[Git][security-tracker-team/security-tracker][master] 3 commits: Remove trailing whitespaces

Salvatore Bonaccorso carnil at debian.org
Thu Feb 7 13:41:32 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
42d9337a by Salvatore Bonaccorso at 2019-02-07T13:41:14Z
Remove trailing whitespaces

- - - - -
5fd51f07 by Salvatore Bonaccorso at 2019-02-07T13:41:14Z
Four CVEs fixed for open-build-service in unstable

- - - - -
78b63fc6 by Salvatore Bonaccorso at 2019-02-07T13:41:15Z
Add fixed version for CVE-2018-20185/graphicsmagick

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10883,12 +10883,13 @@ CVE-2018-20186 (An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadDat
 	NOT-FOR-US: Bento4
 CVE-2018-20185 (In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there ...)
 	{DLA-1619-1}
-	- graphicsmagick <unfixed> (bug #916719)
+	- graphicsmagick 1.4~hg15880-1 (bug #916719)
 	NOTE: Partial fix: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/582/
 	NOTE: Partial fix adressed in 1.4~hg15873-1, but according to maintainer not yet
 	NOTE: complete: Cf. https://bugs.debian.org/916719#15
 	NOTE: Fix causes more issues: https://bugzilla.suse.com/show_bug.cgi?id=1119823#c1
+	NOTE: Followup: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/c38fc0e3e465
 CVE-2018-20184 (In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based ...)
 	{DLA-1619-1}
 	- graphicsmagick 1.4~hg15873-1 (bug #916721)
@@ -19122,9 +19123,9 @@ CVE-2018-19510
 CVE-2018-19509
 	RESERVED
 CVE-2018-19508 (CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ...)
-	NOT-FOR-US: CMSimple 
+	NOT-FOR-US: CMSimple
 CVE-2018-19507 (CMSimple 4.7.5 has XSS via an admin's use of a ...)
-	NOT-FOR-US: CMSimple 
+	NOT-FOR-US: CMSimple
 CVE-2018-19506 (Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the ...)
 	NOT-FOR-US: Zurmo
 CVE-2018-19505 (Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct ...)
@@ -37455,7 +37456,7 @@ CVE-2018-12481 (The Olive Tree Ftp Server application 1.32 for Android has a &qu
 CVE-2018-12480 (Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 ...)
 	NOT-FOR-US: NetIQ Access Manager
 CVE-2018-12479 (A Improper Input Validation vulnerability in Open Build Service allows ...)
-	- open-build-service <unfixed> (bug #911797)
+	- open-build-service 2.9.4-1 (bug #911797)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1108435
 	NOTE: https://github.com/openSUSE/open-build-service/pull/5880
 	NOTE: https://github.com/openSUSE/open-build-service/commit/01b015ca2a320afc4fae823465d1e72da8bd60df
@@ -37485,7 +37486,7 @@ CVE-2018-12469 (Incorrect handling of an invalid value for an HTTP request param
 CVE-2018-12468 (A vulnerability in the administration console of Micro Focus GroupWise ...)
 	NOT-FOR-US: Micro Focus
 CVE-2018-12467 (Authorized users of the openbuildservice before 2.9.4 could delete ...)
-	- open-build-service <unfixed> (bug #911797)
+	- open-build-service 2.9.4-1 (bug #911797)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1100217
 	NOTE: Fixed by: https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063
 	NOTE: Introduced by: https://github.com/openSUSE/open-build-service/commit/990ef7cccef6f38fc1d1a1bb22a08e174dcba43b
@@ -50311,12 +50312,12 @@ CVE-2018-7691 (A potential Remote Unauthorized Access in Micro Focus Fortify Sof
 CVE-2018-7690 (A potential Remote Unauthorized Access in Micro Focus Fortify Software ...)
 	NOT-FOR-US: Micro Focus
 CVE-2018-7689 (Lack of permission checks in the InitializeDevelPackage function in ...)
-	- open-build-service <unfixed> (low; bug #903797)
+	- open-build-service 2.9.4-1 (low; bug #903797)
 	[stretch] - open-build-service <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1094819
 	NOTE: https://github.com/openSUSE/open-build-service/commit/990ef7cccef6f38fc1d1a1bb22a08e174dcba43b
 CVE-2018-7688 (A missing permission check in the review handling of openSUSE Open ...)
-	- open-build-service <unfixed> (low; bug #903796)
+	- open-build-service 2.9.4-1 (low; bug #903796)
 	[stretch] - open-build-service <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1094820
 	NOTE: https://github.com/openSUSE/open-build-service/commit/b15cf19e9e01115f653c76ffdc8f54cd97566553



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/579771f7262a2e177f884b8076ed8c454e177f04...78b63fc62c02d3c04bc62ce73c9d59ac3eef36e3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/579771f7262a2e177f884b8076ed8c454e177f04...78b63fc62c02d3c04bc62ce73c9d59ac3eef36e3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190207/58334366/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list