[Git][security-tracker-team/security-tracker][master] bind fixed

Moritz Muehlenhoff jmm at debian.org
Fri Apr 26 13:06:39 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f84633d1 by Moritz Muehlenhoff at 2019-04-26T12:05:23Z
bind fixed
"new" tensorflow issues
one mercurial issue unimportant

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5310,7 +5310,7 @@ CVE-2019-9636 (Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by:
 	NOTE: https://github.com/python/cpython/commit/daad2c482c91de32d8305abbccc76a5de8b3a8be (3.7.x)
 	NOTE: https://github.com/python/cpython/commit/e37ef41289b77e0f0bb9a6aedb0360664c55bdd5 (2.7.x)
 CVE-2019-9635 (NULL pointer dereference in Google TensorFlow before 1.12.2 could caus ...)
-	TODO: check
+	- tensorflow <itp> (bug #804612)
 CVE-2019-1003039 (An insufficiently protected credentials vulnerability exists in Jenkin ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003038 (An insufficiently protected credentials vulnerability exists in Jenkin ...)
@@ -34548,9 +34548,10 @@ CVE-2013-7466 (Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, wi
 CVE-2013-7465 (Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authenticati ...)
 	NOT-FOR-US: Ice Cold Apps Servers Ultimate
 CVE-2018-17983 (cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read du ...)
-	- mercurial 4.7.2-1
+	- mercurial 4.7.2-1 (unimportant)
 	[jessie] - mercurial <not-affected> (Vulnerable code not present)
 	NOTE: https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901
+	NOTE: Crash in CLI tool, no security impact
 CVE-2018-17979
 	RESERVED
 CVE-2018-17978
@@ -55615,7 +55616,7 @@ CVE-2018-10057 (The remote management interface of cgminer 4.10.0 and bfgminer 5
 CVE-2018-10056
 	RESERVED
 CVE-2018-10055 (Invalid memory access and/or a heap buffer overflow in the TensorFlow  ...)
-	TODO: check
+	- tensorflow <itp> (bug #804612)
 CVE-2018-10054 (H2 1.4.197, as used in Datomic before 0.9.5697 and other products, all ...)
 	NOT-FOR-US: H2 (different from src:python-h2)
 CVE-2018-10053
@@ -58680,7 +58681,7 @@ CVE-2018-8827 (The admin web interface on Technicolor MediaAccess TG789vac v2 HP
 CVE-2018-8826 (ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 ...)
 	NOT-FOR-US: ASUS routers
 CVE-2018-8825 (Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The i ...)
-	TODO: check
+	- tensorflow <itp> (bug #804612)
 CVE-2018-8824 (modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horiz ...)
 	NOT-FOR-US: Responsive Mega Menu Pro module for PrestaShop
 CVE-2018-8823 (modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horiz ...)
@@ -61984,11 +61985,11 @@ CVE-2018-7578
 CVE-2018-7577 (Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Go ...)
 	TODO: check
 CVE-2018-7576 (Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Deref ...)
-	TODO: check
+	- tensorflow <itp> (bug #804612)
 CVE-2018-7575 (Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow v ...)
-	TODO: check
+	- tensorflow <itp> (bug #804612)
 CVE-2018-7574 (Google TensorFlow 1.6.x and earlier is affected by a Null Pointer Dere ...)
-	TODO: check
+	- tensorflow <itp> (bug #804612)
 CVE-2018-7573 (An issue was discovered in FTPShell Client 6.7. A remote FTP server ca ...)
 	NOT-FOR-US: FTPShell Client
 CVE-2018-7572 (Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to a ...)
@@ -68133,7 +68134,7 @@ CVE-2018-5744 [A specially crafted packet can cause named to leak memory]
 	NOTE: Test: https://gitlab.isc.org/isc-projects/bind9/commit/fe4810f1f8f75a4d5a96542fc6085109c94a3ee5
 CVE-2018-5743 [Limiting simultaneous TCP clients is ineffective]
 	RESERVED
-	- bind9 <unfixed> (bug #927932)
+	- bind9 1:9.11.5.P4+dfsg-4 (bug #927932)
 	NOTE: https://kb.isc.org/docs/cve-2018-5743
 CVE-2018-5742 [Crash from assertion error when debug log level is 10 and log entries meet buffer boundary]
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f84633d1817d0a2f8607d58b0202fa4f5c1a7392

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f84633d1817d0a2f8607d58b0202fa4f5c1a7392
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190426/f6ef84f1/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list