[Git][security-tracker-team/security-tracker][master] autopsy n/a

Moritz Muehlenhoff jmm at debian.org
Fri Dec 21 15:24:44 GMT 2018


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
865e985e by Moritz Muehlenhoff at 2018-12-21T15:24:19Z
autopsy n/a
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -92,11 +92,11 @@ CVE-2018-1000876 (binutils version 2.32 and earlier contains a Integer Overflow
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23994
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f
 CVE-2018-1000875 (Berkeley Open Infrastructure for Network Computing BOINC Server and ...)
-	TODO: check
+	NOT-FOR-US: BOINC server (src:boinc only covers the client)
 CVE-2018-1000874 (PHP Markdown version 1.2.0 and earlier contains a Cross Site Scripting ...)
-	TODO: check
+	NOT-FOR-US: cebe markdown parser (different from src:php-markdown)
 CVE-2018-1000873 (Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper ...)
-	TODO: check
+	TODO: check, could affect any of the src-jackson* packages
 CVE-2018-1000872 (OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: ...)
 	- python-pykmip <unfixed> (low)
 	[stretch] - python-pykmip <no-dsa> (Minor issue)
@@ -153,17 +153,17 @@ CVE-2018-1000845 (Avahi version 0.7 contains a Incorrect Access Control vulnerab
 CVE-2018-1000844 (Square Open Source Retrofit version Prior to commit ...)
 	NOT-FOR-US: Square Retrofit
 CVE-2018-1000843 (Luigi version prior to version 2.8.0; after commit ...)
-	TODO: check
+	NOT-FOR-US: Luigi
 CVE-2018-1000842 (FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, ...)
 	NOT-FOR-US: FatFreeCRM
 CVE-2018-1000841 (Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) ...)
-	TODO: check
+	NOT-FOR-US: Zend.To
 CVE-2018-1000840 (Processing Foundation Processing version 3.4 and earlier contains a ...)
-	TODO: check
+	NOT-FOR-US: Processing Foundation Processing
 CVE-2018-1000839 (LH-EHR version REL-2_0_0 contains a Arbitrary File Upload ...)
-	TODO: check
+	NOT-FOR-US: LH-EHR
 CVE-2018-1000838 (autopsy version <= 4.9.0 contains a XML External Entity (XXE) ...)
-	TODO: check
+	- autopsy <not-affected> (The ancient version in Debian predates the Java rewrite)
 CVE-2018-1000837 (UML Designer version <= 8.0.0 contains a XML External Entity (XXE) ...)
 	TODO: check
 CVE-2018-1000836 (bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/865e985ec7f17bae68e054cf725bace4aa7f0793

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/865e985ec7f17bae68e054cf725bace4aa7f0793
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181221/4a22fe7c/attachment.html>


More information about the debian-security-tracker-commits mailing list