[Git][security-tracker-team/security-tracker][master] 4 commits: follow security team with no-dsa for CVE-2018-13988

Fri Aug 3 10:49:11 BST 2018

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6cd754f1 by Thorsten Alteholz at 2018-08-03T09:41:28Z
follow security team with no-dsa for CVE-2018-13988

- - - - -
cb9b6976 by Thorsten Alteholz at 2018-08-03T09:42:21Z
follow security team with no-dsa for CVE-2018-14505

- - - - -
dc4c4096 by Thorsten Alteholz at 2018-08-03T09:45:20Z
follow security team with no-dsa for CVE-2018-10916

- - - - -
f7613afe by Thorsten Alteholz at 2018-08-03T09:47:03Z
mark CVEs for non-free packages as no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -976,6 +976,7 @@ CVE-2018-1999023 (The Battle for Wesnoth Project version 1.7.0 through 1.14.3 co
 CVE-2018-14505 (mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to ...)
 	- mitmproxy <unfixed> (bug #904293)
 	[stretch] - mitmproxy <no-dsa> (Minor issue)
+	[jessie] - mitmproxy <no-dsa> (Minor issue)
 	NOTE: https://github.com/mitmproxy/mitmproxy/issues/3234
 	NOTE: https://github.com/mitmproxy/mitmproxy/pull/3243
 CVE-2018-14499
@@ -2312,6 +2313,7 @@ CVE-2018-13989 (Grundig Smart Inter at ctive TV 3.0 devices allow CSRF attacks via 
 CVE-2018-13988 (Poppler through 0.62 contains a Buffer Overflow vulnerability due to ...)
 	- poppler <unfixed> (low; bug #904922)
 	[stretch] - poppler <no-dsa> (Minor issue)
+	[jessie] - poppler <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1602838
 	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee (poppler-0.67.0)
 CVE-2018-13987
@@ -9999,6 +10001,7 @@ CVE-2018-10917
 CVE-2018-10916 (It has been discovered that lftp up to and including version 4.8.3 ...)
 	- lftp 4.8.4-1 (bug #905163)
 	[stretch] - lftp <no-dsa> (Minor issue)
+	[jessie] - lftp <no-dsa> (Minor issue)
 	NOTE: https://github.com/lavv17/lftp/issues/452
 	NOTE: https://github.com/lavv17/lftp/commit/a27e07d90a4608ceaf928b1babb27d4d803e1992
 CVE-2018-10915
@@ -90073,6 +90076,7 @@ CVE-2017-0562 (An elevation of privilege vulnerability in the MediaTek touchscre
 CVE-2017-0561 (A remote code execution vulnerability in the Broadcom Wi-Fi firmware ...)
 	- firmware-nonfree 20180518-1 (bug #869639)
 	[stretch] - firmware-nonfree <no-dsa> (non-free not supported)
+	[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
 CVE-2017-0560 (An information disclosure vulnerability in the factory reset process ...)
 	NOT-FOR-US: Android
 CVE-2017-0559 (An information disclosure vulnerability in libskia could enable a ...)
@@ -120492,6 +120496,7 @@ CVE-2016-0802 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4
 CVE-2016-0801 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, ...)
 	- firmware-nonfree 20180518-1 (bug #869639)
 	[stretch] - firmware-nonfree <no-dsa> (non-free not supported)
+	[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
 CVE-2016-0800 (The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before ...)
 	- openssl 1.0.0c-2
 	- nss 3.13



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/58de6ef590493c162d6717e24da3a91008def93e...f7613afe54bf56aa6f0db85229fea3c6890307eb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/58de6ef590493c162d6717e24da3a91008def93e...f7613afe54bf56aa6f0db85229fea3c6890307eb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180803/598da1c9/attachment.html>
