[Git][security-tracker-team/security-tracker][master] psensor, yubico-pam, kodi no-dsa

Mon Apr 23 19:57:56 BST 2018

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d4d3e83a by Moritz Muehlenhoff at 2018-04-23T20:56:31+02:00
psensor, yubico-pam, kodi no-dsa
remove commentless n/a entry for sharutils, those need proper information, e.g.
   a NOTE: which points to the commit/version which introduced the affected code

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -132,7 +132,8 @@ CVE-2018-10243
 CVE-2018-10242
 	RESERVED
 CVE-2014-10073 (The create_response function in server/server.c in Psensor before 1.1.4 ...)
-	- psensor 1.1.5-1 (bug #896195)
+	- psensor 1.1.5-1 (low; bug #896195)
+	[jessie] - psensor <no-dsa> (Minor issue)
 	NOTE: http://git.wpitchoune.net/gitweb/?p=psensor.git;a=commitdiff;h=8b10426dcc0246c1712a99460dd470dcb1cc4d9c
 CVE-2018-10241
 	RESERVED
@@ -2314,6 +2315,7 @@ CVE-2018-9276
 	RESERVED
 CVE-2018-9275 (In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) ...)
 	- yubico-pam <unfixed> (bug #896491)
+	[stretch] - yubico-pam <no-dsa> (Minor issue)
 	[jessie] - yubico-pam <not-affected> (Vulnerable code introduced later)
 	[wheezy] - yubico-pam <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1088027
@@ -3472,8 +3474,10 @@ CVE-2018-8833
 CVE-2018-8832 (enhavo 0.4.0 has XSS via a user-group that contains executable ...)
 	NOT-FOR-US: enhavo
 CVE-2018-8831 (A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through ...)
-	- kodi <unfixed>
+	- kodi <unfixed> (low)
+	[stretch] - kodi <no-dsa> (Minor issue)
 	- xbmc <removed>
+	[jessie] - xbmc <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2018/Apr/36
 	NOTE: https://trac.kodi.tv/ticket/17814
 CVE-2018-8830
@@ -5222,7 +5226,6 @@ CVE-2018-8085
 CVE-2018-1000097 (Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer ...)
 	{DSA-4167-1}
 	- sharutils 1:4.15.2-3 (bug #893525)
-	[wheezy] - sharutils <not-affected> 
 	NOTE: http://seclists.org/bugtraq/2018/Feb/54
 CVE-2018-1000096 (brianleroux tiny-json-http version all versions since commit ...)
 	NOT-FOR-US: tiny-json-http



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4d3e83a8424be38654b01e13edcb813df23b6eb

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4d3e83a8424be38654b01e13edcb813df23b6eb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180423/fe4503bf/attachment-0001.html>
