[Git][security-tracker-team/security-tracker][master] "new" ghostscript issue

Moritz Muehlenhoff jmm at debian.org
Fri Jun 1 10:05:12 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
63b57330 by Moritz Muehlenhoff at 2018-06-01T11:04:31+02:00
"new" ghostscript issue
mark one wireshark issue ignored for stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,9 @@
+CVE-2016-XXXX [ghostscript: lack of dSafer validation for status command]
+	- ghostscript 9.22~dfsg-1 (low)
+	[stretch] - ghostscript <postponed> (Be be fixed along in future update)
+	[jessie] - ghostscript <postponed> (Be be fixed along in future update)
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697193
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b60d50b7567369ad856cebe1efb6cd7dd2284219
 CVE-2018-11644
 	RESERVED
 CVE-2018-11643
@@ -693,7 +699,8 @@ CVE-2018-11362 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDS
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f177008b04a530640de835ca878892e58b826d58
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-25.html
 CVE-2018-11361 (In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. ...)
-	- wireshark <unfixed>
+	- wireshark <unfixed> (low)
+	[stretch] - wireshark <ignored> (Minor issue, also wasn't backported to older branches due to low impact)
 	[jessie] - wireshark <not-affected> (vulnerable code not present (TDLS support added in version 2.1.0))
 	[wheezy] - wireshark <not-affected> (vulnerable code not present (TDLS support added in version 2.1.0))
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14686



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/63b57330b742594892961ccb5b25d29e8946ce02

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/63b57330b742594892961ccb5b25d29e8946ce02
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180601/08e9f803/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list