[Git][security-tracker-team/security-tracker][master] 3 commits: org/lts-frontdesk.2019.txt: Put myself into available time slots for frontdesk duty.

Mike Gabriel sunweaver at debian.org
Fri Nov 30 14:24:55 GMT 2018 

Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a794836 by Mike Gabriel at 2018-11-30T14:17:09Z
org/lts-frontdesk.2019.txt: Put myself into available time slots for frontdesk duty.

- - - - -
0a2f76d7 by Mike Gabriel at 2018-11-30T14:24:07Z
salt (CVE-2018-15750, CVE-2018-15751): add tag <not-affected> for jessie. Comment research result in dla-needed.txt.

- - - - -
14b2883f by Mike Gabriel at 2018-11-30T14:24:13Z
data/dla-needed.txt: Drop salt. Nothing to do for the version in jessie.

- - - - -


3 changed files:

- data/CVE/list
- data/dla-needed.txt
- org/lts-frontdesk.2019.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -13023,11 +13023,17 @@ CVE-2018-15752 (An issue was discovered in the MensaMax (aka com.breustedt.mensa
 	NOT-FOR-US: MensaMax application for Android
 CVE-2018-15751 (SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow ...)
 	- salt <unfixed> (bug #913475)
-	NOTE: Fixed in 2017.7.8, 2018.3.3
+	[jessie] - salt <not-affected> (REST netapi code was first introduced with v2014.7)
+	NOTE: Fixed in 2017.7.8, 2018.3.3, 2016.11.10
+	NOTE: https://docs.saltstack.com/en/latest/topics/releases/2016.11.10.html#security-fix
+	NOTE: minimal patch: https://github.com/saltstack/salt/compare/v2016.11.9..v2016.11.10
 CVE-2018-15750 (Directory Traversal vulnerability in salt-api in SaltStack Salt before ...)
 	- salt <unfixed> (bug #913476)
+	[jessie] - salt <not-affected> (REST netapi code was first introduced with v2014.7)
 	[stretch] - salt <no-dsa> (Minor issue)
-	NOTE: Fixed in 2017.7.8, 2018.3.3
+	NOTE: Fixed in 2017.7.8, 2018.3.3, 2016.11.10
+	NOTE: https://docs.saltstack.com/en/latest/topics/releases/2016.11.10.html#security-fix
+	NOTE: minimal patch: https://github.com/saltstack/salt/compare/v2016.11.9..v2016.11.10
 CVE-2018-15749 (The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a ...)
 	NOT-FOR-US: Pulse Secure Desktop
 CVE-2018-15748 (On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, ...)


=====================================
data/dla-needed.txt
=====================================
@@ -52,10 +52,6 @@ qemu
 --
 samba (Emilio Pozuelo)
 --
-salt (Mike Gabriel)
-  NOTE: 20181128: Have spent 0.75h on looking for the actual commits that fixed both open CVEs.
-  NOTE: 20181128: No such URLs / hints / messages in Git log found.
---
 sleuthkit
   NOTE: 20181129: seem to be more problems than mentioned in the CVE if nodesize == rec_off or (rec_off + keylen) == nodesize (Thorsten)
 --


=====================================
org/lts-frontdesk.2019.txt
=====================================
@@ -12,7 +12,7 @@ Who is in charge ?
 ------------------
 
 From 07-01 to 13-01:Chris Lamb <chris at chris-lamb.co.uk>
-From 14-01 to 20-01:
+From 14-01 to 20-01:Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
 From 21-01 to 27-01:Thorsten Alteholz <debian at alteholz.de>
 From 28-01 to 03-02:
 From 04-02 to 10-02:
@@ -20,18 +20,18 @@ From 11-02 to 17-02:Chris Lamb <chris at chris-lamb.co.uk>
 From 18-02 to 24-02:Thorsten Alteholz <debian at alteholz.de>
 From 25-02 to 03-03:
 From 04-03 to 10-03:Chris Lamb <chris at chris-lamb.co.uk>
-From 11-03 to 17-03:
+From 11-03 to 17-03:Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
 From 18-03 to 24-03:Thorsten Alteholz <debian at alteholz.de>
 From 25-03 to 31-03:
 From 01-04 to 07-04:Chris Lamb <chris at chris-lamb.co.uk>
 From 08-04 to 14-04:
-From 15-04 to 21-04:
+From 15-04 to 21-04:Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
 From 22-04 to 28-04:Thorsten Alteholz <debian at alteholz.de>
 From 29-04 to 05-05:
 From 06-05 to 12-05:
 From 13-05 to 19-05:Chris Lamb <chris at chris-lamb.co.uk>
 From 20-05 to 26-05:Thorsten Alteholz <debian at alteholz.de>
-From 27-05 to 02-06:
+From 27-05 to 02-06:Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
 From 03-06 to 09-06:Chris Lamb <chris at chris-lamb.co.uk>
 From 10-06 to 16-06:
 From 17-06 to 23-06:Thorsten Alteholz <debian at alteholz.de>
@@ -44,12 +44,12 @@ From 29-07 to 04-08:
 From 05-08 to 11-08:Chris Lamb <chris at chris-lamb.co.uk>
 From 12-08 to 18-08:
 From 19-08 to 25-08:Thorsten Alteholz <debian at alteholz.de>
-From 26-08 to 01-09:
+From 26-08 to 01-09:Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
 From 02-09 to 08-09:Chris Lamb <chris at chris-lamb.co.uk>
 From 09-09 to 15-09:
 From 16-09 to 22-09:
 From 23-09 to 29-09:Thorsten Alteholz <debian at alteholz.de>
-From 30-09 to 06-10:
+From 30-09 to 06-10:Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
 From 07-10 to 13-10:Chris Lamb <chris at chris-lamb.co.uk>
 From 14-10 to 20-10:
 From 21-10 to 27-10:Thorsten Alteholz <debian at alteholz.de>
@@ -57,7 +57,7 @@ From 28-10 to 03-11:
 From 04-11 to 10-11:Chris Lamb <chris at chris-lamb.co.uk>
 From 11-11 to 17-11:
 From 18-11 to 24-11:Thorsten Alteholz <debian at alteholz.de>
-From 25-11 to 01-12:
+From 25-11 to 01-12:Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
 From 02-12 to 08-12:Chris Lamb <chris at chris-lamb.co.uk>
 From 09-12 to 15-12:Thorsten Alteholz <debian at alteholz.de>
 From 16-12 to 22-12:



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c9399716493fbc2d96ea980c5d8d03f40f4ced9f...14b2883f683dc744926502bab6805f2d23218e20

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c9399716493fbc2d96ea980c5d8d03f40f4ced9f...14b2883f683dc744926502bab6805f2d23218e20
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181130/4ac957f1/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list