[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff jmm at debian.org
Sat Feb 9 19:28:48 GMT 2019 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca9e1ae1 by Moritz Muehlenhoff at 2019-02-09T19:28:25Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3324,6 +3324,7 @@ CVE-2017-18356 (In the Automattic WooCommerce plugin before 3.2.4 for WordPress,
 	NOT-FOR-US: Automattic WooCommerce plugin for WordPress
 CVE-2019-6293 (An issue was discovered in the function mark_beginning_as_normal in ...)
 	- flex <unfixed> (low; bug #919428)
+	[buster] - flex <no-dsa> (Minor issue)
 	[stretch] - flex <no-dsa> (Minor issue)
 	[jessie] - flex <no-dsa> (Minor issue)
 	NOTE: https://github.com/westes/flex/issues/414
@@ -15667,35 +15668,29 @@ CVE-2018-19893 (SearchController.php in PbootCMS 1.2.1 has SQL injection via the
 CVE-2018-19892 (DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php ...)
 	NOT-FOR-US: DomainMOD
 CVE-2018-19891 (An invalid memory address dereference was discovered in the huffcode ...)
-	- faac <unfixed> (bug #915763)
-	[stretch] - faac <no-dsa> (Non-free not supported)
-	[jessie] - faac <no-dsa> (Non-free not supported)
+	- faac <unfixed> (unimportant; bug #915763)
 	NOTE: https://github.com/knik0/faac/issues/24
+	NOTE: Negligable security impact, crash in CLI tool (builds a lib, but only internal)
 CVE-2018-19890 (An invalid memory address dereference was discovered in the huffcode ...)
-	- faac <unfixed> (bug #915763)
-	[stretch] - faac <no-dsa> (Non-free not supported)
-	[jessie] - faac <no-dsa> (Non-free not supported)
+	- faac <unfixed> (unimportant; bug #915763)
 	NOTE: https://github.com/knik0/faac/issues/20
+	NOTE: Negligable security impact, crash in CLI tool (builds a lib, but only internal)
 CVE-2018-19889 (An invalid memory address dereference was discovered in the huffcode ...)
-	- faac <unfixed> (bug #915763)
-	[stretch] - faac <no-dsa> (Non-free not supported)
-	[jessie] - faac <no-dsa> (Non-free not supported)
+	- faac <unfixed> (unimportant; bug #915763)
 	NOTE: https://github.com/knik0/faac/issues/22
+	NOTE: Negligable security impact, crash in CLI tool (builds a lib, but only internal)
 CVE-2018-19888 (An invalid memory address dereference was discovered in the huffcode ...)
-	- faac <unfixed> (bug #915763)
-	[stretch] - faac <no-dsa> (Non-free not supported)
-	[jessie] - faac <no-dsa> (Non-free not supported)
+	- faac <unfixed> (unimportant; bug #915763)
 	NOTE: https://github.com/knik0/faac/issues/25
+	NOTE: Negligable security impact, crash in CLI tool (builds a lib, but only internal)
 CVE-2018-19887 (An invalid memory address dereference was discovered in the huffcode ...)
-	- faac <unfixed> (bug #915763)
-	[stretch] - faac <no-dsa> (Non-free not supported)
-	[jessie] - faac <no-dsa> (Non-free not supported)
+	- faac <unfixed> (unimportant; bug #915763)
 	NOTE: https://github.com/knik0/faac/issues/21
+	NOTE: Negligable security impact, crash in CLI tool (builds a lib, but only internal)
 CVE-2018-19886 (An invalid memory address dereference was discovered in the huffcode ...)
-	- faac <unfixed> (bug #915763)
-	[stretch] - faac <no-dsa> (Non-free not supported)
-	[jessie] - faac <no-dsa> (Non-free not supported)
+	- faac <unfixed> (unimportant; bug #915763)
 	NOTE: https://github.com/knik0/faac/issues/23
+	NOTE: Negligable security impact, crash in CLI tool (builds a lib, but only internal)
 CVE-2018-19885
 	RESERVED
 CVE-2018-19884
@@ -49745,6 +49740,7 @@ CVE-2018-8003 (Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a direc
 	NOT-FOR-US: Apache Ambari
 CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in ...)
 	- libpodofo <unfixed> (low; bug #892557)
+	[buster] - libpodofo <no-dsa> (Minor issue)
 	[stretch] - libpodofo <no-dsa> (Minor issue)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
 	[wheezy] - libpodofo <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ca9e1ae101b2f23cbe4484192da050c531ebcc14

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ca9e1ae101b2f23cbe4484192da050c531ebcc14
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190209/f4623658/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list