[Git][security-tracker-team/security-tracker][master] stretch triage

Moritz Muehlenhoff jmm at debian.org
Mon Sep 3 19:41:20 BST 2018


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2a93573c by Moritz Muehlenhoff at 2018-09-03T18:40:51Z
stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1862,6 +1862,7 @@ CVE-2018-1000655 (Jsish version 2.4.65 contains a CWE-476: NULL Pointer Derefere
 	NOT-FOR-US: Jsish
 CVE-2018-1000654 (GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 ...)
 	- libtasn1-6 <unfixed> (bug #906768)
+	[stretch] - libtasn1-6 <no-dsa> (Minor issue)
 	[jessie] - libtasn1-6 <no-dsa> (Minor issue since this cannot be exploited at runtime)
 	- libtasn1-3 <removed>
 	NOTE: https://gitlab.com/gnutls/libtasn1/issues/4
@@ -6199,8 +6200,8 @@ CVE-2018-13819 (A hardcoded secret key, in CA Unified Infrastructure Management
 	NOT-FOR-US: CA Unified Infrastructure Management
 CVE-2018-13818 (Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the ...)
 	- twig 2.4.4-2
+	[stretch] - twig <no-dsa> (Minor issue)
 	NOTE: Fixed upstream in 2.4.4
-	TODO: check, details
 CVE-2018-13817
 	RESERVED
 CVE-2018-13816
@@ -13716,11 +13717,13 @@ CVE-2018-10889 (A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7.
 	- moodle <removed>
 CVE-2018-10888 (A flaw was found in libgit2 before version 0.27.3. A missing check in ...)
 	{DLA-1477-1}
-	- libgit2 0.27.4+dfsg.1-0.1 (bug #903508)
+	- libgit2 0.27.4+dfsg.1-0.1 (low; bug #903508)
+	[stretch] - libgit2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3
 CVE-2018-10887 (A flaw was found in libgit2 before version 0.27.3. It has been ...)
 	{DLA-1477-1}
-	- libgit2 0.27.4+dfsg.1-0.1 (bug #903509)
+	- libgit2 0.27.4+dfsg.1-0.1 (low; bug #903509)
+	[stretch] - libgit2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a
 	NOTE: https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22
 CVE-2018-XXXX [Incomplete fix for CVE-2018-10886]
@@ -50699,6 +50702,7 @@ CVE-2017-15140
 CVE-2017-15139 (A vulnerability was found in openstack-cinder releases up to and ...)
 	[experimental] - cinder 2:13.0.0-1
 	- cinder <unfixed>
+	[stretch] - cinder <no-dsa> (Minor issue)
 	[jessie] - cinder <not-affected> (ScaleIO Driver support does not exist)
 	NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0084
 	NOTE: https://bugs.launchpad.net/ossn/+bug/1699573



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a93573c485852177a6867505c084b1ba08978ba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a93573c485852177a6867505c084b1ba08978ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180903/7c064119/attachment.html>


More information about the debian-security-tracker-commits mailing list