[Git][security-tracker-team/security-tracker][master] stretch triage
Moritz Muehlenhoff
jmm at debian.org
Mon Sep 3 19:41:20 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2a93573c by Moritz Muehlenhoff at 2018-09-03T18:40:51Z
stretch triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1862,6 +1862,7 @@ CVE-2018-1000655 (Jsish version 2.4.65 contains a CWE-476: NULL Pointer Derefere
NOT-FOR-US: Jsish
CVE-2018-1000654 (GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 ...)
- libtasn1-6 <unfixed> (bug #906768)
+ [stretch] - libtasn1-6 <no-dsa> (Minor issue)
[jessie] - libtasn1-6 <no-dsa> (Minor issue since this cannot be exploited at runtime)
- libtasn1-3 <removed>
NOTE: https://gitlab.com/gnutls/libtasn1/issues/4
@@ -6199,8 +6200,8 @@ CVE-2018-13819 (A hardcoded secret key, in CA Unified Infrastructure Management
NOT-FOR-US: CA Unified Infrastructure Management
CVE-2018-13818 (Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the ...)
- twig 2.4.4-2
+ [stretch] - twig <no-dsa> (Minor issue)
NOTE: Fixed upstream in 2.4.4
- TODO: check, details
CVE-2018-13817
RESERVED
CVE-2018-13816
@@ -13716,11 +13717,13 @@ CVE-2018-10889 (A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7.
- moodle <removed>
CVE-2018-10888 (A flaw was found in libgit2 before version 0.27.3. A missing check in ...)
{DLA-1477-1}
- - libgit2 0.27.4+dfsg.1-0.1 (bug #903508)
+ - libgit2 0.27.4+dfsg.1-0.1 (low; bug #903508)
+ [stretch] - libgit2 <no-dsa> (Minor issue)
NOTE: https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3
CVE-2018-10887 (A flaw was found in libgit2 before version 0.27.3. It has been ...)
{DLA-1477-1}
- - libgit2 0.27.4+dfsg.1-0.1 (bug #903509)
+ - libgit2 0.27.4+dfsg.1-0.1 (low; bug #903509)
+ [stretch] - libgit2 <no-dsa> (Minor issue)
NOTE: https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a
NOTE: https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22
CVE-2018-XXXX [Incomplete fix for CVE-2018-10886]
@@ -50699,6 +50702,7 @@ CVE-2017-15140
CVE-2017-15139 (A vulnerability was found in openstack-cinder releases up to and ...)
[experimental] - cinder 2:13.0.0-1
- cinder <unfixed>
+ [stretch] - cinder <no-dsa> (Minor issue)
[jessie] - cinder <not-affected> (ScaleIO Driver support does not exist)
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0084
NOTE: https://bugs.launchpad.net/ossn/+bug/1699573
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a93573c485852177a6867505c084b1ba08978ba
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a93573c485852177a6867505c084b1ba08978ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180903/7c064119/attachment.html>
More information about the debian-security-tracker-commits
mailing list