[Git][security-tracker-team/security-tracker][master] buster triage
Moritz Muehlenhoff
jmm at debian.org
Wed Feb 20 22:45:50 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
10c91f31 by Moritz Muehlenhoff at 2019-02-20T22:45:10Z
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6293,9 +6293,10 @@ CVE-2019-6240 [Arbitrary repo read in Gitlab project import]
- gitlab 11.5.7+dfsg-1 (bug #919822)
NOTE: https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released/
CVE-2018-20699 (Docker Engine before 18.09 allows attackers to cause a denial of ...)
- - docker.io <unfixed>
+ - docker.io <unfixed> (unimportant)
NOTE: https://github.com/docker/engine/pull/70
NOTE: https://github.com/moby/moby/pull/37967
+ NOTE: Negligible security impact
CVE-2019-6239
RESERVED
CVE-2019-6238
@@ -38176,6 +38177,7 @@ CVE-2018-13441 (qh_help in Nagios Core version 4.4.1 and earlier is prone to a N
NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/b1a92a3b52d292ccb601e77a0b29cb1e67ac9d76
CVE-2018-13440 (The audiofile Audio File Library 0.3.6 has a NULL pointer dereference ...)
- audiofile <unfixed> (low; bug #903499)
+ [buster] - audiofile <no-dsa> (Minor issue)
[stretch] - audiofile <no-dsa> (Minor issue)
[jessie] - audiofile <no-dsa> (Minor issue)
NOTE: https://github.com/mpruett/audiofile/issues/49
@@ -65039,8 +65041,7 @@ CVE-2017-1000434 (Wordpress plugin Furikake version 0.1.0 is vulnerable to an Op
NOT-FOR-US: Wordpress plugin Furikake
CVE-2017-1000433 (pysaml2 version 4.4.0 and older accept any password when run with ...)
{DLA-1410-1}
- [experimental] - python-pysaml2 4.5.0-1
- - python-pysaml2 <unfixed> (bug #886423)
+ - python-pysaml2 4.5.0-2 (bug #886423)
[stretch] - python-pysaml2 <no-dsa> (Minor issue)
NOTE: https://github.com/rohe/pysaml2/issues/451
NOTE: Fixed by: https://github.com/rohe/pysaml2/commit/6312a41e037954850867f29d329e5007df1424a5
@@ -93576,11 +93577,12 @@ CVE-2017-11574 (FontForge 20161012 is vulnerable to a heap-based buffer overflow
NOTE: https://github.com/fontforge/fontforge/issues/3090
NOTE: https://github.com/fontforge/fontforge/commit/62b6433a81ee7ed6e0ac2d6b09ac85b885046ac3
CVE-2017-11573 (FontForge 20161012 is vulnerable to a buffer over-read in ...)
- - fontforge <unfixed> (low; bug #873588)
+ - fontforge <unfixed> (unimportant; bug #873588)
[stretch] - fontforge <no-dsa> (Minor issue)
[jessie] - fontforge <no-dsa> (Minor issue)
[wheezy] - fontforge <no-dsa> (Minor issue)
NOTE: https://github.com/fontforge/fontforge/issues/3098
+ NOTE: Crash in GUI tool/related desktop libs, no security impact
CVE-2017-11572 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in ...)
{DSA-3958-1 DLA-1065-1}
- fontforge 1:20170731~dfsg-1 (bug #869614)
@@ -93591,11 +93593,9 @@ CVE-2017-11571 (FontForge 20161012 is vulnerable to a stack-based buffer overflo
NOTE: https://github.com/fontforge/fontforge/issues/3087
NOTE: https://github.com/fontforge/fontforge/commit/5a0c6522682b0788fc478dd159dd6168cb5fa38b
CVE-2017-11570 (FontForge 20161012 is vulnerable to a buffer over-read in umodenc ...)
- - fontforge <unfixed> (low; bug #873587)
- [stretch] - fontforge <no-dsa> (Minor issue)
- [jessie] - fontforge <no-dsa> (Minor issue)
- [wheezy] - fontforge <no-dsa> (Minor issue)
+ - fontforge <unfixed> (unimportant; bug #873587)
NOTE: https://github.com/fontforge/fontforge/issues/3097
+ NOTE: Crash in GUI tool/related desktop libs, no security impact
CVE-2017-11569 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in ...)
{DSA-3958-1 DLA-1065-1}
- fontforge 1:20170731~dfsg-1 (bug #869614)
@@ -113917,6 +113917,7 @@ CVE-2016-10125 (D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hard
NOT-FOR-US: D-Link
CVE-2016-10127 (PySAML2 allows remote attackers to conduct XML external entity (XXE) ...)
- python-pysaml2 <unfixed> (low; bug #859135)
+ [buster] - python-pysaml2 <no-dsa> (Minor issue)
[stretch] - python-pysaml2 <no-dsa> (Minor issue)
[jessie] - python-pysaml2 <no-dsa> (Minor issue)
NOTE: https://github.com/rohe/pysaml2/issues/366
@@ -179723,10 +179724,7 @@ CVE-2015-1402 (Cross-site scripting (XSS) vulnerability in the Content Rating ..
CVE-2015-1401 (Improper Authentication vulnerability in the "LDAP / SSO ...)
NOT-FOR-US: typo3 extension
CVE-2015-1554 (kgb-bot 1.33-2 allows remote attackers to cause a denial of service ...)
- - kgb-bot <unfixed> (low; bug #776424)
- [stretch] - kgb-bot <ignored> (Minor issue)
- [jessie] - kgb-bot <ignored> (Minor issue)
- [wheezy] - kgb-bot <ignored> (Minor issue)
+ - kgb-bot <undetermined> (low; bug #776424)
CVE-2015-1369 (SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js ...)
NOT-FOR-US: sequelize
CVE-2015-1354
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10c91f31119e0e499492249d40d3817e36e67181
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10c91f31119e0e499492249d40d3817e36e67181
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190220/26d81f46/attachment.html>
More information about the debian-security-tracker-commits
mailing list