[Git][security-tracker-team/security-tracker][master] buster triage

Fri Apr 26 22:18:21 BST 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
47f39040 by Moritz Muehlenhoff at 2019-04-26T21:17:52Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -107,10 +107,10 @@ CVE-2019-11505 (In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8
 CVE-2019-11504 (Zotonic before version 0.47 has mod_admin XSS. ...)
 	NOT-FOR-US: Zotonic
 CVE-2019-11503 (snap-confine as included in snapd before 2.39 did not guard against sy ...)
-	- snapd <unfixed>
+	- snapd <unfixed> (bug #928052)
 	NOTE: https://github.com/snapcore/snapd/pull/6642
 CVE-2019-11502 (snap-confine in snapd before 2.38 incorrectly set the ownership of a s ...)
-	- snapd <unfixed>
+	- snapd <unfixed> (bug #928052)
 	NOTE: https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1
 CVE-2017-18367 (libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR ...)
 	- golang-github-seccomp-libseccomp-golang <unfixed> (bug #927981)
@@ -234,7 +234,7 @@ CVE-2019-11463 (A memory leak in archive_read_format_zip_cleanup in archive_read
 CVE-2019-11462
 	RESERVED
 CVE-2019-11461 (An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.3 ...)
-	- nautilus <unfixed>
+	- nautilus <unfixed> (bug #928054)
 	[stretch] - nautilus <not-affected> (Vulnerable embedded gnome-desktop thumbnail script introduced later)
 	[jessie] - nautilus <not-affected> (Vulnerable embedded gnome-desktop thumbnail script introduced later)
 	NOTE: https://gitlab.gnome.org/GNOME/nautilus/issues/987
@@ -392,19 +392,19 @@ CVE-2019-11393 (An issue was discovered in /admin/users/update in M/Monit before
 CVE-2019-11392
 	RESERVED
 CVE-2019-11391 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...)
-	- modsecurity-crs <unfixed>
+	- modsecurity-crs <unfixed> (bug #928053)
 	NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1357
 CVE-2019-11390 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...)
-	- modsecurity-crs <unfixed>
+	- modsecurity-crs <unfixed> (bug #928053)
 	NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1358
 CVE-2019-11389 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...)
-	- modsecurity-crs <unfixed>
+	- modsecurity-crs <unfixed> (bug #928053)
 	NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1356
 CVE-2019-11388 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...)
-	- modsecurity-crs <unfixed>
+	- modsecurity-crs <unfixed> (bug #928053)
 	NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1354
 CVE-2019-11387 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...)
-	- modsecurity-crs <unfixed>
+	- modsecurity-crs <unfixed> (bug #928053)
 	NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1359
 CVE-2019-11386
 	RESERVED
@@ -47960,13 +47960,12 @@ CVE-2018-12643
 CVE-2018-12642 (Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not  ...)
 	NOT-FOR-US: Floxlor
 CVE-2018-12641 (An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as  ...)
-	- binutils <unfixed> (low)
-	[stretch] - binutils <ignored> (Minor issue)
-	[jessie] - binutils <ignored> (Minor issue)
+	- binutils <unfixed> (unimportant)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23058
 	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
+	NOTE: binutils not covered by security support
 CVE-2018-12640 (The webService binary on Insteon HD IP Camera White 2864-222 devices h ...)
 	NOT-FOR-US: Insteon
 CVE-2018-12639
@@ -73155,7 +73154,8 @@ CVE-2017-18010 (The E-goi Smart Marketing SMS and Newsletters Forms plugin befor
 	NOT-FOR-US: E-goi Smart Marketing SMS and Newsletters Forms plugin for WordPress
 CVE-2017-18009 (In OpenCV 3.3.1, a heap-based buffer over-read exists in the function  ...)
 	[experimental] - opencv 3.4.4+dfsg-1~exp1
-	- opencv <unfixed> (bug #924884)
+	- opencv <unfixed> (low; bug #924884)
+	[buster] - opencv <no-dsa> (Minor issue)
 	[stretch] - opencv <not-affected> (Vulnerable code introduced later)
 	[jessie] - opencv <not-affected> (Vulnerable code introduced later)
 	[wheezy] - opencv <not-affected> (Vulnerable code introduced later)
@@ -95119,13 +95119,11 @@ CVE-2017-13718
 CVE-2017-13717
 	RESERVED
 CVE-2017-13716 (The C++ symbol demangler routine in cplus-dem.c in libiberty, as distr ...)
-	- binutils <unfixed> (low)
-	[stretch] - binutils <ignored> (Minor issue)
-	[jessie] - binutils <ignored> (Minor issue)
-	[wheezy] - binutils <ignored> (Minor issue)
+	- binutils <unfixed> (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22009
 	NOTE: Underlying bug is though in the C++ demangler part of libiberty, but MITRE
 	NOTE: has assigned it specifically to the issue as raised within binutils.
+	NOTE: binutils not covered by security support
 CVE-2016-10503 (IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated ...)
 	NOT-FOR-US: IBM
 CVE-2017-13715 (The __skb_flow_dissect function in net/core/flow_dissector.c in the Li ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/47f390405e5fb62d6616d8e96e46ca94c2b42777

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/47f390405e5fb62d6616d8e96e46ca94c2b42777
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190426/73a1a906/attachment-0001.html>
