[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] jakarta-jmeter no-dsa

Moritz Muehlenhoff jmm at debian.org
Wed Mar 14 21:59:40 UTC 2018


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b79e5971 by Moritz Muehlenhoff at 2018-03-14T22:59:03+01:00
jakarta-jmeter no-dsa
libgcrypt, afflib unimportant

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1400,8 +1400,9 @@ CVE-2018-8052
 CVE-2018-8051
 	RESERVED
 CVE-2018-8050 (The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka ...)
-	- afflib <unfixed> (bug #892599)
+	- afflib <unfixed> (unimportant; bug #892599)
 	NOTE: https://github.com/sshock/AFFLIBv3/commit/435a2ca802358a3debb6d164d2c33049131df81c
+	NOTE: Negligable security impact
 CVE-2018-8049
 	RESERVED
 CVE-2018-8048
@@ -4907,14 +4908,17 @@ CVE-2018-6831
 CVE-2018-6830
 	RESERVED
 CVE-2018-6829 (cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt ...)
-	- libgcrypt20 <unfixed>
-	- libgcrypt11 <removed>
+	- libgcrypt20 <unfixed> (unimportant)
+	- libgcrypt11 <removed> (unimportant)
 	- gnupg1 <unfixed> (unimportant)
 	- gnupg <removed> (unimportant)
 	NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal
 	NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
 	NOTE: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
 	NOTE: GnuPG uses ElGamal in hybrid mode only.
+	NOTE: This is not a vulnerability in libgcrypt, but in an application using
+	NOTE: it in an insecure manner, see also
+	NOTE: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004401.html
 CVE-2018-6828
 	RESERVED
 CVE-2018-6827 (VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates ...)
@@ -19670,7 +19674,9 @@ CVE-2018-1298 (A Denial of Service vulnerability was found in Apache Qpid Broker
 	NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=30ca170
 	NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=4b9fb37
 CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x and ...)
-	- jakarta-jmeter <unfixed>
+	- jakarta-jmeter <unfixed> (low)
+	[stretch] - jakarta-jmeter <no-dsa> (Minor issue)
+	[jessie] - jakarta-jmeter <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/1
 	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
 CVE-2018-1296
@@ -19695,7 +19701,9 @@ CVE-2018-1289
 CVE-2018-1288
 	RESERVED
 CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI ...)
-	- jakarta-jmeter <unfixed>
+	- jakarta-jmeter <unfixed> (low)
+	[stretch] - jakarta-jmeter <no-dsa> (Minor issue)
+	[jessie] - jakarta-jmeter <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/2
 	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
 CVE-2018-1286 (In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b79e5971b61f155ea6ab97a62423743040237310

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b79e5971b61f155ea6ab97a62423743040237310
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180314/4c24b103/attachment.html>


More information about the Secure-testing-commits mailing list