Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3a33deae by Moritz Muehlenhoff at 2018-03-26T19:17:48+02:00 add squirrelmail to dsa-needed tiff postponed dolibarr scheduled for removal nasm, ntp no-dsa - - - - - 39e7a0b7 by Moritz Muehlenhoff at 2018-03-26T19:18:21+02:00 Merge branch 'master' of https://salsa.debian.org/security-tracker-team/security-tracker - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -286,6 +286,8 @@ CVE-2018-8906 (dsmall v20180320 has XSS via a crafted street address to ...) NOT-FOR-US: dsmall CVE-2018-8905 (In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function ...) - tiff <unfixed> (bug #893806) + [stretch] - tiff <postponed> (Can be fixed along in a future DSA) + [jessie] - tiff <postponed> (Can be fixed along in a future DSA) - tiff3 <removed> NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2780 CVE-2018-8904 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) @@ -338,13 +340,19 @@ CVE-2016-10717 (A vulnerability in the encryption and permission implementation CVE-2018-8884 RESERVED CVE-2018-8883 (Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the ...) - - nasm <unfixed> + - nasm <unfixed> (low) + [stretch] - nasm <no-dsa> (Minor issue) + [jessie] - nasm <no-dsa> (Minor issue) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392447 CVE-2018-8882 (Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read ...) - - nasm <unfixed> + - nasm <unfixed> (low) + [stretch] - nasm <no-dsa> (Minor issue) + [jessie] - nasm <no-dsa> (Minor issue) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392445 CVE-2018-8881 (Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read ...) - - nasm <unfixed> + - nasm <unfixed> (low) + [stretch] - nasm <no-dsa> (Minor issue) + [jessie] - nasm <no-dsa> (Minor issue) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392446 CVE-2018-8880 RESERVED @@ -4838,13 +4846,17 @@ CVE-2018-7187 (The "go get" implementation in Go 1.9.4, when the -inse NOTE: https://github.com/golang/go/issues/23867 NOTE: https://github.com/golang/go/commit/c941e27e70c3e06e1011d2dd71d72a7a06a9bcbc CVE-2018-7185 (The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote ...) - - ntp 1:4.2.8p11+dfsg-1 + - ntp 1:4.2.8p11+dfsg-1 (low) + [stretch] - ntp <no-dsa> (Minor issue) + [jessie] - ntp <no-dsa> (Minor issue) - ntpsec <not-affected> (Issue not present) NOTE: http://www.kb.cert.org/vuls/id/961909 NOTE: http://support.ntp.org/bin/view/Main/NtpBug3454 NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S CVE-2018-7184 (ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating ...) - - ntp 1:4.2.8p11+dfsg-1 + - ntp 1:4.2.8p11+dfsg-1 (low) + [stretch] - ntp <no-dsa> (Minor issue) + [jessie] - ntp <no-dsa> (Minor issue) - ntpsec <not-affected> (Issue not present) NOTE: http://www.kb.cert.org/vuls/id/961909 NOTE: http://support.ntp.org/bin/view/Main/NtpBug3453 @@ -7198,6 +7210,7 @@ CVE-2017-1000510 (Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripti NOT-FOR-US: Croogo CVE-2017-1000509 (Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) ...) - dolibarr <removed> + [jessie] - dolibarr <ignored> (Scheduled for removal) NOTE: https://github.com/Dolibarr/dolibarr/issues/7727 CVE-2017-1000508 (Invoice Plane version 1.5.4 and earlier contains a Cross Site ...) NOT-FOR-US: Invoice Plane ===================================== data/dsa-needed.txt ===================================== --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -85,6 +85,8 @@ sharutils (luciano) Maintainer proposed debdiff for review for stretch-security. Pending request back for jessie-security -- +squirrelmail/oldstable +-- sqlite3/oldstable -- sssd/stable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/63b79eced88a6810f993da346bc1bde561e604da...39e7a0b729c73074e0d3d599ff85ed18eb728c62 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/63b79eced88a6810f993da346bc1bde561e604da...39e7a0b729c73074e0d3d599ff85ed18eb728c62 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
