[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 3 commits: add mailman

Sat Jan 27 16:04:21 UTC 2018

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a4f9044c by Moritz Muehlenhoff at 2018-01-27T17:03:13+01:00
add mailman

- - - - -
558e793e by Moritz Muehlenhoff at 2018-01-27T17:03:49+01:00
miniupnnd no-dsa
remove some tiff issues which are pending for DSA

- - - - -
33848e11 by Moritz Muehlenhoff at 2018-01-27T17:04:11+01:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2425,6 +2425,8 @@ CVE-2018-5361 (The WPGlobus plugin 1.9.6 for WordPress has CSRF via ...)
 	NOT-FOR-US: WPGlobus plugin for WordPress
 CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as ...)
 	- tiff <unfixed>
+	[stretch] - tiff <postponed> (Minor issue, revisit once fixed upstream)
+	[jessie] - tiff <postponed> (Minor issue, revisit once fixed upstream)
 	- tiff3 <removed>
 	NOTE: Issue demostrated in tiff via a vector through graphicsmagick, cf.
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/540/
@@ -3685,6 +3687,8 @@ CVE-2017-1000495 (QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site
 	NOT-FOR-US: QuickApps CMS
 CVE-2017-1000494 (Uninitialized stack variable vulnerability in NameValueParserEndElt ...)
 	- miniupnpd <unfixed> (bug #887129)
+	[stretch] - miniupnpd <no-dsa> (Minor issue)
+	[jessie] - miniupnpd <no-dsa> (Minor issue)
 	- miniupnpc <unfixed> (unimportant)
 	NOTE: https://github.com/miniupnp/miniupnp/issues/268
 	NOTE: https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a
@@ -25669,9 +25673,8 @@ CVE-2017-14051 (An integer overflow in the qla2x00_sysfs_write_optrom_ctl functi
 	NOTE: https://patchwork.kernel.org/patch/9929625/
 	NOTE: Non issue, only "exploitable" with root access
 CVE-2017-14034 (The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used ...)
-	- ffmpeg <unfixed>
+	- ffmpeg <undetermined>
 	NOTE: Issue 3 from https://github.com/ebel34/bpg-web-encoder/issues/1
-	TODO: check
 CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, ...)
 	{DSA-4031-1 DLA-1114-1}
 	- ruby2.3 2.3.5-1 (bug #875928)
@@ -26516,8 +26519,6 @@ CVE-2017-13727 (There is a reachable assertion abort in the function ...)
 CVE-2017-13726 (There is a reachable assertion abort in the function ...)
 	{DLA-1093-1}
 	- tiff 4.0.8-5 (bug #873880)
-	[stretch] - tiff <no-dsa> (Minor issue)
-	[jessie] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed>
 	[wheezy] - tiff3 <not-affected> (Vulnerable code not present)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2727
@@ -41079,7 +41080,6 @@ CVE-2017-8856 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 
 CVE-2016-10371 (The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in ...)
 	{DLA-969-1}
 	- tiff 4.0.7-7 (low; bug #862929)
-	[jessie] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed>
 	[wheezy] - tiff3 <no-dsa> (tiff tools are not built, can be fixed later)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2535


=====================================
data/dsa-needed.txt
=====================================
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -35,6 +35,8 @@ libvpx/oldstable
 linux
   Wait until more issues have piled up
 --
+mailman
+--
 mercurial
 --
 openjdk-7/oldstable (jmm)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d3affa533676f8a747a1a6b77386bdccfadd5982...33848e11b102edd65deba14b9c7d461d4421b2b8

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d3affa533676f8a747a1a6b77386bdccfadd5982...33848e11b102edd65deba14b9c7d461d4421b2b8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180127/8de69db5/attachment-0001.html>
