[Git][security-tracker-team/security-tracker][master] 3 commits: add additional CVE ID fixed in firefox ESR, thanks pochu

Fri Jun 29 11:39:59 BST 2018

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e6763b74 by Moritz Muehlenhoff at 2018-06-29T12:36:20+02:00
add additional CVE ID fixed in firefox ESR, thanks pochu

- - - - -
7047d171 by Moritz Muehlenhoff at 2018-06-29T12:39:09+02:00
new libsoup issue

- - - - -
280ceef5 by Moritz Muehlenhoff at 2018-06-29T12:39:27+02:00
new binutils issue

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -108,7 +108,11 @@ CVE-2018-12936
 CVE-2018-12935
 	RESERVED
 CVE-2018-12934 (remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU ...)
-	TODO: check
+	- binutils <unfixed> (low)
+	[stretch] - binutils <ignored> (Minor issue)
+	[jessie] - binutils <ignored> (Minor issue)
+	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453
+	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23059 
 CVE-2018-12933 (PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to ...)
 	TODO: check
 CVE-2018-12932 (PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to ...)
@@ -157,6 +161,8 @@ CVE-2018-12911
 	RESERVED
 CVE-2018-12910
 	RESERVED
+	- libsoup2.4 2.62.2-2
+	NOTE: https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f
 CVE-2018-12909 (** DISPUTED ** Webgrind 1.5 relies on user input to display a file, ...)
 	NOT-FOR-US: Webgrind
 CVE-2018-12908 (Brynamics "Online Trade - Online trading and cryptocurrency investment ...)


=====================================
data/DSA/list
=====================================
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -2,7 +2,7 @@
 	{CVE-2018-12891 CVE-2018-12892 CVE-2018-12893}
 	[stretch] - xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
 [27 Jun 2018] DSA-4235-1 firefox-esr - security update
-	{CVE-2018-5156 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366}
+	{CVE-2018-5156 CVE-2018-5188 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366}
 	[stretch] - firefox-esr 52.9.0esr-1~deb9u1
 [22 Jun 2018] DSA-4234-1 lava-server - security update
 	{CVE-2018-12564 CVE-2018-12565}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7fcc4cc0e7b3a3b6f9b3ea9eff0871c32cf637c3...280ceef5b34041801b7db212996126507ea05ced

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7fcc4cc0e7b3a3b6f9b3ea9eff0871c32cf637c3...280ceef5b34041801b7db212996126507ea05ced
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180629/7da3976d/attachment.html>
