[Git][security-tracker-team/security-tracker][master] buster triage

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b4d72d25 by Moritz Muehlenhoff at 2019-02-25T19:17:43Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25830,7 +25830,8 @@ CVE-2018-18444 (makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of
 	- openexr <unfixed> (unimportant)
 	NOTE: Issue in exrmultiview which is not installed in the binary package.
 CVE-2018-18443 (OpenEXR 2.3.0 has a memory leak in ThreadPool in ...)
-	- openexr <unfixed>
+	- openexr <unfixed> (low)
+	[buster] - openexr <no-dsa> (Minor issue)
 	[stretch] - openexr <no-dsa> (Minor issue)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	NOTE: https://github.com/openexr/openexr/issues/350
@@ -26934,7 +26935,8 @@ CVE-2018-18065 (_set_key in agent/helpers/table_container.c in Net-SNMP before 5
 	NOTE: https://dumpco.re/blog/net-snmp-5.7.3-remote-dos
 	NOTE: https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/
 CVE-2018-18064 (cairo through 1.15.14 has an out-of-bounds stack-memory write during ...)
-	- cairo <unfixed> (bug #916083)
+	- cairo <unfixed> (low; bug #916083)
+	[buster] - cairo <no-dsa> (Minor issue)
 	[stretch] - cairo <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/341
 CVE-2018-18063
@@ -29375,10 +29377,9 @@ CVE-2018-17078
 CVE-2018-17077 (An issue was discovered in yiqicms through 2016-11-20. There is stored ...)
 	NOT-FOR-US: yiqicms
 CVE-2018-17076 (GPP through 2.25 will try to use more memory space than is available on ...)
-	- gpp <unfixed> (bug #908939)
-	[stretch] - gpp <no-dsa> (Minor issue)
-	[jessie] - gpp <no-dsa> (Minor issue)
+	- gpp <unfixed> (unimportant; bug #908939)
 	NOTE: https://github.com/logological/gpp/issues/26
+	NOTE: Crash in CLI tool, no security impact
 CVE-2018-17075 (The html package (aka x/net/html) before 2018-07-13 in Go mishandles ...)
 	- golang-golang-x-net-dev <not-affected> (Vulnerable code introduced later)
 	- golang-go.net-dev <not-affected> (Vulnerable code introduced later)
@@ -73201,6 +73202,7 @@ CVE-2018-1298 (A Denial of Service vulnerability was found in Apache Qpid Broker
 	NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=4b9fb37
 CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x and ...)
 	- jakarta-jmeter <unfixed> (low; bug #897259)
+	[buster] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
 	[stretch] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
 	[jessie] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
 	[wheezy] - jakarta-jmeter <no-dsa> (Minor issue)
@@ -73228,6 +73230,7 @@ CVE-2018-1288 (In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.
 	- kafka <itp> (bug #786460)
 CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI ...)
 	- jakarta-jmeter <unfixed> (low)
+	[buster] - jakarta-jmeter <no-dsa> (Minor issue)
 	[stretch] - jakarta-jmeter <no-dsa> (Minor issue)
 	[jessie] - jakarta-jmeter <no-dsa> (Minor issue)
 	[wheezy] - jakarta-jmeter <no-dsa> (Minor issue)
@@ -97588,6 +97591,7 @@ CVE-2017-9815 (In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in ...)
 	NOTE: The issue is addressed with the same commit as for CVE-2017-9403
 CVE-2017-9814 (cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote ...)
 	- cairo <unfixed> (low; bug #868580)
+	[buster] - cairo <no-dsa> (Minor issue)
 	[stretch] - cairo <no-dsa> (Minor issue)
 	[jessie] - cairo <no-dsa> (Minor issue)
 	[wheezy] - cairo <no-dsa> (Minor issue)
@@ -106900,6 +106904,7 @@ CVE-2017-7476 (Gnulib before 2017-04-26 has a heap-based buffer overflow with th
 	NOTE: Introduced with 4bc76593 and 4e6e16b3f.
 CVE-2017-7475 (Cairo version 1.15.4 is vulnerable to a NULL pointer dereference ...)
 	- cairo <unfixed> (low; bug #870264)
+	[buster] - cairo <no-dsa> (Minor issue)
 	[stretch] - cairo <no-dsa> (Minor issue)
 	[jessie] - cairo <no-dsa> (Minor issue)
 	[wheezy] - cairo <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4d72d25b2ce11a0db70fe537dc7a8d905ed1c27

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4d72d25b2ce11a0db70fe537dc7a8d905ed1c27
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190225/46b35dfc/attachment.html>