[Git][security-tracker-team/security-tracker][master] stretch triage

Moritz Muehlenhoff jmm at debian.org
Thu Oct 4 21:56:57 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4e38ad89 by Moritz Muehlenhoff at 2018-10-04T20:56:29Z
stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -328,6 +328,7 @@ CVE-2018-17826 (HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html
 	NOT-FOR-US: HisiPHP
 CVE-2018-17825 (An issue was discovered in AdPlug 2.3.1. There are several double-free ...)
 	- adplug <unfixed>
+	[stretch] - adplug <no-dsa> (Minor issue)
 	NOTE: https://github.com/adplug/adplug/issues/67
 	NOTE: https://github.com/adplug/adplug/commit/19ebb61bf92262dc1868de10ba5a211db249ce76
 CVE-2018-17824
@@ -3251,7 +3252,8 @@ CVE-2018-16550 (TeamViewer 10.x through 13.x allows remote attackers to bypass t
 CVE-2018-16549 (HScripts PHP File Browser Script v1.0 allows Directory Traversal via ...)
 	NOT-FOR-US: HScripts PHP File Browser Script
 CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a memory ...)
-	- zziplib <unfixed>
+	- zziplib <unfixed> (low)
+	[stretch] - zziplib <no-dsa> (Minor issue)
 	[jessie] - zziplib <ignored> (Minor issue)
 	NOTE: https://github.com/gdraheim/zziplib/issues/58
 CVE-2018-16547
@@ -15230,7 +15232,8 @@ CVE-2018-11776 (Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer fr
 	- libstruts1.2-java <not-affected> (Specific to 2.x)
 	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-057
 CVE-2018-11775 (TLS hostname verification when using the Apache ActiveMQ Client before ...)
-	- activemq 5.15.6-1 (bug #908950)
+	- activemq 5.15.6-1 (low; bug #908950)
+	[stretch] - activemq <no-dsa> (Minor issue)
 	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt
 	NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=bde7097fb8173cf871827df7811b3865679b963d
 	NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=02971a40e281713a8397d3a1809c164b594abfbb
@@ -76769,6 +76772,7 @@ CVE-2017-7894 (WinDjView 2.1 might allow user-assisted attackers to execute code
 	NOT-FOR-US: WinDjView
 CVE-2017-7893 (In SaltStack Salt before 2016.3.6, compromised salt-minions can ...)
 	- salt 2016.11.5+ds-1
+	[stretch] - salt <no-dsa> (Minor issue)
 	NOTE: https://docs.saltstack.com/en/2017.7/topics/releases/2016.3.6.html
 	NOTE: https://github.com/saltstack/salt/issues/48939
 	NOTE: https://github.com/saltstack/salt/commit/0a0f46fb1478be5eb2f90882a90390cb35ec43cb



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e38ad8905c952471a74d7f5573641591656e5e2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e38ad8905c952471a74d7f5573641591656e5e2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181004/8853ff37/attachment.html>

More information about the debian-security-tracker-commits mailing list