[Git][security-tracker-team/security-tracker][master] data/CVE/list: Update metadata on currently open systemd issues.

Mike Gabriel sunweaver at debian.org
Tue Apr 23 09:54:30 BST 2019 


Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a2a94b11 by Mike Gabriel at 2019-04-23T08:54:06Z
data/CVE/list: Update metadata on currently open systemd issues.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5173,8 +5173,10 @@ CVE-2019-9619 [not enabled pam_systemd for non-interactive sessions]
 	- systemd <unfixed>
 	[buster] - systemd <ignored> (Too intrusive change for a stable release)
 	[stretch] - systemd <ignored> (Too intrusive change for a stable release)
+	[jessie] - systemd <ignored> (Too intrusive change for a stable release)
 	NOTE: https://bugs.launchpad.net/bugs/1812316
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1756
+	NOTE: for a stable release, activating pam_systemd for non-interactive sessions will likely have all sorts of unexpected/unwanted side-effects, so CAVE
 CVE-2019-9618
 	RESERVED
 CVE-2019-9617 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...)
@@ -36953,7 +36955,7 @@ CVE-2018-16889 (Ceph does not properly sanitize encryption keys in debug logging
 CVE-2018-16888 (It was discovered systemd does not correctly check the content of PIDF ...)
 	- systemd 237-1 (low)
 	[stretch] - systemd <ignored> (Minor issue, too intrusive to backport)
-	[jessie] - systemd <no-dsa> (low priority because this is inherently a bug in the PID file logic)
+	[jessie] - systemd <no-dsa> (low priority because this is inherently a bug in the PID file logic, too intrusive to backport)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1662867
 	NOTE: Upstream issue: https://github.com/systemd/systemd/issues/6632
 	NOTE: Upstream patches: https://github.com/systemd/systemd/pull/7816



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2a94b119157e98368b79a2684764f4824db9369

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2a94b119157e98368b79a2684764f4824db9369
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190423/e25cd8e2/attachment.html>

More information about the debian-security-tracker-commits mailing list