[Git][security-tracker-team/security-tracker][master] stretch triage
Moritz Muehlenhoff
jmm at debian.org
Mon Oct 29 21:23:08 GMT 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
584185ce by Moritz Muehlenhoff at 2018-10-29T21:22:43Z
stretch triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -191,8 +191,9 @@ CVE-2018-18720 (An XSS issue was discovered in index.php/admin/system/basic in Y
CVE-2018-18719
RESERVED
CVE-2018-18718 (An issue was discovered in gThumb through 3.6.2. There is a double-free ...)
- - gthumb <unfixed>
+ - gthumb <unfixed> (unimportant)
NOTE: https://gitlab.gnome.org/GNOME/gthumb/issues/18
+ NOTE: Crash in end user application, no security impact
CVE-2018-18717 (An issue was discovered in Eleanor CMS through 2015-03-19. XSS exists ...)
NOT-FOR-US: Eleanor CMS
CVE-2018-18716
@@ -4901,7 +4902,9 @@ CVE-2018-16791
RESERVED
CVE-2018-16790 (_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in ...)
- libbson <unfixed>
+ [stretch] - libbson <no-dsa> (Minor issue)
NOTE: https://jira.mongodb.org/browse/CDRIVER-2819
+ NOTE: https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84
CVE-2018-16789
RESERVED
CVE-2018-16788
@@ -26714,7 +26717,8 @@ CVE-2018-8294 (A remote code execution vulnerability exists in the way that the
CVE-2018-8293
RESERVED
CVE-2018-8292 (An information disclosure vulnerability exists in .NET Core when ...)
- - mono <unfixed>
+ NOT-FOR-US: .dotnet CoreFX
+ NOTE: https://github.com/dotnet/corefx/commit/56aae8a7076f283e334b88f642ef6bb7c59e02c3
CVE-2018-8291 (A remote code execution vulnerability exists in the way the scripting ...)
NOT-FOR-US: Microsoft
CVE-2018-8290 (A remote code execution vulnerability exists in the way that the ...)
@@ -49832,7 +49836,9 @@ CVE-2018-0736
RESERVED
CVE-2018-0735 (The OpenSSL ECDSA signature algorithm has been shown to be vulnerable ...)
- openssl <unfixed>
+ [stretch] - openssl <postponed> (Wait for next DSA and upstream release)
- openssl1.0 <unfixed>
+ [stretch] - openssl1.0 <postponed> (Wait for next DSA and upstream release)
NOTE: https://www.openssl.org/news/secadv/20181029.txt
NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4
NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=56fb454d281a023b3f950d969693553d3f3ceea1
=====================================
data/dsa-needed.txt
=====================================
@@ -68,3 +68,5 @@ sssd
--
symfony
--
+tiff
+--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/584185ce350a491fbc9dd7800c72d403eaa848bf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/584185ce350a491fbc9dd7800c72d403eaa848bf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181029/8ef05bc9/attachment.html>
More information about the debian-security-tracker-commits
mailing list