[Git][security-tracker-team/security-tracker][master] Track CVEs assigned for cantata
Salvatore Bonaccorso
carnil at debian.org
Tue Jun 19 09:19:33 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0f717a18 by Salvatore Bonaccorso at 2018-06-19T10:19:14+02:00
Track CVEs assigned for cantata
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11,13 +11,52 @@ CVE-2018-12563 (An issue was discovered in Linaro LAVA before 2018.5.post1. Beca
- lava-server <removed>
NOTE: https://git.linaro.org/lava/lava.git/commit/?id=e24ec39599bc07562ad8bc2a581144b8448cb214
CVE-2018-12562 (An issue was discovered in the cantata-mounter D-Bus service in Cantata ...)
- TODO: check
+ - cantata <unfixed> (bug #901798)
+ [stretch] - cantata <ignored> (cantata-mounter and service not installed)
+ [jessie] - cantata <ignored> (cantata-mounter and service not installed)
+ NOTE: http://www.openwall.com/lists/oss-security/2018/06/18/1
+ NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
+ NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
+ NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
+ NOTE: no-dsa/ignored status is not fully correct, but we cannot state
+ NOTE: "unimportant" severity just for one suite and unstable is more severily
+ NOTE: affected.
+ NOTE: https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3
CVE-2018-12561 (An issue was discovered in the cantata-mounter D-Bus service in Cantata ...)
- TODO: check
+ - cantata <unfixed> (bug #901798)
+ [stretch] - cantata <ignored> (cantata-mounter and service not installed)
+ [jessie] - cantata <ignored> (cantata-mounter and service not installed)
+ NOTE: http://www.openwall.com/lists/oss-security/2018/06/18/1
+ NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
+ NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
+ NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
+ NOTE: no-dsa/ignored status is not fully correct, but we cannot state
+ NOTE: "unimportant" severity just for one suite and unstable is more severily
+ NOTE: affected.
+ NOTE: https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3
CVE-2018-12560 (An issue was discovered in the cantata-mounter D-Bus service in Cantata ...)
- TODO: check
+ - cantata <unfixed> (bug #901798)
+ [stretch] - cantata <ignored> (cantata-mounter and service not installed)
+ [jessie] - cantata <ignored> (cantata-mounter and service not installed)
+ NOTE: http://www.openwall.com/lists/oss-security/2018/06/18/1
+ NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
+ NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
+ NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
+ NOTE: no-dsa/ignored status is not fully correct, but we cannot state
+ NOTE: "unimportant" severity just for one suite and unstable is more severily
+ NOTE: affected.
CVE-2018-12559 (An issue was discovered in the cantata-mounter D-Bus service in Cantata ...)
- TODO: check
+ - cantata <unfixed> (bug #901798)
+ [stretch] - cantata <ignored> (cantata-mounter and service not installed)
+ [jessie] - cantata <ignored> (cantata-mounter and service not installed)
+ NOTE: http://www.openwall.com/lists/oss-security/2018/06/18/1
+ NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
+ NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
+ NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
+ NOTE: no-dsa/ignored status is not fully correct, but we cannot state
+ NOTE: "unimportant" severity just for one suite and unstable is more severily
+ NOTE: affected.
+ NOTE: https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3
CVE-2018-12558
RESERVED
CVE-2018-12557 (An issue was discovered in Zuul 3.x before 3.1.0. If nodes become ...)
@@ -94,17 +133,6 @@ CVE-2018-12522 (An issue was discovered in perfSONAR Monitoring and Debugging Da
NOT-FOR-US: perfSONAR Monitoring and Debugging Dashboard (MaDDash)
CVE-2018-12521
RESERVED
-CVE-2018-XXXX [cantata-mounter D-Bus service local privilege escalation and other security issues]
- - cantata <unfixed> (bug #901798)
- [stretch] - cantata <ignored> (cantata-mounter and service not installed)
- [jessie] - cantata <ignored> (cantata-mounter and service not installed)
- NOTE: http://www.openwall.com/lists/oss-security/2018/06/18/1
- NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
- NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
- NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
- NOTE: no-dsa/ignored status is not fully correct, but we cannot state
- NOTE: "unimportant" severity just for one suite and unstable is more severily
- NOTE: affected.
CVE-2018-12520
RESERVED
CVE-2018-12519
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f717a186293e854fd7c3d5a470ca26d05c46c5e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f717a186293e854fd7c3d5a470ca26d05c46c5e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180619/a4d26854/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list