[Git][security-tracker-team/security-tracker][master] stretch triage

Wed Aug 15 19:48:10 BST 2018

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fd5acd84 by Moritz Muehlenhoff at 2018-08-15T18:47:47Z
stretch triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -853,6 +853,7 @@ CVE-2018-XXXX [Heap-based buffer overflow in zutils zcat]
 	NOTE: Fixed by: upstream/0001-zcat-buffer-overrun.patch (in 1.7-3)
 CVE-2018-14938 (An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through ...)
 	- tcpflow <unfixed> (bug #905483)
+	[stretch] - tcpflow <no-dsa> (Minor issue)
 	NOTE: https://github.com/simsong/tcpflow/commit/a4e1cd14eb5ccc51ed271b65b3420f7d692c40eb
 	NOTE: https://github.com/simsong/tcpflow/issues/182
 CVE-2018-14937 (The Add page option in my little forum 2.4.12 allows XSS via the Menu ...)
@@ -1788,6 +1789,7 @@ CVE-2018-14569
 	RESERVED
 CVE-2018-1999024 (MathJax version prior to version 2.7.4 contains a Cross Site Scripting ...)
 	- mathjax 2.7.4+dfsg-1
+	[stretch] - mathjax <no-dsa> (Minor issue)
 	NOTE: https://github.com/mathjax/MathJax/commit/a55da396c18cafb767a26aa9ad96f6f4199852f1
 CVE-2018-1999021 (Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) ...)
 	NOT-FOR-US: Gleezcms Gleez Cms
@@ -18400,6 +18402,7 @@ CVE-2018-8033
 	RESERVED
 CVE-2018-8032 (Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site ...)
 	- axis <unfixed> (bug #905328)
+	[stretch] - axis <no-dsa> (Minor issue)
 	NOTE: https://issues.apache.org/jira/browse/AXIS-2924
 	NOTE: https://svn.apache.org/r1831943
 CVE-2018-8031 (The TomEE console (tomee-webapp) has a XSS vulnerability which could ...)


=====================================
data/dsa-needed.txt
=====================================
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -18,6 +18,8 @@ If needed, specify the release by adding a slash after the name of the source pa
 asterisk
   berni working on updates
 --
+ceph
+--
 enigmail
 --
 gitlab
@@ -52,6 +54,8 @@ mariadb-10.1/stable
   including some other changes -> Needs review if suitable to include via
   security upload or need an SRM ack first.
 --
+mbedtls
+--
 mercurial
 --
 mosquitto (seb)
@@ -68,6 +72,8 @@ openjfx
 --
 openjpeg2 (luciano)
 --
+otrs2
+--
 passenger
 --
 php-horde-image



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fd5acd849355c3e87b95df2e09a902a836233b65

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fd5acd849355c3e87b95df2e09a902a836233b65
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180815/7089fbb7/attachment.html>
