[Git][security-tracker-team/security-tracker][master] bugs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e87f3a0 by Moritz Muehlenhoff at 2018-06-29T23:15:01+02:00
bugs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -941,7 +941,7 @@ CVE-2018-1000541
 CVE-2018-1000540 (LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd ...)
 	NOT-FOR-US: LoboEvolution
 CVE-2018-1000539 (Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper ...)
-	- ruby-json-jwt <unfixed>
+	- ruby-json-jwt <unfixed> (bug #902721)
 	NOTE: https://github.com/nov/json-jwt/pull/62
 	NOTE: https://github.com/nov/json-jwt/commit/3393f394f271c87bd42ec23c300727b4437d1638
 CVE-2018-1000538 (Minio Inc. Minio S3 server version prior to ...)
@@ -957,7 +957,7 @@ CVE-2018-1000534 (Joplin version prior to 1.0.90 contains a XSS evolving into co
 CVE-2018-1000533 (klaussilveira GitList version <= 0.6 contains a Passing incorrectly ...)
 	NOT-FOR-US: klaussilveira GitList
 CVE-2018-1000532 (beep version 1.3 and up contains a External Control of File Name or ...)
-	- beep <unfixed>
+	- beep <unfixed> (bug #902722)
 CVE-2018-1000531 (inversoft prime-jwt version prior to commit ...)
 	NOT-FOR-US: prime-jwt
 CVE-2018-1000530
@@ -965,7 +965,7 @@ CVE-2018-1000530
 CVE-2018-1000529 (Grails Fields plugin version 2.2.7 contains a Cross Site Scripting ...)
 	NOT-FOR-US: Grails Fields plugin
 CVE-2018-1000528 (GONICUS GOsa version before commit ...)
-	- gosa <unfixed> (low)
+	- gosa <unfixed> (low; bug #902723)
 	NOTE: https://github.com/gosa-project/gosa-core/commit/56070d6289d47ba3f5918885954dcceb75606001
 	NOTE: https://github.com/gosa-project/gosa-core/issues/14
 CVE-2018-1000527 (Froxlor version <= 0.9.39.5 contains a PHP Object Injection ...)
@@ -991,7 +991,7 @@ CVE-2018-1000519 (aio-libs aiohttp-session contains a Session Fixation vulnerabi
 CVE-2018-1000518 (aaugustin websockets version 4 contains a CWE-409: Improper Handling ...)
 	NOT-FOR-US: aaugustin websockets
 CVE-2018-1000517 (BusyBox project BusyBox wget version prior to commit ...)
-	- busybox <unfixed> (low)
+	- busybox <unfixed> (low; bug #902724)
 	NOTE: https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e
 CVE-2018-1000516 (The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper ...)
 	NOT-FOR-US: Galaxy Project Galaxy
@@ -1076,7 +1076,7 @@ CVE-2018-12619
 CVE-2018-12618
 	RESERVED
 CVE-2018-12617 (qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in ...)
-	- qemu <unfixed>
+	- qemu <unfixed> (low; bug #902725)
 	[stretch] - qemu <postponed> (Minor issue, wait until more severe issues are around)
 	NOTE: https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e87f3a071bcd52be3b703829e7c570cdf9eaef4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e87f3a071bcd52be3b703829e7c570cdf9eaef4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180629/fe58c74d/attachment.html>