[Git][security-tracker-team/security-tracker][master] ntpsec fixed

Thu Jan 17 15:33:46 GMT 2019

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
884e09fb by Moritz Muehlenhoff at 2019-01-17T15:32:41Z
ntpsec fixed
add two more historic chromium CVEs
add CVE ID assigned by Red Hat for systemd memleak in backported journald fix

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -131,13 +131,13 @@ CVE-2019-6446 (An issue was discovered in NumPy 1.16.0 and earlier. It uses the
 	- python-numpy <unfixed>
 	NOTE: https://github.com/numpy/numpy/issues/12759
 CVE-2019-6445 (An issue was discovered in NTPsec before 1.1.3. An authenticated ...)
-	- ntpsec <unfixed> (bug #919513)
+	- ntpsec 1.1.3+dfsg1-1 (bug #919513)
 CVE-2019-6444 (An issue was discovered in NTPsec before 1.1.3. process_control() in ...)
-	- ntpsec <unfixed> (bug #919513)
+	- ntpsec 1.1.3+dfsg1-1 (bug #919513)
 CVE-2019-6443 (An issue was discovered in NTPsec before 1.1.3. Because of a bug in ...)
-	- ntpsec <unfixed> (bug #919513)
+	- ntpsec 1.1.3+dfsg1-1 (bug #919513)
 CVE-2019-6442 (An issue was discovered in NTPsec before 1.1.3. An authenticated ...)
-	- ntpsec <unfixed> (bug #919513)
+	- ntpsec 1.1.3+dfsg1-1 (bug #919513)
 CVE-2019-6441
 	RESERVED
 CVE-2019-6440 (Zemana AntiMalware before 3.0.658 Beta mishandles update logic. ...)
@@ -5729,6 +5729,10 @@ CVE-2019-3816
 	RESERVED
 CVE-2019-3815
 	RESERVED
+	- systemd <not-affected> (This only affected backports to older suites, not the version in sid)
+	[stretch] - systemd 232-25+deb9u8
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3815
+	NOTE: For stable it affected DSA-4367-1 and was corrected in DSA-4367-2
 CVE-2019-3814
 	RESERVED
 CVE-2019-3813
@@ -12718,7 +12722,6 @@ CVE-2018-19865 (A keystroke logging issue was discovered in Virtual Keyboard in
 	[experimental] - qtvirtualkeyboard-opensource-src 5.11.3+dfsg-1
 	- qtvirtualkeyboard-opensource-src 5.11.3+dfsg-2
 	NOTE: http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
-	TODO: check for completeness
 CVE-2018-19864 (NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows ...)
 	NOT-FOR-US: NUUO NVRmini2 Network Video Recorder firmware
 CVE-2018-19863 (An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on ...)
@@ -75466,7 +75469,9 @@ CVE-2017-15429 (Inappropriate implementation in V8 WebAssembly JS bindings in Go
 	- libv8 <unfixed> (unimportant)
 	NOTE: libv8 not covered by security support
 CVE-2017-15428 (Insufficient data validation in V8 builtins string generator could ...)
-	TODO: check
+	- chromium-browser 63.0.3239.84-1
+	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
+	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 CVE-2017-15427 (Insufficient policy enforcement in Omnibox in Google Chrome prior to ...)
 	{DSA-4064-1}
 	- chromium-browser 63.0.3239.84-1
@@ -85473,7 +85478,8 @@ CVE-2017-12202
 CVE-2017-12201
 	RESERVED
 CVE-2016-10403 (Insufficient data validation on image data in PDFium in Google Chrome ...)
-	TODO: check
+	- chromium-browser 51.0.2704.63-1
+	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 CVE-2017-12425 (An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, ...)
 	{DSA-3924-1}
 	- varnish 5.0.0-7.1 (bug #870467)


=====================================
data/DSA/list
=====================================
@@ -1028,7 +1028,7 @@
 	{CVE-2017-3737 CVE-2017-3738}
 	[stretch] - openssl1.0 1.0.2l-2+deb9u2
 [12 Dec 2017] DSA-4064-1 chromium-browser - security update
-	{CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427}
+	{CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427 CVE-2017-15428}
 	[stretch] - chromium-browser 63.0.3239.84-1~deb9u1
 [11 Dec 2017] DSA-4063-1 pdns-recursor - security update
 	{CVE-2017-15120}
@@ -2605,7 +2605,7 @@
 	{CVE-2016-5118}
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u3
 [01 Jun 2016] DSA-3590-1 chromium-browser - security update
-	{CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670 CVE-2016-1672 CVE-2016-1673 CVE-2016-1674 CVE-2016-1675 CVE-2016-1676 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679 CVE-2016-1680 CVE-2016-1681 CVE-2016-1682 CVE-2016-1683 CVE-2016-1684 CVE-2016-1685 CVE-2016-1686 CVE-2016-1687 CVE-2016-1688 CVE-2016-1689 CVE-2016-1690 CVE-2016-1691 CVE-2016-1692 CVE-2016-1693 CVE-2016-1694 CVE-2016-1695}
+	{CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670 CVE-2016-1672 CVE-2016-1673 CVE-2016-1674 CVE-2016-1675 CVE-2016-1676 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679 CVE-2016-1680 CVE-2016-1681 CVE-2016-1682 CVE-2016-1683 CVE-2016-1684 CVE-2016-1685 CVE-2016-1686 CVE-2016-1687 CVE-2016-1688 CVE-2016-1689 CVE-2016-1690 CVE-2016-1691 CVE-2016-1692 CVE-2016-1693 CVE-2016-1694 CVE-2016-1695 CVE-2016-10403}
 	[jessie] - chromium-browser 51.0.2704.63-1~deb8u1
 [30 May 2016] DSA-3589-1 gdk-pixbuf - security update
 	{CVE-2015-7552 CVE-2015-8875}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/884e09fb99e7d4d97c5982c4f1f49def2434feb7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/884e09fb99e7d4d97c5982c4f1f49def2434feb7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190117/8b652841/attachment-0001.html>
