[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: add squirrelmail to dsa-needed
Moritz Muehlenhoff
jmm at debian.org
Mon Mar 26 17:18:38 UTC 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3a33deae by Moritz Muehlenhoff at 2018-03-26T19:17:48+02:00
add squirrelmail to dsa-needed
tiff postponed
dolibarr scheduled for removal
nasm, ntp no-dsa
- - - - -
39e7a0b7 by Moritz Muehlenhoff at 2018-03-26T19:18:21+02:00
Merge branch 'master' of https://salsa.debian.org/security-tracker-team/security-tracker
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -286,6 +286,8 @@ CVE-2018-8906 (dsmall v20180320 has XSS via a crafted street address to ...)
NOT-FOR-US: dsmall
CVE-2018-8905 (In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function ...)
- tiff <unfixed> (bug #893806)
+ [stretch] - tiff <postponed> (Can be fixed along in a future DSA)
+ [jessie] - tiff <postponed> (Can be fixed along in a future DSA)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2780
CVE-2018-8904 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
@@ -338,13 +340,19 @@ CVE-2016-10717 (A vulnerability in the encryption and permission implementation
CVE-2018-8884
RESERVED
CVE-2018-8883 (Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the ...)
- - nasm <unfixed>
+ - nasm <unfixed> (low)
+ [stretch] - nasm <no-dsa> (Minor issue)
+ [jessie] - nasm <no-dsa> (Minor issue)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392447
CVE-2018-8882 (Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read ...)
- - nasm <unfixed>
+ - nasm <unfixed> (low)
+ [stretch] - nasm <no-dsa> (Minor issue)
+ [jessie] - nasm <no-dsa> (Minor issue)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392445
CVE-2018-8881 (Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read ...)
- - nasm <unfixed>
+ - nasm <unfixed> (low)
+ [stretch] - nasm <no-dsa> (Minor issue)
+ [jessie] - nasm <no-dsa> (Minor issue)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392446
CVE-2018-8880
RESERVED
@@ -4838,13 +4846,17 @@ CVE-2018-7187 (The "go get" implementation in Go 1.9.4, when the -inse
NOTE: https://github.com/golang/go/issues/23867
NOTE: https://github.com/golang/go/commit/c941e27e70c3e06e1011d2dd71d72a7a06a9bcbc
CVE-2018-7185 (The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote ...)
- - ntp 1:4.2.8p11+dfsg-1
+ - ntp 1:4.2.8p11+dfsg-1 (low)
+ [stretch] - ntp <no-dsa> (Minor issue)
+ [jessie] - ntp <no-dsa> (Minor issue)
- ntpsec <not-affected> (Issue not present)
NOTE: http://www.kb.cert.org/vuls/id/961909
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3454
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
CVE-2018-7184 (ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating ...)
- - ntp 1:4.2.8p11+dfsg-1
+ - ntp 1:4.2.8p11+dfsg-1 (low)
+ [stretch] - ntp <no-dsa> (Minor issue)
+ [jessie] - ntp <no-dsa> (Minor issue)
- ntpsec <not-affected> (Issue not present)
NOTE: http://www.kb.cert.org/vuls/id/961909
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3453
@@ -7198,6 +7210,7 @@ CVE-2017-1000510 (Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripti
NOT-FOR-US: Croogo
CVE-2017-1000509 (Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) ...)
- dolibarr <removed>
+ [jessie] - dolibarr <ignored> (Scheduled for removal)
NOTE: https://github.com/Dolibarr/dolibarr/issues/7727
CVE-2017-1000508 (Invoice Plane version 1.5.4 and earlier contains a Cross Site ...)
NOT-FOR-US: Invoice Plane
=====================================
data/dsa-needed.txt
=====================================
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -85,6 +85,8 @@ sharutils (luciano)
Maintainer proposed debdiff for review for stretch-security.
Pending request back for jessie-security
--
+squirrelmail/oldstable
+--
sqlite3/oldstable
--
sssd/stable
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/63b79eced88a6810f993da346bc1bde561e604da...39e7a0b729c73074e0d3d599ff85ed18eb728c62
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/63b79eced88a6810f993da346bc1bde561e604da...39e7a0b729c73074e0d3d599ff85ed18eb728c62
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180326/dc516f81/attachment.html>
More information about the Secure-testing-commits
mailing list