[Git][security-tracker-team/security-tracker][master] wireshark postponed

Moritz Muehlenhoff jmm at debian.org
Wed Jan 9 09:02:37 GMT 2019 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4b6966ba by Moritz Muehlenhoff at 2019-01-09T09:02:06Z
wireshark postponed
add note for gnuplot

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43,22 +43,26 @@ CVE-2016-10735 (In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2,
 CVE-2019-5720 (includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a ...)
 	- frontaccounting <removed>
 CVE-2019-5719 (In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector ...)
-	- wireshark <unfixed>
+	- wireshark <unfixed> (low)
+	[stretch] - wireshark <postponed> (Minor issue, wait for next 2.6.x release)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15374
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b5b02f2a9b8772d8814096f86c60a32889d61f2c
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-04.html
 CVE-2019-5718 (In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and ...)
-	- wireshark <unfixed>
+	- wireshark <unfixed> (low)
+	[stretch] - wireshark <postponed> (Minor issue, wait for next 2.6.x release)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-03.html
 CVE-2019-5717 (In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector ...)
-	- wireshark <unfixed>
+	- wireshark <unfixed> (low)
+	[stretch] - wireshark <postponed> (Minor issue, wait for next 2.6.x release)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15337
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bf9272a92f3df1e4ccfaad434e123222ae5313f7
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-02.html
 CVE-2019-5716 (In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This ...)
-	- wireshark <unfixed>
+	- wireshark <unfixed> (low)
+	[stretch] - wireshark <postponed> (Minor issue, wait for next 2.6.x release)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15217
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2b2eea1793dbff813896e1ae9dff1bedb39ee010
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-01.html
@@ -14416,7 +14420,8 @@ CVE-2018-19492 (An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issu
 	NOTE: https://sourceforge.net/p/gnuplot/bugs/2089/
 	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
 	NOTE: No security impact, neutralised by toolchain hardening
-	NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source
+	NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source,
+	NOTE: see README.Debian.security (added in 5.2.6)
 CVE-2018-19491 (An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows ...)
 	{DLA-1597-1 DLA-1595-1}
 	- gnuplot <unfixed> (unimportant)
@@ -14424,6 +14429,7 @@ CVE-2018-19491 (An issue was discovered in post.trm in Gnuplot 5.2.5. This issue
 	NOTE: https://sourceforge.net/p/gnuplot/bugs/2094/
 	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
 	NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source
+	NOTE: see README.Debian.security (added in 5.2.6)
 CVE-2018-19490 (An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue ...)
 	{DLA-1597-1 DLA-1595-1}
 	- gnuplot <unfixed> (unimportant)
@@ -14431,6 +14437,7 @@ CVE-2018-19490 (An issue was discovered in datafile.c in Gnuplot 5.2.5. This iss
 	NOTE: https://sourceforge.net/p/gnuplot/bugs/2093/
 	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
 	NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source
+	NOTE: see README.Debian.security (added in 5.2.6)
 CVE-2018-19489 (v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a ...)
 	- qemu 1:3.1+dfsg-1 (bug #914727)
 	- qemu-kvm <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b6966baa751148bb06eade39056590f3ffbe2e3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b6966baa751148bb06eade39056590f3ffbe2e3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190109/4f8531f9/attachment.html>

More information about the debian-security-tracker-commits mailing list