[Git][security-tracker-team/security-tracker][master] lxc unimportant

Moritz Muehlenhoff jmm at debian.org
Mon Feb 11 17:32:27 GMT 2019 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0d45b1b3 by Moritz Muehlenhoff at 2019-02-11T17:31:45Z
lxc unimportant
ffmpeg bug

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -928,7 +928,7 @@ CVE-2019-1000019 (libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a7
 CVE-2019-1000017 (Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect ...)
 	NOT-FOR-US: Chamilo Chamilo-lms
 CVE-2019-1000016 (FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array ...)
-	- ffmpeg <unfixed>
+	- ffmpeg <unfixed> (low; bug #922066)
 	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/b97a4b658814b2de8b9f2a3bce491c002d34de31#diff-cd7e24986650014d67f484f3ffceef3f
 CVE-2019-1000015 (Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site ...)
@@ -4918,10 +4918,11 @@ CVE-2018-20678
 CVE-2019-5736 [runc container breakout]
 	RESERVED
 	- runc <unfixed> (bug #922050)
-	- lxc <unfixed>
+	- lxc <unfixed> (unimportant)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/02/11/2
 	NOTE: runc: Fixed by: https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
 	NOTE: lxc: Fixed by https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d
+	NOTE: Not considered a security issue by LXC upstream
 CVE-2019-5735
 	RESERVED
 CVE-2019-5734



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0d45b1b37f992d019bf63cddc78251bd20838154

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0d45b1b37f992d019bf63cddc78251bd20838154
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190211/3b42b10b/attachment.html>

More information about the debian-security-tracker-commits mailing list