[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: add awstats to dsa-needed

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
98ff2232 by Moritz Muehlenhoff at 2018-01-10T23:22:25+01:00
add awstats to dsa-needed

- - - - -
8319b9cb by Moritz Muehlenhoff at 2018-01-10T23:22:38+01:00
coreutils unimportant
phpbb n/a

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -580,12 +580,13 @@ CVE-2017-18020 (On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) softwa
 CVE-2017-18019 (In K7 Total Security before 15.1.0.305, user-controlled input to the ...)
 	NOT-FOR-US: K7 Total Security
 CVE-2017-18018 (In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not ...)
-	- coreutils <unfixed>
+	- coreutils <unfixed> (unimportant)
 	NOTE: http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html
 	NOTE: http://www.openwall.com/lists/oss-security/2018/01/04/3
 	NOTE: Documentation patches proposed:
 	NOTE: https://lists.gnu.org/archive/html/coreutils/2017-12/msg00072.html
 	NOTE: https://lists.gnu.org/archive/html/coreutils/2017-12/msg00073.html
+	NOT-FOR-US: Neutralised by kernel hardening
 CVE-2018-5078 (Online Ticket Booking has XSS via the admin/eventlist.php cast ...)
 	NOT-FOR-US: Online Ticket Booking
 CVE-2018-5077 (Online Ticket Booking has XSS via the admin/movieedit.php moviename ...)
@@ -3307,6 +3308,8 @@ CVE-2017-1000420 (Syncthing version 0.14.33 and older is vulnerable to symlink t
 	NOTE: https://github.com/syncthing/syncthing/issues/4286
 CVE-2017-1000419 (phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar ...)
 	- phpbb3 <removed>
+	[jessie] - phpbb3 <not-affected> (Vulnerable code not present)
+	[wheezy] - phpbb3 <not-affected> (Vulnerable code not present)
 CVE-2017-1000418 (The WildMidi_Open function in WildMIDI since commit ...)
 	- wildmidi 0.4.2-1 (bug #886503)
 	[stretch] - wildmidi <no-dsa> (Minor issue)


=====================================
data/dsa-needed.txt
=====================================
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa
 --
 389-ds-base (fw)
 --
+awstats
+--
 chromium-browser/stable
 --
 gdk-pixbuf



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b338fe1ac75ada5d77b1645389d4bca41fb7c965...8319b9cbfcb998c1213f5c85008e8a966486cbbc

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b338fe1ac75ada5d77b1645389d4bca41fb7c965...8319b9cbfcb998c1213f5c85008e8a966486cbbc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180110/88aa8b03/attachment-0001.html>