[Git][security-tracker-team/security-tracker][master] stretch triage

Mon Apr 15 21:40:39 BST 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
16b9a778 by Moritz Muehlenhoff at 2019-04-15T20:40:06Z
stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -356,6 +356,7 @@ CVE-2019-11069 (Sequelize before 5.3.0 does not properly ensure that standard co
 CVE-2019-11068 (libxslt through 1.1.33 allows bypass of a protection mechanism because ...)
 	{DLA-1756-1}
 	- libxslt <unfixed> (bug #926895)
+	[stretch] - libxslt <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxslt/issues/12 (not public)
 	NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
 CVE-2006-7254 (The nscd daemon in the GNU C Library (glibc) before version 2.5 does n ...)
@@ -465,7 +466,8 @@ CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has
 	- poppler <unfixed> (bug #926721)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/752
 CVE-2019-11025 (In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping o ...)
-	- cacti 1.2.2+ds1-2 (bug #926700)
+	- cacti 1.2.2+ds1-2 (low; bug #926700)
+	[stretch] - cacti <no-dsa> (Minor issue)
 	NOTE: https://github.com/Cacti/cacti/issues/2581
 CVE-2019-11024 (The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has ...)
 	TODO: check
@@ -1173,6 +1175,7 @@ CVE-2019-10724
 	RESERVED
 CVE-2019-10723 (An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class i ...)
 	- libpodofo <unfixed> (bug #926667)
+	[stretch] - libpodofo <no-dsa> (Minor issue)
 	[jessie] - libpodofo <ignored> (clean exception quit/DoS, low popcon)
 	NOTE: https://sourceforge.net/p/podofo/tickets/46/
 CVE-2019-1003099 (A missing permission check in Jenkins openid Plugin in the OpenIdSsoSe ...)
@@ -18257,8 +18260,10 @@ CVE-2019-3831 (A vulnerability was discovered in vdsm, version 4.19 through 4.30
 	- vdsm <itp> (bug #668538)
 CVE-2019-3830 (A vulnerability was found in ceilometer before version 12.0.0.0rc1. An ...)
 	- ceilometer <unfixed> (bug #925298)
+	[stretch] - ceilometer <not-affected> (Vulnerable code not present)
 	[jessie] - ceilometer <not-affected> (vulnerable code is not present)
 	NOTE: https://bugs.launchpad.net/ceilometer/+bug/1811098/
+	NOTE: Introduced in https://github.com/openstack/ceilometer/commit/50415c0d08a3199d2280f3638dd121779585f0fe (10.0.0.0)
 CVE-2019-3829 (A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7.  ...)
 	[experimental] - gnutls28 3.6.7-1
 	- gnutls28 3.6.7-2
@@ -40046,7 +40051,8 @@ CVE-2018-15518 (QXmlStream in Qt 5.x before 5.11.3 has a double-free or corrupti
 	{DSA-4374-1 DLA-1627-1}
 	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
 	- qtbase-opensource-src 5.11.3+dfsg-2
-	- qt4-x11 4:4.8.7+dfsg-18
+	- qt4-x11 4:4.8.7+dfsg-18 (low)
+	[stretch] - qt4-x11 <no-dsa> (Minor issue)
 	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
 	NOTE: https://codereview.qt-project.org/#/c/236691/
 CVE-2018-15517 (The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r00 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/16b9a77857efa08bf29299ea4ebbc0e7e58955d5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/16b9a77857efa08bf29299ea4ebbc0e7e58955d5
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190415/d4a7dc3c/attachment.html>
