[Git][security-tracker-team/security-tracker][master] new k8s issue

Moritz Muehlenhoff jmm at debian.org
Thu Dec 20 12:30:50 GMT 2018


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b87e6d01 by Moritz Muehlenhoff at 2018-12-20T12:30:01Z
new k8s issue
two freerdp issues specific to freerdp2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -184,6 +184,7 @@ CVE-2018-20231 (Cross Site Request Forgery (CSRF) in the two-factor-authenticati
 	NOT-FOR-US: two-factor-authentication plugin for WordPress
 CVE-2018-20230 (An issue was discovered in PSPP 1.2.0. There is a heap-based buffer ...)
 	- pspp <unfixed> (bug #916902)
+	[stretch] - pspp <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1660318
 CVE-2018-20229
 	RESERVED
@@ -28703,7 +28704,8 @@ CVE-2018-11709 (wpforo_get_request_uri in wpf-includes/functions.php in the wpFo
 CVE-2018-11708
 	RESERVED
 CVE-2018-1002101 (In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, ...)
-	TODO: check
+	- kubernetes <unfixed>
+	NOTE: https://github.com/kubernetes/kubernetes/issues/65750
 CVE-2016-1000343 (In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key ...)
 	{DLA-1418-1}
 	- bouncycastle 1.56-1
@@ -36488,10 +36490,12 @@ CVE-2018-8786 (FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation
 CVE-2018-8785 (FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer ...)
 	- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
 	- freerdp <removed>
+	[stretch] - freerdp <not-affected> (Vulnerable code not present, zgfx not yet supported)
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d
 CVE-2018-8784 (FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer ...)
 	- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
 	- freerdp <removed>
+	[stretch] - freerdp <not-affected> (Vulnerable code not present, zgfx not yet supported)
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7
 CVE-2018-8783
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b87e6d01c57164c0096514e7ff4f993504918aaa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b87e6d01c57164c0096514e7ff4f993504918aaa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181220/dec4362c/attachment.html>


More information about the debian-security-tracker-commits mailing list