[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] historic OBS issue

Thu Apr 5 20:26:40 BST 2018

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f614ef87 by Moritz Muehlenhoff at 2018-04-05T21:26:02+02:00
historic OBS issue
resolved some TODOs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5786,17 +5786,14 @@ CVE-2018-7175 (An issue was discovered in xpdf 4.00. A NULL pointer dereference 
 	- xpdf <unfixed> (unimportant)
 	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=613
 	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
-	TODO: check, poppler
 CVE-2018-7174 (An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref ...)
 	- xpdf <unfixed> (unimportant)
 	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=605
 	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
-	TODO: check, poppler
 CVE-2018-7173 (A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an ...)
 	- xpdf <unfixed> (unimportant)
 	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=607
 	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
-	TODO: check, poppler
 CVE-2018-1000068 (An improper input validation vulnerability exists in Jenkins versions ...)
 	- jenkins <removed>
 CVE-2018-1000067 (An improper authorization vulnerability exists in Jenkins versions ...)
@@ -44664,7 +44661,6 @@ CVE-2017-10689 (In previous versions of Puppet Agent it was possible to install 
 	NOTE: https://tickets.puppetlabs.com/browse/PUP-7866
 	NOTE: https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee
 	NOTE: https://github.com/puppetlabs/puppet/commit/983154f7e29a2a50d416d889a6fed012b9b12399
-	TODO: check, similar issue might be in ruby-puppet-forge
 CVE-2017-10688 (In LibTIFF 4.0.8, there is a assertion abort in the ...)
 	{DSA-3903-1 DLA-1022-1}
 	- tiff 4.0.8-3 (bug #866611)
@@ -200148,7 +200144,7 @@ CVE-2011-3180 (kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2
 CVE-2011-3179 (The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and ...)
 	NOT-FOR-US: Novell Messenger
 CVE-2011-3178 (In the web ui of the openbuildservice before 2.3.0 a code injection of ...)
-	TODO: check
+	- open-build-service <not-affected> (Fixed before initial upload to Debian)
 CVE-2011-3177 (The YaST2 network created files with world readable permissions which ...)
 	NOT-FOR-US: YaST
 CVE-2011-3176 (Stack-based buffer overflow in the Preboot Service in Novell ZENworks ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f614ef87624d442799ccdbe7d59adc43a4311714

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f614ef87624d442799ccdbe7d59adc43a4311714
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180405/2317b6d4/attachment.html>
