[Git][security-tracker-team/security-tracker][master] Associate some older entries with vdsm, itp'ed

Salvatore Bonaccorso carnil at debian.org
Fri Feb 15 07:31:53 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e12e444a by Salvatore Bonaccorso at 2019-02-15T07:31:18Z
Associate some older entries with vdsm, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43744,7 +43744,7 @@ CVE-2018-10910 (A bug in Bluez may allow for the Bluetooth Discoverable state be
 CVE-2018-10909
 	RESERVED
 CVE-2018-10908 (It was found that vdsm before version 4.20.37 invokes qemu-img on ...)
-	NOT-FOR-US: ovirt
+	- vdsm <itp> (bug #668538)
 CVE-2018-10907 (It was found that glusterfs server is vulnerable to multiple stack ...)
 	{DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
@@ -187506,7 +187506,7 @@ CVE-2014-7970 (The pivot_root implementation in fs/namespace.c in the Linux kern
 	- linux 3.16.7-1
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0826019e529f21c84687521d03f60cd241ca7d
 CVE-2014-7968 (VDSM allows remote attackers to cause a denial of service (connection ...)
-	NOT-FOR-US: Red Hat vdsm
+	- vdsm <itp> (bug #668538)
 CVE-2014-7967 (Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, ...)
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
@@ -215611,7 +215611,7 @@ CVE-2013-4281
 	RESERVED
 CVE-2013-4280
 	RESERVED
-	NOT-FOR-US: Red Hat vdsm
+	- vdsm <itp> (bug #668538)
 CVE-2013-4279 (imapsync 1.564 and earlier performs a release check by default, which ...)
 	- imapsync <removed>
 CVE-2013-4278 (The "create an instance" API in OpenStack Compute (Nova) Folsom, ...)
@@ -215776,8 +215776,7 @@ CVE-2013-4237 (sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc
 	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=14699
 	NOTE: http://sourceware.org/ml/libc-alpha/2013-05/msg00445.html
 CVE-2013-4236 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged ...)
-	NOT-FOR-US: Red Hat vdsm
-	NOTE: for incomplete fix for CVE-2013-0167
+	- vdsm <itp> (bug #668538)
 CVE-2013-4235 [TOCTOU race conditions by copying and removing directory trees]
 	RESERVED
 	- shadow <unfixed> (unimportant; bug #778950)
@@ -227530,7 +227529,7 @@ CVE-2013-0169 (The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, a
 CVE-2013-0168 (The MoveDisk command in Red Hat Enterprise Virtualization Manager ...)
 	NOTE: RHEV management tool
 CVE-2013-0167 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged ...)
-	NOT-FOR-US: Red Hat vdsm
+	- vdsm <itp> (bug #668538)
 CVE-2013-0166 (OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d ...)
 	{DSA-2621-1}
 	- openssl 1.0.1e-1 (bug #699889)
@@ -264643,7 +264642,7 @@ CVE-2010-2813 (functions/imap_general.php in SquirrelMail before 1.4.21 does not
 CVE-2010-2812 (Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of ...)
 	- znc 0.092-2 (unimportant; bug #599708)
 CVE-2010-2811 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise ...)
-	NOT-FOR-US: Red Hat Virtual Desktop Server Manager
+	- vdsm <itp> (bug #668538)
 CVE-2010-2810 (Heap-based buffer overflow in the convert_to_idna function in ...)
 	- lynx-cur 2.8.8dev.5-1 (bug #594300)
 	[lenny] - lynx-cur <no-dsa> (Minor issue, exploit scenario really obscure)
@@ -266318,7 +266317,7 @@ CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage unserializer
 CVE-2010-2224 (The snapshot merging functionality in Red Hat Enterprise ...)
 	NOT-FOR-US: Red Hat Enterprise Virtualization Manager (RHEV-M)
 CVE-2010-2223 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise ...)
-	NOT-FOR-US: Red Hat Enterprise Virtualization Hypervisor (RHEV-H)
+	- vdsm <itp> (bug #668538)
 CVE-2010-2222
 	RESERVED
 	NOT-FOR-US: Red Hat Directory Server



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e12e444aa4bd5a1c59b9b50e31099f458fc86ad1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e12e444aa4bd5a1c59b9b50e31099f458fc86ad1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190215/656bcb7a/attachment.html>

More information about the debian-security-tracker-commits mailing list