[Git][security-tracker-team/security-tracker][master] buster triage

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
00a06476 by Moritz Muehlenhoff at 2019-02-19T21:13:40Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -32444,6 +32444,7 @@ CVE-2018-15686 (A vulnerability in unit_deserialize of systemd allows an attacke
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1687
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796402
 	NOTE: https://github.com/systemd/systemd/pull/10519
+	NOTE: https://github.com/systemd/systemd/commit/9f1c81d80a435d15ca1bd536a6d043c18c81c047
 CVE-2018-15685 (GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain ...)
 	- electron <itp> (bug #842420)
 CVE-2018-15684 (An issue was discovered in BTITeam XBTIT. PHP error logs are stored in ...)
@@ -58131,10 +58132,13 @@ CVE-2018-6261 (NVIDIA GeForce Experience prior to 3.15 contains a vulnerability
 	NOT-FOR-US: NVIDIA GeForce Experience
 CVE-2018-6260 (NVIDIA graphics driver contains a vulnerability that may allow access ...)
 	- nvidia-graphics-drivers <unfixed> (bug #913467)
+	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-390xx <unfixed>
+	[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-340xx <unfixed>
+	[buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
 	[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-304xx <unfixed>
 	[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
@@ -73541,7 +73545,7 @@ CVE-2018-1064 (libvirt version before 4.2.0-rc1 is vulnerable to a resource ...)
 	- libvirt 4.1.0-1
 	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513
 CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic link ...)
-	- policycoreutils <unfixed>
+	- policycoreutils 2.7-1
 	[stretch] - policycoreutils <no-dsa> (Minor issue)
 	[jessie] - policycoreutils <no-dsa> (Minor issue)
 	[wheezy] - policycoreutils <no-dsa> (Minor issue)
@@ -73549,6 +73553,7 @@ CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic link
 	NOTE: Mitigation by removing any symbolic link in /tmp and /var/tmp directories
 	NOTE: before relabeling the file system. Futhtermore only triggerable at
 	NOTE: relabeling time.
+	NOTE: https://github.com/SELinuxProject/selinux/commit/2608b4d6660af0fb8ad93f2cc144bdaab3c2afa8
 CVE-2018-1062 (A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the ...)
 	NOT-FOR-US: ovirt-engine
 CVE-2018-1061 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/00a06476a73bbe51ad4b11f0fbca7d0db6432d9c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/00a06476a73bbe51ad4b11f0fbca7d0db6432d9c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190219/2a524479/attachment.html>