[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2018-1687{7,8} and CVE-2019-3885 for pacemaker

Wed Apr 17 21:15:14 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ae3616b by Salvatore Bonaccorso at 2019-04-17T20:13:24Z
Add CVE-2018-1687{7,8} and CVE-2019-3885 for pacemaker

- - - - -
35a84256 by Salvatore Bonaccorso at 2019-04-17T20:14:56Z
Merge remote-tracking branch 'origin/master'

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18124,8 +18124,10 @@ CVE-2019-3886 (An incorrect permissions check was discovered in libvirt 4.8.0 an
 	NOTE: https://www.redhat.com/archives/libvir-list/2019-April/msg00339.html
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1131595#c3
 	NOTE: Introduced in https://libvirt.org/git/?p=libvirt.git;a=commit;h=25736a4c7ed50c101b4f87935f350f1a39a89f6e
-CVE-2019-3885
+CVE-2019-3885 [Information disclosure through use-after-free]
 	RESERVED
+	- pacemaker <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
 CVE-2019-3884
 	RESERVED
 	NOT-FOR-US: atomic-openshift
@@ -36505,10 +36507,14 @@ CVE-2018-16880 (A flaw was found in the Linux kernel's handle_rx() function in t
 	NOTE: https://www.openwall.com/lists/oss-security/2019/01/25/1
 CVE-2018-16879 (Ansible Tower before version 3.3.3 does not set a secure channel as it ...)
 	NOT-FOR-US: Ansible Tower
-CVE-2018-16878
+CVE-2018-16878 [Insufficient verification inflicted preference of uncontrolled processes can lead to DoS]
 	RESERVED
-CVE-2018-16877
+	- pacemaker <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
+CVE-2018-16877 [Insufficient local IPC client-server authentication on the client's side can lead to local privesc]
 	RESERVED
+	- pacemaker <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
 CVE-2018-16876 (ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a infor ...)
 	{DSA-4396-1}
 	- ansible 2.7.6+dfsg-1 (bug #916102)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/eabaa1149e934b60fe274e046d8576678e2729ae...35a8425666e5c33ba8e859ae51e7a6c506f69044

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/eabaa1149e934b60fe274e046d8576678e2729ae...35a8425666e5c33ba8e859ae51e7a6c506f69044
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190417/dcaa9218/attachment-0001.html>
