[Git][security-tracker-team/security-tracker][master] 5 commits: Add CVE-2019-6454/systemd

Mon Feb 18 15:25:05 GMT 2019

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8130b0a3 by Salvatore Bonaccorso at 2019-02-18T15:07:53Z
Add CVE-2019-6454/systemd

- - - - -
85f7d2cc by Salvatore Bonaccorso at 2019-02-18T15:11:46Z
Mark CVE-2018-3721/node-lodash as fixed in unstable with 4.17.11+dfsg-1

- - - - -
ed18d8a0 by Salvatore Bonaccorso at 2019-02-18T15:13:17Z
Add fixed version for CVE-2018-20030/libexif

- - - - -
4de445d3 by Salvatore Bonaccorso at 2019-02-18T15:23:39Z
Add fixed version for CVE-2019-6454/systemd

- - - - -
442d13bc by Salvatore Bonaccorso at 2019-02-18T15:24:46Z
Merge remote-tracking branch 'origin/master'

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4632,8 +4632,9 @@ CVE-2019-6456 (An issue was discovered in GNU Recutils 1.8. There is a NULL poin
 CVE-2019-6455 (An issue was discovered in GNU Recutils 1.8. There is a double-free ...)
 	- recutils <unfixed> (unimportant)
 	NOTE: Negligable security impact
-CVE-2019-6454
+CVE-2019-6454 [systemd (PID1) crash with specially crafted D-Bus message]
 	RESERVED
+	- systemd 240-6
 CVE-2019-6453
 	RESERVED
 CVE-2019-6452
@@ -15379,7 +15380,7 @@ CVE-2018-20031
 	RESERVED
 CVE-2018-20030 [Input validation issue resulting in a denial of service]
 	RESERVED
-	- libexif <unfixed> (bug #918730)
+	- libexif 0.6.21-5.1 (bug #918730)
 	[stretch] - libexif <no-dsa> (Minor issue)
 	[jessie] - libexif <no-dsa> (Minor issue)
 	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/
@@ -64394,7 +64395,7 @@ CVE-2018-3723 (defaults-deep node module before 0.2.4 suffers from a Modificatio
 CVE-2018-3722 (merge-deep node module before 3.0.1 suffers from a Modification of ...)
 	NOT-FOR-US: merge-deep node module
 CVE-2018-3721 (lodash node module before 4.17.5 suffers from a Modification of ...)
-	- node-lodash <unfixed> (unimportant; bug #890575)
+	- node-lodash 4.17.11+dfsg-1 (unimportant; bug #890575)
 	NOTE: https://snyk.io/vuln/npm:lodash:20180130
 	NOTE: https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a
 	NOTE: nodejs not covered by security support



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/73ecb39c8f601955550305fb47fb8ad83e3468f8...442d13bce53a402c11d78d0efb35bc7c57303499

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/73ecb39c8f601955550305fb47fb8ad83e3468f8...442d13bce53a402c11d78d0efb35bc7c57303499
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190218/c5d6519f/attachment-0001.html>
