[Git][security-tracker-team/security-tracker][master] Triage results.

Ola Lundqvist opal at debian.org
Fri Sep 21 19:44:24 BST 2018 

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
df160c16 by Ola Lundqvist at 2018-09-21T18:44:01Z
Triage results.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,6 +19,7 @@ CVE-2018-17295
 CVE-2018-17294 (The matchCurrentInput function inside lou_translateString.c of Liblouis ...)
 	- liblouis 3.7.0-1
 	[stretch] - liblouis <no-dsa> (Minor issue)
+	[jessie] - liblouis <ignore> (Minor issue)
 	NOTE: https://github.com/liblouis/liblouis/commit/5e4089659bb49b3095fa541fa6387b4c40d7396e
 	NOTE: https://github.com/liblouis/liblouis/issues/635
 CVE-2018-17293 (An issue was discovered in WAVM before 2018-09-16. The run function in ...)
@@ -144,10 +145,12 @@ CVE-2018-17237 (A SIGFPE signal is raised in the function H5D__chunk_set_info_re
 CVE-2018-17236 (The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally ...)
 	- mp4v2 <unfixed> (bug #909277)
 	[stretch] - mp4v2 <no-dsa> (Minor issue)
+	[jessie] - mp4v2 <ignore> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629453
 CVE-2018-17235 (The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in ...)
 	- mp4v2 <unfixed> (bug #909278)
 	[stretch] - mp4v2 <no-dsa> (Minor issue)
+	[jessie] - mp4v2 <ignore> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629451
 CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in ...)
 	- hdf5 <undetermined>
@@ -212,16 +215,19 @@ CVE-2018-17207 (An issue was discovered in Snap Creek Duplicator before 1.2.42.
 	NOT-FOR-US: Snap Creek Duplicator
 CVE-2018-17206 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The ...)
 	- openvswitch <unfixed>
+	[jessie] - openvswitch <not-affected> (Vulnerable code does not exist)
 	NOTE: https://github.com/openvswitch/ovs/commit/5026a263d7846077eee540de42192d27da513226 (master)
 	NOTE: https://github.com/openvswitch/ovs/commit/20626d38c1a1d4cebb5a6911ea3cb6a7f4f993f8 (branch-2.8)
 	NOTE: https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8 (branch-2.7)
 CVE-2018-17205 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, ...)
 	- openvswitch <unfixed>
+	[jessie] - openvswitch <not-affected> (Vulnerable code does not exist)
 	NOTE: https://github.com/openvswitch/ovs/commit/9a0ac025de9303334688ff08f01fc08604d2f624 (master)
 	NOTE: https://github.com/openvswitch/ovs/commit/638d406e3b647359f3d82189d7a6ee56b4a54928 (branch-2.8)
 	NOTE: https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6 (branch-2.7)
 CVE-2018-17204 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, ...)
 	- openvswitch <unfixed>
+	[jessie] - openvswitch <not-affected> (Vulnerable code does not exist)
 	NOTE: https://github.com/openvswitch/ovs/commit/9740d81d94888cb158fa99a9366fe2b32b3e4aaa (master)
 	NOTE: https://github.com/openvswitch/ovs/commit/8976ea1d680ab7a2d726a50e5666aa8fefd24168 (branch-2.8)
 	NOTE: https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde (branch-2.7)


=====================================
data/dla-needed.txt
=====================================
@@ -77,6 +77,13 @@ phpldapadmin (Mike Gabriel)
 polarssl (Mike Gabriel)
   NOTE: 20180902: The no-dsa/postponed issues could be fixed as well. (apo)
 --
+python2.7
+--
+salt
+  NOTE: CVE-2017-7893 is not crucial since the managed system must be
+  NOTE: compromised first. But the security escalation effect can cause
+  NOTE: a lot of system compromised.
+--
 samba (Holger Levsen)
 --
 smarty3 (Mike Gabriel)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df160c16fc6d33bb4c682112747bbeded8eb563d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df160c16fc6d33bb4c682112747bbeded8eb563d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180921/44a69876/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list