[Git][security-tracker-team/security-tracker][master] new vbox issue

Moritz Muehlenhoff jmm at debian.org
Thu Jan 17 19:28:11 GMT 2019 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
23470593 by Moritz Muehlenhoff at 2019-01-17T19:27:22Z
new vbox issue
resolve some older TODOs which don't require further actions

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8159,7 +8159,7 @@ CVE-2018-20172 (An issue was discovered in Nagios XI before 5.5.8. The rss_url .
 CVE-2018-20171 (An issue was discovered in Nagios XI before 5.5.8. The url parameter of ...)
 	NOT-FOR-US: Nagios XI
 CVE-2018-20170 (** DISPUTED ** OpenStack Keystone through 14.0.1 has a user enumeration ...)
-	TODO: check
+	NOT-FOR-US: Disputed issue in Keystone, no need to track for src:keystone
 CVE-2018-20169 (An issue was discovered in the Linux kernel before 4.19.9. The USB ...)
 	- linux 4.19.9-1
 	NOTE: https://git.kernel.org/linus/704620afc70cf47abb9d6a1a57f3825d2bca49cf
@@ -28848,7 +28848,6 @@ CVE-2018-14666 [Smart class parameters allow users to access other organizations
 	RESERVED
 	- foreman <itp> (bug #663101)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1638156
-	TODO: double-check, it looks the issue is in the "Smart Class feature of Foreman"
 CVE-2018-14665 (A flaw was found in xorg-x11-server before 1.20.3. An incorrect ...)
 	{DSA-4328-1}
 	- xorg-server 2:1.20.3-1
@@ -47320,7 +47319,6 @@ CVE-2017-18220 (The ReadOneJNGImage and ReadJNGImage functions in coders/png.c i
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98721124e51f
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/438/
 	NOTE: Issue is related to CVE-2017-11403 but not the same issue.
-	TODO: check, needs clarification, the issue is CloseBlob use-after-free
 CVE-2017-18219 (An issue was discovered in GraphicsMagick 1.3.26. An allocation failure ...)
 	{DSA-4321-1 DLA-1456-1 DLA-1322-1}
 	- graphicsmagick 1.3.27-1
@@ -58699,7 +58697,6 @@ CVE-2018-3847 (Multiple exploitable buffer overflow vulnerabilities exist in ima
 	[stretch] - cfitsio <no-dsa> (Minor issue)
 	[jessie] - cfitsio <no-dsa> (Minor issue)
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0530
-	TODO: double-check
 CVE-2018-3846 (In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially ...)
 	- cfitsio 3.430-1 (low; bug #892458)
 	[stretch] - cfitsio <no-dsa> (Minor issue)
@@ -61064,7 +61061,8 @@ CVE-2018-3311 (Vulnerability in the Oracle Retail Xstore Payment component of Or
 CVE-2018-3310
 	RESERVED
 CVE-2018-3309 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
-	TODO: check
+	- virtualbox 5.2.22-dfsg-1
+	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
 CVE-2018-3308
 	RESERVED
 CVE-2018-3307



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23470593a9936bf05cfe0224bff6ff13bc586014

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23470593a9936bf05cfe0224bff6ff13bc586014
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190117/6d54a272/attachment.html>

More information about the debian-security-tracker-commits mailing list