[Git][security-tracker-team/security-tracker][master] new qutebrowser, ocsinventory and ruby-zip issues

Moritz Muehlenhoff jmm at debian.org
Thu Jun 28 11:33:00 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
596a22f8 by Moritz Muehlenhoff at 2018-06-28T12:32:27+02:00
new qutebrowser, ocsinventory and ruby-zip issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -664,11 +664,16 @@ CVE-2018-12639
 CVE-2018-12638
 	RESERVED
 CVE-2018-1000559 (qutebrowser version introduced in v0.11.0 ...)
-	TODO: check
+	- qutebrowser 1.3.3-1
+	NOTE: https://github.com/qutebrowser/qutebrowser/commit/4c9360237f186681b1e3f2a0f30c45161cf405c7
+	NOTE: https://github.com/qutebrowser/qutebrowser/commit/5a7869f2feaa346853d2a85413d6527c87ef0d9f
+	NOTE: https://github.com/qutebrowser/qutebrowser/issues/4011 
 CVE-2018-1000558 (OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and ...)
-	TODO: check
+	- ocsinventory-server 2.4.1+dfsg-1 (unimportant)
+	NOTE: Authentication is needed, only supported in trusted environments, see debtags
 CVE-2018-1000557 (OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross ...)
-	TODO: check
+	- ocsinventory-server 2.4.1+dfsg-1 (unimportant)
+	NOTE: Authentication is needed, only supported in trusted environments, see debtags
 CVE-2018-1000556 (WordPress version 4.8 + contains a Cross Site Scripting (XSS) ...)
 	TODO: check
 CVE-2018-1000555
@@ -694,7 +699,8 @@ CVE-2018-1000546 (Triplea version <= 1.9.0.0.10291 contains a XML External En
 CVE-2018-1000545
 	REJECTED
 CVE-2018-1000544 (rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory ...)
-	TODO: check
+	- ruby-zip <unfixed>
+	NOTE: https://github.com/rubyzip/rubyzip/issues/369
 CVE-2018-1000543 (Akiee version 0.0.3 contains a XSS leading to code execution due to ...)
 	NOT-FOR-US: Akiee
 CVE-2018-1000542 (netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/596a22f874ba4f1aae5de915c82167faac5a8ac3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/596a22f874ba4f1aae5de915c82167faac5a8ac3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180628/7ead4770/attachment.html>

More information about the debian-security-tracker-commits mailing list