[Git][security-tracker-team/security-tracker][master] buster triage
Moritz Muehlenhoff
jmm at debian.org
Fri Feb 22 22:31:00 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
93c3b8ff by Moritz Muehlenhoff at 2019-02-22T22:30:40Z
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12449,6 +12449,7 @@ CVE-2018-20651 (A NULL pointer dereference was discovered in ...)
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f
CVE-2018-20650 (A reachable Object::dictLookup assertion in Poppler 0.72.0 allows ...)
- poppler <unfixed> (low; bug #917974)
+ [buster] - poppler <no-dsa> (Minor issue)
[stretch] - poppler <no-dsa> (Minor issue)
[jessie] - poppler <postponed> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7
@@ -12984,19 +12985,19 @@ CVE-2018-20535 (There is a use-after-free at asm/preproc.c (function pp_getline)
[jessie] - nasm <no-dsa> (Minor issue)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392530
CVE-2018-20534 (There is an illegal address access at src/pool.h (function ...)
- - libsolv <unfixed> (low)
+ - libsolv <unfixed> (low; bug #923002)
[stretch] - libsolv <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652604
NOTE: https://github.com/openSUSE/libsolv/pull/291
NOTE: https://github.com/openSUSE/libsolv/commit/4830af9d979d3685de538b80fbeba51ad590525e
CVE-2018-20533 (There is a NULL pointer dereference at ext/testcase.c (function ...)
- - libsolv <unfixed> (low)
+ - libsolv <unfixed> (low; bug #923002)
[stretch] - libsolv <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652599
NOTE: https://github.com/openSUSE/libsolv/pull/291
NOTE: https://github.com/openSUSE/libsolv/commit/4830af9d979d3685de538b80fbeba51ad590525e
CVE-2018-20532 (There is a NULL pointer dereference at ext/testcase.c (function ...)
- - libsolv <unfixed> (low)
+ - libsolv <unfixed> (low; bug #923002)
[stretch] - libsolv <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652605
NOTE: https://github.com/openSUSE/libsolv/pull/291
@@ -23757,6 +23758,7 @@ CVE-2018-19143 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x bef
NOTE: https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/
CVE-2018-19120 (The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows ...)
- kio-extras 4:18.08.3-1 (bug #913595)
+ [buster] - kio-extras <no-dsa> (Minor issue)
[stretch] - kio-extras <no-dsa> (Minor issue)
- kde-runtime <unfixed> (bug #913596)
[stretch] - kde-runtime <no-dsa> (Minor issue)
@@ -73665,11 +73667,13 @@ CVE-2018-1100 (zsh through version 5.4.2 is vulnerable to a stack-based buffer .
NOTE: https://www.zsh.org/cgi-bin/mla/redirect?WORKERNUMBER=42607
NOTE: https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/
CVE-2018-1099 (DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An ...)
- - etcd <unfixed> (bug #921156)
+ - etcd <unfixed> (low; bug #921156)
+ [stretch] - etcd <postponed> (Minor issue, revisit when fixed upstream and possibly backported to 3.2.x)
NOTE: https://github.com/coreos/etcd/issues/9353
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552717
CVE-2018-1098 (A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. ...)
- - etcd <unfixed> (bug #921156)
+ - etcd <unfixed> (low; bug #921156)
+ [stretch] - etcd <postponed> (Minor issue, revisit when fixed upstream and possibly backported to 3.2.x)
NOTE: https://github.com/coreos/etcd/issues/9353
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552714
CVE-2018-1097 (A flaw was found in foreman before 1.16.1. The issue allows users with ...)
@@ -150003,7 +150007,8 @@ CVE-2016-2569 (Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly ap
NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch
NOTE: Upstream confirmed it does not affect squid 2.7.x
CVE-2016-2568 (pkexec, when used with --user nonpriv, allows local users to escape to ...)
- - policykit-1 <unfixed> (bug #816062; bug #812512)
+ - policykit-1 <unfixed> (low; bug #816062; bug #812512)
+ [buster] - policykit-1 <ignored> (Minor issue)
[stretch] - policykit-1 <ignored> (Minor issue)
[jessie] - policykit-1 <ignored> (Minor issue)
[wheezy] - policykit-1 <ignored> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/93c3b8ff16d55dbb4955ff8781d7e1fd3abe1573
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/93c3b8ff16d55dbb4955ff8781d7e1fd3abe1573
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190222/900544b9/attachment.html>
More information about the debian-security-tracker-commits
mailing list