[Git][security-tracker-team/security-tracker][master] stretch triage

Moritz Muehlenhoff jmm at debian.org
Fri Dec 7 20:10:18 GMT 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
023a7b50 by Moritz Muehlenhoff at 2018-12-07T20:09:18Z
stretch triage
mark sqlite3 as untermined for now, this could be entirely limited to Chromium's use of sqlite
  recheck once details are available

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1541,8 +1541,9 @@ CVE-2018-19657
 CVE-2018-19656
 	RESERVED
 CVE-2018-19655 (A stack-based buffer overflow in the find_green() function of dcraw ...)
-	- ufraw 0.22-3.1 (bug #890086)
-	- dcraw 9.28-2 (bug #906529)
+	- ufraw 0.22-3.1 (unimportant; bug #890086)
+	- dcraw 9.28-2 (unimportant; bug #906529)
+	NOTE: No security impact, crash in CLI tool
 CVE-2018-19654 (An issue was discovered in Sales & Company Management System (SCMS) ...)
 	NOT-FOR-US: Sales & Company Management System (SCMS)
 CVE-2018-19653
@@ -4607,7 +4608,8 @@ CVE-2018-19499 (Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code .
 CVE-2018-19498
 	RESERVED
 CVE-2018-19497 (In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c ...)
-	- sleuthkit <unfixed> (bug #914796)
+	- sleuthkit <unfixed> (low; bug #914796)
+	[stretch] - sleuthkit <no-dsa> (Minor issue)
 	NOTE: https://github.com/sleuthkit/sleuthkit/pull/1374
 	NOTE: https://github.com/sleuthkit/sleuthkit/commit/bc04aa017c0bd297de8a3b7fc40ffc6ddddbb95d
 CVE-2018-19496
@@ -7776,7 +7778,7 @@ CVE-2018-18345
 	- chromium 71.0.3578.80-1
 CVE-2018-18344
 	RESERVED
-	- sqlite3 <unfixed>
+	- sqlite3 <undetermined>
 	- chromium 71.0.3578.80-1
 CVE-2018-18343
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/023a7b507343ea3133d50b66abc21c737f493aa9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/023a7b507343ea3133d50b66abc21c737f493aa9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181207/fc43d304/attachment.html>

More information about the debian-security-tracker-commits mailing list