[Git][security-tracker-team/security-tracker][master] buster triage
Moritz Muehlenhoff
jmm at debian.org
Sat Feb 16 12:38:32 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2634ae18 by Moritz Muehlenhoff at 2019-02-16T12:38:10Z
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10789,12 +10789,14 @@ CVE-2019-3576 (inxedu through 2018-12-24 has a SQL Injection vulnerability that
CVE-2019-3575 (Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary ...)
NOT-FOR-US: Sqla_yaml_fixtures
CVE-2019-3574 (In libsixel v1.8.2, there is a heap-based buffer over-read in the ...)
- - libsixel <unfixed> (low)
+ - libsixel <unfixed> (low; bug #922460)
+ [buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/83
CVE-2019-3573 (In libsixel v1.8.2, there is an infinite loop in the function ...)
- - libsixel <unfixed> (low)
+ - libsixel <unfixed> (low; bug #922460)
+ [buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <postponed> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/83
@@ -11499,7 +11501,7 @@ CVE-2018-20541 (There is a heap-based buffer overflow in libxsmm_sparse_csc_read
NOTE: https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d
NOTE: https://github.com/hfp/libxsmm/issues/287
CVE-2018-20540 (There is memory leak at liblas::Open (liblas/liblas.hpp) in libLAS ...)
- - liblas <unfixed>
+ - liblas <unfixed> (bug #922459)
[stretch] - liblas <no-dsa> (Minor issue)
[jessie] - liblas <no-dsa> (Minor issue)
NOTE: https://github.com/libLAS/libLAS/issues/158
@@ -45804,6 +45806,7 @@ CVE-2018-10197 (There is a time-based blind SQL injection vulnerability in the A
NOT-FOR-US: ELO
CVE-2018-10196 (NULL pointer dereference vulnerability in the rebuild_vlists function ...)
- graphviz <unfixed> (low; bug #898841)
+ [buster] - graphviz <no-dsa> (Minor issue)
[stretch] - graphviz <no-dsa> (Minor issue)
[jessie] - graphviz <no-dsa> (Minor issue)
[wheezy] - graphviz <no-dsa> (Minor issue)
@@ -222377,6 +222380,7 @@ CVE-2013-1842 (SQL injection vulnerability in the Extbase Framework in TYPO3 4.5
- typo3-src 4.5.19+dfsg1-5 (bug #702574)
CVE-2013-1841 (Net-Server, when the reverse-lookups option is enabled, does not check ...)
- libnet-server-perl <unfixed> (low; bug #702914)
+ [buster] - libnet-server-perl <ignored> (Minor issue)
[stretch] - libnet-server-perl <ignored> (Minor issue)
[jessie] - libnet-server-perl <ignored> (Minor issue)
[wheezy] - libnet-server-perl <ignored> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2634ae18f34c599c78d30a8c3d47b2fb01431ffe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2634ae18f34c599c78d30a8c3d47b2fb01431ffe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190216/b40a7a26/attachment.html>
More information about the debian-security-tracker-commits
mailing list