[Git][security-tracker-team/security-tracker][master] 2 commits: Use same note for CVE-2018-1949{0,1,2}

Wed Jan 9 11:43:43 GMT 2019

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ef692689 by Salvatore Bonaccorso at 2019-01-09T11:32:08Z
Use same note for CVE-2018-1949{0,1,2}

- - - - -
5827b315 by Salvatore Bonaccorso at 2019-01-09T11:41:34Z
Add fixed version for CVE-2018-3769/ruby-grape

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14429,7 +14429,7 @@ CVE-2018-19491 (An issue was discovered in post.trm in Gnuplot 5.2.5. This issue
 	- gnuplot5 <removed> (unimportant)
 	NOTE: https://sourceforge.net/p/gnuplot/bugs/2094/
 	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
-	NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source
+	NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source,
 	NOTE: see README.Debian.security (added in 5.2.6)
 CVE-2018-19490 (An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue ...)
 	{DLA-1597-1 DLA-1595-1}
@@ -14437,7 +14437,7 @@ CVE-2018-19490 (An issue was discovered in datafile.c in Gnuplot 5.2.5. This iss
 	- gnuplot5 <removed> (unimportant)
 	NOTE: https://sourceforge.net/p/gnuplot/bugs/2093/
 	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
-	NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source
+	NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source,
 	NOTE: see README.Debian.security (added in 5.2.6)
 CVE-2018-19489 (v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a ...)
 	- qemu 1:3.1+dfsg-1 (bug #914727)
@@ -57283,7 +57283,7 @@ CVE-2018-3771 (An XSS in statics-server <= 0.0.9 can be used via injected ifr
 CVE-2018-3770 (A path traversal exists in markdown-pdf version <9.0.0 that allows a ...)
 	NOT-FOR-US: markdown-pdf nodejs module
 CVE-2018-3769 (ruby-grape ruby gem suffers from a cross-site scripting (XSS) ...)
-	- ruby-grape <unfixed> (bug #903086)
+	- ruby-grape 1.1.0-1 (bug #903086)
 	[stretch] - ruby-grape <no-dsa> (Minor issue)
 	NOTE: https://github.com/ruby-grape/grape/commit/6876b71efc7b03f7ce1be3f075eaa4e7e6de19af
 	NOTE: https://github.com/ruby-grape/grape/issues/1762



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e919d53bb519d7617fa662b6bd78ea9cc52674ed...5827b31592e7300212279c1d63c341d078a2c083

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e919d53bb519d7617fa662b6bd78ea9cc52674ed...5827b31592e7300212279c1d63c341d078a2c083
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190109/bf0cb5d5/attachment.html>
