <no-dsa> (Minor issue) + [jessie] - jakarta-jmeter <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/2 NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039 CVE-2018-1286 (In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b79e5971b61f155ea6ab97a62423743040237310 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b79e5971b61f155ea6ab97a62423743040237310 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits