[Git][security-tracker-team/security-tracker][master] 2 commits: various no-dsa
Moritz Muehlenhoff
jmm at debian.org
Thu Jun 7 22:04:37 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8ca855fe by Moritz Muehlenhoff at 2018-06-07T22:59:58+02:00
various no-dsa
add and take imagemagick
- - - - -
af278a87 by Moritz Muehlenhoff at 2018-06-07T23:04:00+02:00
Merge branch 'master' of https://salsa.debian.org/security-tracker-team/security-tracker
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -648,6 +648,8 @@ CVE-2018-11744
RESERVED
CVE-2018-11743 (The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy ...)
- mruby <unfixed> (bug #900845)
+ [stretch] - mruby <no-dsa> (Minor issue)
+ [jessie] - mruby <no-dsa> (Minor issue)
NOTE: https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d
NOTE: https://github.com/mruby/mruby/issues/4027
CVE-2018-11742
@@ -655,16 +657,24 @@ CVE-2018-11742
CVE-2018-11741
RESERVED
CVE-2018-11740 (An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from ...)
- - sleuthkit <unfixed>
+ - sleuthkit <unfixed> (low)
+ [stretch] - sleuthkit <no-dsa> (Minor issue)
+ [jessie] - sleuthkit <no-dsa> (Minor issue)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1264
CVE-2018-11739 (An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from ...)
- - sleuthkit <unfixed>
+ - sleuthkit <unfixed> (low)
+ [stretch] - sleuthkit <no-dsa> (Minor issue)
+ [jessie] - sleuthkit <no-dsa> (Minor issue)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1267
CVE-2018-11738 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from ...)
- - sleuthkit <unfixed>
+ - sleuthkit <unfixed> (low)
+ [stretch] - sleuthkit <no-dsa> (Minor issue)
+ [jessie] - sleuthkit <no-dsa> (Minor issue)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1265
CVE-2018-11737 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from ...)
- - sleuthkit <unfixed>
+ - sleuthkit <unfixed> (low)
+ [stretch] - sleuthkit <no-dsa> (Minor issue)
+ [jessie] - sleuthkit <no-dsa> (Minor issue)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1266
CVE-2018-1000201
RESERVED
@@ -742,6 +752,7 @@ CVE-2018-11711 (A remote attacker can bypass the System Manager Mode on the Cano
NOT-FOR-US: Canon MF210 and MF220 web interface
CVE-2018-11710 (soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers ...)
- libopenmpt 0.3.9-1
+ [stretch] - libopenmpt <no-dsa> (Minor issue)
NOTE: https://lib.openmpt.org/libopenmpt/2018/04/29/security-updates-0.3.9-0.2-beta32-0.2.7561-beta20.5-p9-0.2.7386-beta20.3-p12/
NOTE: https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10149&peg=10150
CVE-2018-11709 (wpforo_get_request_uri in wpf-includes/functions.php in the wpForo ...)
@@ -7431,6 +7442,8 @@ CVE-2017-18249 (The add_free_nid function in fs/f2fs/node.c in the Linux kernel
CVE-2017-18248 (The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when ...)
{DLA-1387-1}
- cups 2.2.6-1
+ [stretch] - cups <no-dsa> (Minor issue)
+ [jessie] - cups <no-dsa> (Minor issue)
NOTE: https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3
NOTE: https://github.com/apple/cups/issues/5143
CVE-2018-9020 (The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via ...)
@@ -134635,6 +134648,7 @@ CVE-2015-1833 (XML external entity (XXE) vulnerability in Apache Jackrabbit befo
NOTE: https://issues.apache.org/jira/browse/JCR-3883
CVE-2015-1832 (XML external entity (XXE) vulnerability in the SqlXmlUtil code in ...)
- derby 10.13.1.1-1
+ [jessie] - derby <no-dsa> (Minor issue)
NOTE: https://issues.apache.org/jira/browse/DERBY-6807
NOTE: https://svn.apache.org/viewvc?view=revision&revision=1691461
NOTE: Fixed in 10.12.1.1
=====================================
data/dsa-needed.txt
=====================================
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -30,6 +30,8 @@ glusterfs
--
graphicsmagick
--
+imagemagick (jmm)
+--
intel-microcode
or possibly via spu, depends on timing of release and other factors
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e7b69c12a052afae08dba1d6d2167a68609067c0...af278a87604ded42a912c7b5df4d20151eba0068
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e7b69c12a052afae08dba1d6d2167a68609067c0...af278a87604ded42a912c7b5df4d20151eba0068
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180607/c166fafa/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list