Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: a4f9044c by Moritz Muehlenhoff at 2018-01-27T17:03:13+01:00 add mailman - - - - - 558e793e by Moritz Muehlenhoff at 2018-01-27T17:03:49+01:00 miniupnnd no-dsa remove some tiff issues which are pending for DSA - - - - - 33848e11 by Moritz Muehlenhoff at 2018-01-27T17:04:11+01:00 Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -2425,6 +2425,8 @@ CVE-2018-5361 (The WPGlobus plugin 1.9.6 for WordPress has CSRF via ...) NOT-FOR-US: WPGlobus plugin for WordPress CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as ...) - tiff <unfixed> + [stretch] - tiff <postponed> (Minor issue, revisit once fixed upstream) + [jessie] - tiff <postponed> (Minor issue, revisit once fixed upstream) - tiff3 <removed> NOTE: Issue demostrated in tiff via a vector through graphicsmagick, cf. NOTE: https://sourceforge.net/p/graphicsmagick/bugs/540/ @@ -3685,6 +3687,8 @@ CVE-2017-1000495 (QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site NOT-FOR-US: QuickApps CMS CVE-2017-1000494 (Uninitialized stack variable vulnerability in NameValueParserEndElt ...) - miniupnpd <unfixed> (bug #887129) + [stretch] - miniupnpd <no-dsa> (Minor issue) + [jessie] - miniupnpd <no-dsa> (Minor issue) - miniupnpc <unfixed> (unimportant) NOTE: https://github.com/miniupnp/miniupnp/issues/268 NOTE: https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a @@ -25669,9 +25673,8 @@ CVE-2017-14051 (An integer overflow in the qla2x00_sysfs_write_optrom_ctl functi NOTE: https://patchwork.kernel.org/patch/9929625/ NOTE: Non issue, only "exploitable" with root access CVE-2017-14034 (The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used ...) - - ffmpeg <unfixed> + - ffmpeg <undetermined> NOTE: Issue 3 from https://github.com/ebel34/bpg-web-encoder/issues/1 - TODO: check CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, ...) {DSA-4031-1 DLA-1114-1} - ruby2.3 2.3.5-1 (bug #875928) @@ -26516,8 +26519,6 @@ CVE-2017-13727 (There is a reachable assertion abort in the function ...) CVE-2017-13726 (There is a reachable assertion abort in the function ...) {DLA-1093-1} - tiff 4.0.8-5 (bug #873880) - [stretch] - tiff <no-dsa> (Minor issue) - [jessie] - tiff <no-dsa> (Minor issue) - tiff3 <removed> [wheezy] - tiff3 <not-affected> (Vulnerable code not present) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2727 @@ -41079,7 +41080,6 @@ CVE-2017-8856 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 CVE-2016-10371 (The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in ...) {DLA-969-1} - tiff 4.0.7-7 (low; bug #862929) - [jessie] - tiff <no-dsa> (Minor issue) - tiff3 <removed> [wheezy] - tiff3 <no-dsa> (tiff tools are not built, can be fixed later) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2535 ===================================== data/dsa-needed.txt ===================================== --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -35,6 +35,8 @@ libvpx/oldstable linux Wait until more issues have piled up -- +mailman +-- mercurial -- openjdk-7/oldstable (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d3affa533676f8a747a1a6b77386bdccfadd5982...33848e11b102edd65deba14b9c7d461d4421b2b8 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d3affa533676f8a747a1a6b77386bdccfadd5982...33848e11b102edd65deba14b9c7d461d4421b2b8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits