[Git][security-tracker-team/security-tracker][master] 2 commits: Remove no-dsa tags for upcoming nagios3 update.
Markus Koschany
apo at debian.org
Mon Dec 24 16:20:44 GMT 2018
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a44c19fc by Markus Koschany at 2018-12-24T16:19:12Z
Remove no-dsa tags for upcoming nagios3 update.
- - - - -
dfa0b03e by Markus Koschany at 2018-12-24T16:20:34Z
Reserve DLA-1615-1 for nagios3
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -113304,7 +113304,6 @@ CVE-2016-9567 (The mDNIe system service on Samsung Mobile S7 devices with M(6.0)
CVE-2016-9566 (base/logging.c in Nagios Core before 4.2.4 allows local users with ...)
{DLA-751-1}
- nagios3 <removed>
- [jessie] - nagios3 <no-dsa> (Minor issue)
[wheezy] - nagios3 <no-dsa> (Minor issue)
NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4
NOTE: https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html
@@ -190295,7 +190294,6 @@ CVE-2014-1878 (Stack-based buffer overflow in the cmd_submitf function in cgi/cm
{DSA-2956-1 DLA-461-1 DLA-60-1}
- icinga 1.10.3-1
- nagios3 <removed> (bug #823721)
- [jessie] - nagios3 <no-dsa> (Minor issue)
NOTE: Fixed by https://github.com/Icinga/icinga-core/commit/eedf4f7d88cdc50843572224eb38a2f5c78a2dc5
CVE-2014-1873
RESERVED
@@ -194445,7 +194443,6 @@ CVE-2013-7220 (js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8
NOTE: https://git.gnome.org/browse/gnome-shell/commit/js/ui/screenShield.js?id=209014b083dbe86ed0e0860a6016735571b56f94
CVE-2013-7205 (Off-by-one error in the process_cgivars function in ...)
- nagios3 <removed> (low; bug #771466)
- [jessie] - nagios3 <no-dsa> (Minor issue)
[squeeze] - nagios3 <no-dsa> (Minor issue)
[wheezy] - nagios3 <no-dsa> (Minor issue)
NOTE: additional changed files for nagios3, cf. CVE-2013-7108
@@ -194604,7 +194601,6 @@ CVE-2013-7108 (Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earli
{DSA-2956-1 DLA-60-1}
- icinga 1.10.2-1 (low)
- nagios3 <removed> (low; bug #771466)
- [jessie] - nagios3 <no-dsa> (Minor issue)
[squeeze] - nagios3 <no-dsa> (Minor issue)
[wheezy] - nagios3 <no-dsa> (Minor issue)
NOTE: https://dev.icinga.org/issues/5251
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[24 Dec 2018] DLA-1615-1 nagios3 - security update
+ {CVE-2013-7108 CVE-2013-7205 CVE-2014-1878 CVE-2016-9566 CVE-2018-18245}
+ [jessie] - nagios3 3.5.1.dfsg-2+deb8u1
[22 Dec 2018] DLA-1614-1 openjpeg2 - security update
{CVE-2018-6616 CVE-2018-14423}
[jessie] - openjpeg2 2.1.0-2+deb8u6
=====================================
data/dla-needed.txt
=====================================
@@ -88,8 +88,6 @@ linux (Ben Hutchings)
--
linux-4.9 (Ben Hutchings)
--
-nagios3 (Markus Koschany)
---
nettle
--
nss (Roberto C. Sánchez)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f11d274ecc5ad181acd397dde263d787b3e2cc08...dfa0b03e26ea1a626c855c78cde33d0c7e646fe6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f11d274ecc5ad181acd397dde263d787b3e2cc08...dfa0b03e26ea1a626c855c78cde33d0c7e646fe6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181224/6261d684/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list