[Git][security-tracker-team/security-tracker][master] stretch triage
Moritz Muehlenhoff
jmm at debian.org
Fri Feb 22 19:57:51 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
babb564d by Moritz Muehlenhoff at 2019-02-22T19:57:12Z
stretch triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1271,7 +1271,8 @@ CVE-2019-8402
CVE-2018-20782 (The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages. ...)
NOT-FOR-US: WooCommerce plugin
CVE-2016-10742 (Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before ...)
- - zabbix 1:3.0.17+dfsg-1
+ - zabbix 1:3.0.17+dfsg-1 (low)
+ [stretch] - zabbix <no-dsa> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-10272
NOTE: https://support.zabbix.com/browse/ZBX-13133
CVE-2019-8401
@@ -5275,6 +5276,7 @@ CVE-2019-6690 [improper input validation in gnupg.GPG.encrypt() and gnupg.GPG.de
RESERVED
{DLA-1675-1}
- python-gnupg 0.4.4-1
+ [stretch] - python-gnupg <no-dsa> (Minor issue)
NOTE: https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability
NOTE: https://github.com/vsajip/python-gnupg/commit/39eca266dd837e2ad89c94eb17b7a6f50b25e7cf#diff-88b99bb28683bd5b7e3a204826ead112
NOTE: https://github.com/vsajip/python-gnupg/commit/3003b654ca1c29b0510a54b9848571b3ad57df19#diff-88b99bb28683bd5b7e3a204826ead112
@@ -6411,7 +6413,8 @@ CVE-2019-6246 (An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling
NOTE: https://github.com/svgpp/svgpp/issues/70
CVE-2019-6245 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in ...)
{DLA-1656-1}
- - agg 1:2.4-r127+dfsg1-1 (bug #919322)
+ - agg 1:2.4-r127+dfsg1-1 (low; bug #919322)
+ [stretch] - agg <no-dsa> (Minor issue)
- svgpp <unfixed> (bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
NOTE: Fixed in src:agg with: https://sourceforge.net/p/agg/svn/119/
@@ -26578,6 +26581,7 @@ CVE-2018-1000808 (Python Cryptographic Authority pyopenssl version Before 17.5.0
NOTE: https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
CVE-2018-1000807 (Python Cryptographic Authority pyopenssl version prior to version ...)
- pyopenssl 17.5.0-1
+ [stretch] - pyopenssl <no-dsa> (Minor issue)
[jessie] - pyopenssl <no-dsa> (Minor issue, but also requires at least cryptography 2.1.4 which exposes the X509_up_ref method)
NOTE: https://github.com/pyca/pyopenssl/pull/723
NOTE: https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/babb564dff6eff5e7af22a5392f2ffe4d3ca4144
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/babb564dff6eff5e7af22a5392f2ffe4d3ca4144
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190222/17e15b34/attachment.html>
More information about the debian-security-tracker-commits
mailing list