[Git][security-tracker-team/security-tracker][master] Triage results.

Wed Dec 12 22:59:57 GMT 2018

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d14f475b by Ola Lundqvist at 2018-12-12T22:59:43Z
Triage results.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1149,6 +1149,7 @@ CVE-2018-19971
 	RESERVED
 CVE-2018-19970 (In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the ...)
 	- phpmyadmin <unfixed>
+	[jessie] - phpmyadmin <postponed> (Minor issue, can be worth fixing together with other issues)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-8/
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b293ff5f234ef493336ed8638f623a12164d359e
 CVE-2018-19969 (phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a ...)
@@ -12686,6 +12687,7 @@ CVE-2018-16877
 CVE-2018-16876 [Information disclosure in vvv+ mode with no_log on]
 	RESERVED
 	- ansible <unfixed> (bug #916102)
+	[jessie] - ansible <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/ansible/ansible/pull/49569
 	NOTE: https://github.com/ansible/ansible/commit/4c6d714aefb05366cb329e139214c89ebb364899
 CVE-2018-16875
@@ -16303,6 +16305,7 @@ CVE-2018-15518 [Qt Base: "double free or corruption" in QXmlStreamReader]
 	RESERVED
 	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
 	- qtbase-opensource-src <unfixed>
+	[jessie] - qtbase-opensource-src <ignored> (Minor issue)
 	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
 	NOTE: https://codereview.qt-project.org/#/c/236691/
 	TODO: check for completeness


=====================================
data/dla-needed.txt
=====================================
@@ -85,6 +85,10 @@ linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)
 --
+nss
+  NOTE: 20181212: Bug report not public but it is likely that the package is vulnerable. Maintainer not contacted
+  NOTE: 20181212: yet. Further investigation needed.
+--
 openjpeg2 (Hugo Lefeuvre)
   NOTE: working a second batch of patches to fix the remaining issues worth taking time.
   NOTE: The rest will wait for upstream patches/no-dsa
@@ -98,6 +102,8 @@ pdns-recursor (Abhijith PA)
 php5 (Roberto C. Sánchez)
   NOTE: 20181210: Upstream released 5.6.39 just a few days ago, that version will be packaged (roberto)
 --
+phpmyadmin
+--
 polarssl
   NOTE: 20121207: Not 100% sure if vulnerable. Upstream would prefer us to move to latest version, etc. (!). (lamby)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d14f475baa4e068e52bd1681a9c05e3ccd006a12

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d14f475baa4e068e52bd1681a9c05e3ccd006a12
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181212/9bd6e1c6/attachment.html>
