[Git][security-tracker-team/security-tracker][master] stretch triage

Fri Feb 8 19:25:13 GMT 2019

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9bbe4753 by Moritz Muehlenhoff at 2019-02-08T19:24:43Z
stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -672,12 +672,14 @@ CVE-2019-1000021 (slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab
 	NOTE: https://lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416
 CVE-2019-1000020 (libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 ...)
 	{DLA-1668-1}
-	- libarchive 3.3.3-4
+	- libarchive 3.3.3-4 (low)
+	[stretch] - libarchive <no-dsa> (Minor issue)
 	NOTE: https://github.com/libarchive/libarchive/pull/1120
 	NOTE: https://github.com/libarchive/libarchive/commit/8312eaa576014cd9b965012af51bc1f967b12423
 CVE-2019-1000019 (libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 ...)
 	{DLA-1668-1}
-	- libarchive 3.3.3-4
+	- libarchive 3.3.3-4 (low)
+	[stretch] - libarchive <no-dsa> (Minor issue)
 	NOTE: https://github.com/libarchive/libarchive/pull/1120
 	NOTE: https://github.com/libarchive/libarchive/commit/65a23f5dbee4497064e9bb467f81138a62b0dae1
 CVE-2019-1000017 (Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect ...)
@@ -8581,7 +8583,8 @@ CVE-2019-3826 [Stored DOM cross-site scripting (XSS) attack via crafted URL]
 	[stretch] - prometheus <not-affected> (Only affects 2.1.0 onwards)
 	NOTE: https://github.com/prometheus/prometheus/pull/5163
 CVE-2019-3825 (A vulnerability was discovered in gdm before 3.31.4. When timed login ...)
-	- gdm3 <unfixed>
+	- gdm3 <unfixed> (low)
+	[stretch] - gdm3 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/gdm/issues/460
 CVE-2019-3824
 	RESERVED
@@ -69492,6 +69495,7 @@ CVE-2018-1321 (An administrator with report and template entitlements in Apache
 CVE-2018-1320 (Apache Thrift Java client library versions 0.5.0 through 0.11.0 can ...)
 	{DLA-1662-1}
 	- libthrift-java 0.9.1-2.1 (bug #918736)
+	[stretch] - libthrift-java <no-dsa> (Minor issue)
 	NOTE: https://issues.apache.org/jira/browse/THRIFT-4506
 	NOTE: https://github.com/apache/thrift/commit/d973409661f820d80d72c0034d06a12348c8705e
 CVE-2018-1319 (In Apache Allura prior to 1.8.1, attackers may craft URLs that cause ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9bbe4753f3f59b50b2f6508f735fd369b8eb1f37

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9bbe4753f3f59b50b2f6508f735fd369b8eb1f37
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190208/021daf80/attachment.html>
