[Git][security-tracker-team/security-tracker][master] autopsy n/a
Moritz Muehlenhoff
jmm at debian.org
Fri Dec 21 15:24:44 GMT 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
865e985e by Moritz Muehlenhoff at 2018-12-21T15:24:19Z
autopsy n/a
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -92,11 +92,11 @@ CVE-2018-1000876 (binutils version 2.32 and earlier contains a Integer Overflow
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23994
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f
CVE-2018-1000875 (Berkeley Open Infrastructure for Network Computing BOINC Server and ...)
- TODO: check
+ NOT-FOR-US: BOINC server (src:boinc only covers the client)
CVE-2018-1000874 (PHP Markdown version 1.2.0 and earlier contains a Cross Site Scripting ...)
- TODO: check
+ NOT-FOR-US: cebe markdown parser (different from src:php-markdown)
CVE-2018-1000873 (Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper ...)
- TODO: check
+ TODO: check, could affect any of the src-jackson* packages
CVE-2018-1000872 (OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: ...)
- python-pykmip <unfixed> (low)
[stretch] - python-pykmip <no-dsa> (Minor issue)
@@ -153,17 +153,17 @@ CVE-2018-1000845 (Avahi version 0.7 contains a Incorrect Access Control vulnerab
CVE-2018-1000844 (Square Open Source Retrofit version Prior to commit ...)
NOT-FOR-US: Square Retrofit
CVE-2018-1000843 (Luigi version prior to version 2.8.0; after commit ...)
- TODO: check
+ NOT-FOR-US: Luigi
CVE-2018-1000842 (FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, ...)
NOT-FOR-US: FatFreeCRM
CVE-2018-1000841 (Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Zend.To
CVE-2018-1000840 (Processing Foundation Processing version 3.4 and earlier contains a ...)
- TODO: check
+ NOT-FOR-US: Processing Foundation Processing
CVE-2018-1000839 (LH-EHR version REL-2_0_0 contains a Arbitrary File Upload ...)
- TODO: check
+ NOT-FOR-US: LH-EHR
CVE-2018-1000838 (autopsy version <= 4.9.0 contains a XML External Entity (XXE) ...)
- TODO: check
+ - autopsy <not-affected> (The ancient version in Debian predates the Java rewrite)
CVE-2018-1000837 (UML Designer version <= 8.0.0 contains a XML External Entity (XXE) ...)
TODO: check
CVE-2018-1000836 (bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/865e985ec7f17bae68e054cf725bace4aa7f0793
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/865e985ec7f17bae68e054cf725bace4aa7f0793
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181221/4a22fe7c/attachment.html>
More information about the debian-security-tracker-commits
mailing list