[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff jmm at debian.org
Sat Feb 2 00:05:39 GMT 2019 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f70866c1 by Moritz Muehlenhoff at 2019-02-02T00:04:59Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2358,7 +2358,8 @@ CVE-2019-6293 (An issue was discovered in the function mark_beginning_as_normal
 	[jessie] - flex <no-dsa> (Minor issue)
 	NOTE: https://github.com/westes/flex/issues/414
 CVE-2019-6292 (An issue was discovered in singledocparser.cpp in yaml-cpp (aka ...)
-	- yaml-cpp <unfixed> (bug #919430)
+	- yaml-cpp <unfixed> (low; bug #919430)
+	[buster] - yaml-cpp <no-dsa> (Minor issue)
 	[stretch] - yaml-cpp <no-dsa> (Minor issue)
 	[jessie] - yaml-cpp <no-dsa> (Minor issue)
 	- yaml-cpp0.3 <removed>
@@ -2384,7 +2385,8 @@ CVE-2019-6286 (In LibSass 3.5.5, a heap-based buffer over-read exists in ...)
 	[stretch] - libsass <no-dsa> (Minor issue)
 	NOTE: https://github.com/sass/libsass/issues/2815
 CVE-2019-6285 (The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka ...)
-	- yaml-cpp <unfixed> (bug #919432)
+	- yaml-cpp <unfixed> (low; bug #919432)
+	[buster] - yaml-cpp <no-dsa> (Minor issue)
 	[stretch] - yaml-cpp <no-dsa> (Minor issue)
 	[jessie] - yaml-cpp <no-dsa> (Minor issue)
 	- yaml-cpp0.3 <removed>
@@ -8779,6 +8781,7 @@ CVE-2018-20575 (Orange Livebox 00.96.320S devices have an undocumented ...)
 	NOT-FOR-US: Orange Livebox 00.96.320S devices
 CVE-2018-20574 (The SingleDocParser::HandleFlowMap function in yaml-cpp (aka ...)
 	- yaml-cpp <unfixed> (low; bug #918145)
+	[buster] - yaml-cpp <no-dsa> (Minor issue)
 	[stretch] - yaml-cpp <no-dsa> (Minor issue)
 	[jessie] - yaml-cpp <postponed> (Minor issue)
 	- yaml-cpp0.3 <removed> (low; bug #918146)
@@ -8787,6 +8790,7 @@ CVE-2018-20574 (The SingleDocParser::HandleFlowMap function in yaml-cpp (aka ...
 	NOTE: https://github.com/jbeder/yaml-cpp/issues/654
 CVE-2018-20573 (The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) ...)
 	- yaml-cpp <unfixed> (low; bug #918147)
+	[buster] - yaml-cpp <no-dsa> (Minor issue)
 	[stretch] - yaml-cpp <no-dsa> (Minor issue)
 	[jessie] - yaml-cpp <postponed> (Minor issue)
 	- yaml-cpp0.3 <removed> (low; bug #918148)
@@ -30231,7 +30235,7 @@ CVE-2018-1000637 (zutils version prior to version 1.8-pre2 contains a Buffer Ove
 	NOTE: https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.html
 	NOTE: Fixed by: upstream/0001-zcat-buffer-overrun.patch (in 1.7-3)
 CVE-2018-14938 (An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through ...)
-	- tcpflow <unfixed> (bug #905483)
+	- tcpflow 1.5.0+repack1-1 (bug #905483)
 	[stretch] - tcpflow <no-dsa> (Minor issue)
 	[jessie] - tcpflow <no-dsa> (Minor issue)
 	NOTE: https://github.com/simsong/tcpflow/commit/a4e1cd14eb5ccc51ed271b65b3420f7d692c40eb
@@ -52207,6 +52211,7 @@ CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation an
 	[stretch] - zziplib <no-dsa> (Minor issue)
 	[jessie] - zziplib <no-dsa> (Minor issue)
 	NOTE: https://github.com/gdraheim/zziplib/issues/22
+	NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3
 CVE-2018-6868 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / ...)
 	NOT-FOR-US: PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script
 CVE-2018-6867 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone ...)
@@ -73691,11 +73696,9 @@ CVE-2017-16810 (Cross-site scripting (XSS) vulnerability in the All Variables ta
 CVE-2017-16809
 	RESERVED
 CVE-2017-16808 (tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in ...)
-	- tcpdump <unfixed> (low; bug #881862)
-	[stretch] - tcpdump <postponed> (Can be fixed along in a future update)
-	[jessie] - tcpdump <postponed> (Can be fixed along in a future update)
-	[wheezy] - tcpdump <postponed> (Can be fixed along in a future update)
+	- tcpdump <unfixed> (unimportant; bug #881862)
 	NOTE: https://github.com/the-tcpdump-group/tcpdump/issues/645
+	NOTE: Crash in CLI tool, no security impact
 CVE-2017-16807 (A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, ...)
 	NOT-FOR-US: Kirby Panel
 CVE-2017-16806 (The Process function in RemoteTaskServer/WebServer/HttpServer.cs in ...)
@@ -89049,7 +89052,8 @@ CVE-2017-11694 (MEDHOST Document Management System contains hard-coded credentia
 CVE-2017-11693 (MEDHOST Document Management System contains hard-coded credentials that ...)
 	NOT-FOR-US: MEDHOST Document Management System
 CVE-2017-11692 (The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 ...)
-	- yaml-cpp <unfixed> (bug #870326)
+	- yaml-cpp <unfixed> (low; bug #870326)
+	[buster] - yaml-cpp <no-dsa> (Minor issue)
 	[stretch] - yaml-cpp <no-dsa> (Minor issue)
 	[jessie] - yaml-cpp <no-dsa> (Minor issue)
 	[wheezy] - yaml-cpp <no-dsa> (Minor issue)
@@ -107006,6 +107010,7 @@ CVE-2017-5951 (The mem_get_bits_rectangle function in base/gdevmem.c in Artifex
 	NOTE: Fixed by: http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8
 CVE-2017-5950 (The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) ...)
 	- yaml-cpp <unfixed> (low; bug #859891)
+	[buster] - yaml-cpp <no-dsa> (Minor issue)
 	[stretch] - yaml-cpp <no-dsa> (Minor issue)
 	[jessie] - yaml-cpp <no-dsa> (Minor issue)
 	[wheezy] - yaml-cpp <no-dsa> (Minor issue)
@@ -116783,6 +116788,7 @@ CVE-2017-2827 (An exploitable command injection vulnerability exists in the web
 	NOT-FOR-US: Foscam C1 Indoor HD Camera
 CVE-2017-2826 (An information disclosure vulnerability exists in the iConfig proxy ...)
 	- zabbix <unfixed> (low)
+	[buster] - zabbix <ignored> (Minor issue, workaround exists)
 	[stretch] - zabbix <ignored> (Minor issue, workaround exists)
 	[jessie] - zabbix <ignored> (Minor issue, workaround exists)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0327



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f70866c1c01382dbcea4fe029dc9fc12e9a947b9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f70866c1c01382dbcea4fe029dc9fc12e9a947b9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190202/54e06c81/attachment.html>

More information about the debian-security-tracker-commits mailing list