[Git][security-tracker-team/security-tracker][master] 5 commits: CVE-2017-18197: sort suite entries

Sat Feb 9 10:36:26 GMT 2019

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
819e5651 by Salvatore Bonaccorso at 2019-02-09T10:25:06Z
CVE-2017-18197: sort suite entries

- - - - -
4bc0ec6a by Salvatore Bonaccorso at 2019-02-09T10:25:06Z
Add fixing version for CVE-2017-17718/ruby-net-ldap

- - - - -
e56648a1 by Salvatore Bonaccorso at 2019-02-09T10:27:50Z
Remove doubled entry in dsa-needed list

- - - - -
995945c6 by Salvatore Bonaccorso at 2019-02-09T10:29:04Z
Reference upstream commit for CVE-2017-1000071/php-cas

- - - - -
07559e01 by Salvatore Bonaccorso at 2019-02-09T10:35:21Z
Process two NFUs

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2019-7654
 CVE-2019-7652
 	RESERVED
 CVE-2019-7651 (EPP.sys in Emsisoft Anti-Malware 2018.8.1.8923 allows an attacker to ...)
-	TODO: check
+	NOT-FOR-US: Emsisoft Anti-Malware
 CVE-2019-7650
 	RESERVED
 CVE-2019-7653 (The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has ...)
@@ -21,7 +21,7 @@ CVE-2019-7653 (The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 h
 CVE-2019-7649
 	RESERVED
 CVE-2019-7648 (controller/fetchpwd.php and controller/doAction.php in Hotels_Server ...)
-	TODO: check
+	NOT-FOR-US: Hotels_Server
 CVE-2019-7647
 	RESERVED
 CVE-2019-7646
@@ -51451,8 +51451,8 @@ CVE-2017-18198 (print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0
 CVE-2017-18197 (In mxGraphViewImageReader.java in mxGraph before 3.7.6, the ...)
 	{DLA-1299-1}
 	- libjgraphx-java <unfixed> (low; bug #891796)
-	[jessie] - libjgraphx-java <no-dsa> (Minor issue)
 	[stretch] - libjgraphx-java <no-dsa> (Minor issue)
+	[jessie] - libjgraphx-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/jgraph/mxgraph/issues/124
 	NOTE: https://bitbucket.org/jgraph/mxgraph2/commits/7d159ca3259b961cbb1c51b4ea42cb408c624ff1
 CVE-2018-7443 (The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 ...)
@@ -63739,7 +63739,7 @@ CVE-2017-17720
 CVE-2017-17719 (A cross-site scripting (XSS) vulnerability in the wp-concours plugin ...)
 	NOT-FOR-US: wp-concours plugin for WordPress
 CVE-2017-17718 (The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL ...)
-	- ruby-net-ldap <unfixed> (bug #884693)
+	- ruby-net-ldap 0.16.1-1 (bug #884693)
 	[stretch] - ruby-net-ldap <no-dsa> (Minor issue)
 	[jessie] - ruby-net-ldap <not-affected> (Documentation already states that there is no validation)
 	[wheezy] - ruby-net-ldap <ignored> (Doc always said that there is no validation)
@@ -91896,6 +91896,7 @@ CVE-2017-1000071 (Jasig phpCAS version 1.3.4 is vulnerable to an authentication
 	[jessie] - php-cas <no-dsa> (Minor issue)
 	[wheezy] - php-cas <no-dsa> (Minor issue, only works with old CAS server)
 	NOTE: https://github.com/Jasig/phpCAS/issues/228
+	NOTE: Fixed by: https://github.com/apereo/phpCAS/commit/c9ba00327fd0ac8faecc62ce150c1986022856cd
 	NOTE: The vulnerability only exists when the server is affected by
 	NOTE: another very old vulnerability fixed in 2010.
 CVE-2017-1000070 (The Bitly oauth2_proxy in version 2.1 and earlier was affected by an ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -27,8 +27,6 @@ glusterfs
 --
 graphicsmagick
 --
-libu2f-host
---
 libidn
   santiago proposed debdiffs for jessie and stretch
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6776ff8401f2d9d23dc6b7782798cb49c449ff59...07559e0189f2986512fb49bd8931a5a3248ea8a1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6776ff8401f2d9d23dc6b7782798cb49c449ff59...07559e0189f2986512fb49bd8931a5a3248ea8a1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190209/c16aa2b4/attachment-0001.html>
