[Git][security-tracker-team/security-tracker][master] 2 commits: Use same note for CVE-2018-1949{0,1,2}
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 9 11:43:43 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ef692689 by Salvatore Bonaccorso at 2019-01-09T11:32:08Z
Use same note for CVE-2018-1949{0,1,2}
- - - - -
5827b315 by Salvatore Bonaccorso at 2019-01-09T11:41:34Z
Add fixed version for CVE-2018-3769/ruby-grape
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14429,7 +14429,7 @@ CVE-2018-19491 (An issue was discovered in post.trm in Gnuplot 5.2.5. This issue
- gnuplot5 <removed> (unimportant)
NOTE: https://sourceforge.net/p/gnuplot/bugs/2094/
NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
- NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source
+ NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source,
NOTE: see README.Debian.security (added in 5.2.6)
CVE-2018-19490 (An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue ...)
{DLA-1597-1 DLA-1595-1}
@@ -14437,7 +14437,7 @@ CVE-2018-19490 (An issue was discovered in datafile.c in Gnuplot 5.2.5. This iss
- gnuplot5 <removed> (unimportant)
NOTE: https://sourceforge.net/p/gnuplot/bugs/2093/
NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
- NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source
+ NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source,
NOTE: see README.Debian.security (added in 5.2.6)
CVE-2018-19489 (v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a ...)
- qemu 1:3.1+dfsg-1 (bug #914727)
@@ -57283,7 +57283,7 @@ CVE-2018-3771 (An XSS in statics-server <= 0.0.9 can be used via injected ifr
CVE-2018-3770 (A path traversal exists in markdown-pdf version <9.0.0 that allows a ...)
NOT-FOR-US: markdown-pdf nodejs module
CVE-2018-3769 (ruby-grape ruby gem suffers from a cross-site scripting (XSS) ...)
- - ruby-grape <unfixed> (bug #903086)
+ - ruby-grape 1.1.0-1 (bug #903086)
[stretch] - ruby-grape <no-dsa> (Minor issue)
NOTE: https://github.com/ruby-grape/grape/commit/6876b71efc7b03f7ce1be3f075eaa4e7e6de19af
NOTE: https://github.com/ruby-grape/grape/issues/1762
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e919d53bb519d7617fa662b6bd78ea9cc52674ed...5827b31592e7300212279c1d63c341d078a2c083
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e919d53bb519d7617fa662b6bd78ea9cc52674ed...5827b31592e7300212279c1d63c341d078a2c083
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190109/bf0cb5d5/attachment.html>
More information about the debian-security-tracker-commits
mailing list