[Git][security-tracker-team/security-tracker][master] buster triage

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
82a8541d by Moritz Muehlenhoff at 2019-02-10T18:43:41Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29934,11 +29934,11 @@ CVE-2018-1000656 (The Pallets Project flask version Before 0.12.3 contains a CWE
 CVE-2018-1000655 (Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference ...)
 	NOT-FOR-US: Jsish
 CVE-2018-1000654 (GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 ...)
-	- libtasn1-6 <unfixed> (bug #906768)
-	[stretch] - libtasn1-6 <no-dsa> (Minor issue)
-	[jessie] - libtasn1-6 <no-dsa> (Minor issue since this cannot be exploited at runtime)
+	- libtasn1-6 <unfixed> (unimportant; bug #906768)
 	- libtasn1-3 <removed>
 	NOTE: https://gitlab.com/gnutls/libtasn1/issues/4
+	NOTE: No security impact, does not affect libtasn, but only the asn1Parser from
+	NOTE: libtasn1-bin
 CVE-2018-1000653 (zzcms version 8.3 and earlier contains a SQL Injection vulnerability ...)
 	NOT-FOR-US: zzcms
 CVE-2018-1000652 (JabRef version <=4.3.1 contains a XML External Entity (XXE) ...)
@@ -78279,6 +78279,7 @@ CVE-2017-15638 (The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux ..
 	NOT-FOR-US: SuSEfirewall2 in SUSE
 CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing ...)
 	- wordpress <unfixed> (bug #880868)
+	[buster] - wordpress <postponed> (Minor issue, can be revisited with upstream has picked a new hashing solution)
 	[stretch] - wordpress <postponed> (Minor issue, can be revisited with upstream has picked a new hashing solution)
 	[jessie] - wordpress <postponed> (Minor issue, can be revisited with upstream has picked a new hashing solution)
 	[wheezy] - wordpress <postponed> (Minor issue, can be revisited with upstream has picked a new hashing solution)
@@ -232280,6 +232281,7 @@ CVE-2012-4231 (Cross-site scripting (XSS) vulnerability in admin/index.php in jC
 	NOT-FOR-US: jCore
 CVE-2012-4230 (The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the ...)
 	- tinymce <unfixed> (low; bug #796117)
+	[buster] - tinymce <no-dsa> (Minor issue)
 	[stretch] - tinymce <no-dsa> (Minor issue)
 	[jessie] - tinymce <no-dsa> (Minor issue)
 	[squeeze] - tinymce <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/82a8541d73f997d03c5e6def88ac86ddd41a4254

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/82a8541d73f997d03c5e6def88ac86ddd41a4254
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190210/f28384fa/attachment.html>