[Git][security-tracker-team/security-tracker][master] Triage results.

[Ola Lundqvist]

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cc85dabb by Ola Lundqvist at 2018-11-14T20:22:30Z
Triage results.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -459,6 +459,7 @@ CVE-2018-19209 (Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference
 CVE-2018-19208 (In libwpd 0.10.2, there is a NULL pointer dereference in the function ...)
 	- libwpd <unfixed> (low; bug #913702)
 	[stretch] - libwpd <no-dsa> (Minor issue)
+	[jessie] - libwpd <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643752
 	NOTE: Patch used in Fedora: https://src.fedoraproject.org/rpms/libwpd/raw/e42834b844f3282d8ccb0889abf1b33f3f71e02f/f/0001-Resolves-rhbz-1643752-bounds-check-m_currentTable-ac.patch
 CVE-2018-19204 (PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated ...)
@@ -1044,6 +1045,7 @@ CVE-2018-18957 (An issue has been found in libIEC61850 v1.3. It is a stack-based
 	NOT-FOR-US: libIEC61850
 CVE-2018-18956 (The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x ...)
 	- suricata <unfixed>
+	[jessie] - suricata <not-affected> (Vulnerable code not present, no MIME support in this version)
 	NOTE: https://lists.openinfosecfoundation.org/pipermail/oisf-users/2018-October/016227.html
 	NOTE: https://redmine.openinfosecfoundation.org/issues/2658#change-10374
 CVE-2018-18955 [userns: also map extents in the reverse map to kernel IDs]
@@ -3609,6 +3611,7 @@ CVE-2018-17960 [ckeditor XSS]
 	RESERVED
 	- ckeditor 4.11.1+dfsg-1 (low)
 	[stretch] - ckeditor <no-dsa> (Minor issue)
+	[jessie] - ckeditor <ignored> (Minor issue)
 	- fckeditor <removed>
 CVE-2018-17959
 	RESERVED
@@ -3862,16 +3865,19 @@ CVE-2018-17849 (Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka F
 CVE-2018-17848 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...)
 	- golang-golang-x-net-dev <unfixed> (bug #911795)
 	- golang-go.net-dev <removed>
+	[jessie] - golang-go.net-dev <ignored> (Minor issue)
 	NOTE: https://github.com/golang/go/issues/27846
 	TODO: check, possibly introduced in later versions
 CVE-2018-17847 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...)
 	- golang-golang-x-net-dev <unfixed> (bug #911795)
 	- golang-go.net-dev <removed>
+	[jessie] - golang-go.net-dev <ignored> (Minor issue)
 	NOTE: https://github.com/golang/go/issues/27846
 	TODO: check, possibly introduced in later versions
 CVE-2018-17846 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...)
 	- golang-golang-x-net-dev <unfixed> (bug #911795)
 	- golang-go.net-dev <removed>
+	[jessie] - golang-go.net-dev <ignored> (Minor issue)
 	NOTE: https://github.com/golang/go/issues/27842
 	TODO: check, possibly introduced in later versions
 CVE-2018-17845


=====================================
data/dla-needed.txt
=====================================
@@ -88,6 +88,8 @@ systemd (Antoine Beaupre)
 --
 tiff (Brian May)
 --
+uriparser
+--
 xen
 --
 xml-security-c



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc85dabb2d62a2208b02a9e528b974b045cd62cf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc85dabb2d62a2208b02a9e528b974b045cd62cf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181114/650f70bd/attachment.html>