[Git][security-tracker-team/security-tracker][master] buster triage

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f9762516 by Moritz Muehlenhoff at 2019-02-18T22:26:13Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4329,7 +4329,8 @@ CVE-2019-1000018 (rssh version 2.3.4 contains a CWE-77: Improper Neutralization
 CVE-2019-6989
 	RESERVED
 CVE-2019-6988 (An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers ...)
-	- openjpeg2 <unfixed> (low)
+	- openjpeg2 <unfixed> (low; bug #922648)
+	[buster] - openjpeg2 <ignored> (Minor issue)
 	[stretch] - openjpeg2 <ignored> (Minor issue)
 	[jessie] - openjpeg2 <ignored> (Minor issue)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1178
@@ -18518,10 +18519,12 @@ CVE-2018-19869 (An issue was discovered in Qt before 5.11.3. A malformed SVG ima
 	[stretch] - qtsvg-opensource-src <no-dsa> (Minor issue)
 	[jessie] - qtsvg-opensource-src <no-dsa> (Minor issue)
 	- qt4-x11 <unfixed> (low)
+	[buster] - qt4-x11 <no-dsa> (Minor issue)
 	[stretch] - qt4-x11 <no-dsa> (Minor issue)
 	[jessie] - qt4-x11 <no-dsa> (Minor issue)
 	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
 	NOTE: https://codereview.qt-project.org/#/c/234142/
+	NOTE: https://github.com/qt/qtsvg/commit/8c199714e9bc638fb3f6ec747fb7a23373e49335
 CVE-2018-19868
 	RESERVED
 CVE-2018-19867
@@ -117033,16 +117036,13 @@ CVE-2016-10042 (Authorization Bypass in the Web interface of Arcadyan SLT-00 Sta
 CVE-2016-10041 (An issue was discovered in Sprecher Automation SPRECON-E Service ...)
 	NOT-FOR-US: Sprecher Automation SPRECON-E Service
 CVE-2016-10040 (Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows ...)
-	- qt4-x11 <unfixed> (low; bug #851058)
-	[buster] - qt4-x11 <ignored> (Minor issue)
-	[stretch] - qt4-x11 <ignored> (Minor issue)
+	- qt4-x11 4:4.8.7+dfsg-1 (low; bug #851058)
 	[jessie] - qt4-x11 <ignored> (Minor issue)
 	[wheezy] - qt4-x11 <ignored> (Minor issue)
-	- qtbase-opensource-src <unfixed> (low; bug #850954)
-	[stretch] - qtbase-opensource-src <ignored> (Minor issue)
-	[jessie] - qtbase-opensource-src <ignored> (Minor issue)
+	- qtbase-opensource-src 5.2.0+dfsg-7
 	NOTE: CVE assignment specific to http://www.openwall.com/lists/oss-security/2016/12/24/2
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/24/1
+	NOTE: https://github.com/qt/qtbase/commit/f1053d94f59f053ce4acad9320df14f1fbe4faac
 CVE-2016-10039 (Directory traversal in /connectors/index.php in MODX Revolution before ...)
 	NOT-FOR-US: MODX Revolution
 CVE-2016-10038 (Directory traversal in /connectors/index.php in MODX Revolution before ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f97625168ba5f33a000411b3f0bde95a84d63d63

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f97625168ba5f33a000411b3f0bde95a84d63d63
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190218/0b6e99ff/attachment.html>