[Git][security-tracker-team/security-tracker][master] one nagios issue unimportant

Tue Jan 29 23:20:00 GMT 2019

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bdeff3da by Moritz Muehlenhoff at 2019-01-29T23:19:22Z
one nagios issue unimportant
yum commits
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21635,11 +21635,12 @@ CVE-2018-18246 (Icinga Web 2 before 2.6.2 has CSRF via ...)
 	NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180027.txt
 CVE-2018-18245 (Nagios Core 4.4.2 has XSS via the alert summary reports of plugin ...)
 	{DLA-1615-1}
-	- nagios4 <unfixed> (bug #917138)
-	- nagios3 <removed>
+	- nagios4 <unfixed> (unimportant; bug #917138)
+	- nagios3 <removed> (unimportant)
 	NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180026.txt
 	NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/602
 	NOTE: Fixed by: https://github.com/NagiosEnterprises/nagioscore/commit/0329033db9a1d0954c304f209ea88824e8f78b8a
+	NOTE: No real security impact, plugins need to be trusted to begin with
 CVE-2018-18244 (Cross-site scripting in syslog.html in VIVOTEK Network Camera Series ...)
 	NOT-FOR-US: VIVOTEK Network Camera
 CVE-2018-18243
@@ -40756,6 +40757,9 @@ CVE-2018-10897 (A directory traversal issue was found in reposync, a part of ...
 	[stretch] - yum-utils <ignored> (Minor issue)
 	[jessie] - yum-utils <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1600221
+	NOTE: https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c
+	NOTE: https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c
+	NOTE: https://github.com/rpm-software-management/yum-utils/pull/43
 CVE-2018-10896 (The default cloud-init configuration, in cloud-init 0.6.2 and newer, ...)
 	NOT-FOR-US: Red Hat-specific packaging flaw of cloud-init default config
 CVE-2018-10895 (qutebrowser before version 1.4.1 is vulnerable to a cross-site request ...)
@@ -47971,6 +47975,7 @@ CVE-2017-18227 (TitanHQ WebTitan Gateway has incorrect certificate validation fo
 	NOT-FOR-US: TitanHQ WebTitan Gateway
 CVE-2017-18226 (The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of ...)
 	- jabberd2 <unfixed> (low; bug #902783)
+	[buster] - jabberd2 <no-dsa> (Minor issue, default init system not affected)
 	[stretch] - jabberd2 <no-dsa> (Minor issue, default init system not affected)
 	NOTE: https://bugs.gentoo.org/631068
 CVE-2017-18225 (The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, ...)
@@ -96005,6 +96010,7 @@ CVE-2017-9272 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be ...)
 	NOT-FOR-US: IDM
 CVE-2017-9271 (The commandline package update tool zypper writes HTTP proxy ...)
 	- zypper <unfixed> (low)
+	[buster] - zypper <ignored> (Minor issue)
 	[jessie] - zypper <ignored> (Minor issue)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1050625
 CVE-2017-9270 (In cryptctl before version 2.0 a malicious server could send RPC ...)
@@ -238613,6 +238619,7 @@ CVE-2012-1097 (The regset (aka register set) feature in the Linux kernel before
 CVE-2012-1096
 	RESERVED
 	- network-manager <unfixed> (low; bug #684259)
+	[buster] - network-manager <ignored> (Minor issue)
 	[stretch] - network-manager <ignored> (Minor issue)
 	[jessie] - network-manager <ignored> (Minor issue)
 	[wheezy] - network-manager <ignored> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bdeff3da368f71f977366fb5f8b941b5c55caf31

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bdeff3da368f71f977366fb5f8b941b5c55caf31
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190129/d23eab30/attachment.html>
