[Git][security-tracker-team/security-tracker][master] calamares-settings-debian no-dsa
Moritz Muehlenhoff
jmm at debian.org
Mon Jul 8 21:47:38 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8e5f1c21 by Moritz Muehlenhoff at 2019-07-08T20:47:14Z
calamares-settings-debian no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -607,6 +607,7 @@ CVE-2019-13180
CVE-2019-13179 (Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile ...)
- calamares 3.2.11-1 (bug #931392)
- calamares-settings-debian 10.0.23-1 (bug #931373)
+ [buster] - calamares-settings-debian <no-dsa> (Will be fixed via Buster point release)
NOTE: https://github.com/calamares/calamares/issues/1191
NOTE: https://github.com/calamares/calamares/commit/003096698627a527b589c0c929dda4d58f23fd93
NOTE: The issue itself can be adressed as well via calamares-settings-debian and
@@ -615,9 +616,10 @@ CVE-2019-13179 (Calamares versions 3.1 through 3.2.10 copies a LUKS encryption k
NOTE: https://github.com/calamares/calamares/commit/43eb664e7d44d963bb7b82d03215d84b47100ba0
NOTE: Fixed by: https://github.com/calamares/calamares/commit/c9b675cbc64ac5aab35ddd86a64311abd50f7720
CVE-2019-13178 (modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2. ...)
- - calamares 3.2.11-1 (bug #931391)
+ - calamares 3.2.11-1 (unimportant; bug #931391)
NOTE: https://github.com/calamares/calamares/issues/1190
NOTE: Fixed by: https://github.com/calamares/calamares/commit/c9b675cbc64ac5aab35ddd86a64311abd50f7720
+ NOTE: Negligible security impact, Debian live media grant a sudo root shell anyway
CVE-2019-13177 (verification.py in django-rest-registration (aka Django REST Registrat ...)
NOT-FOR-US: django-rest-registration
CVE-2019-13176
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8e5f1c21f7af00aec6974508ce4ad1b4bdc530c2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8e5f1c21f7af00aec6974508ce4ad1b4bdc530c2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190708/0dad5e84/attachment.html>
More information about the debian-security-tracker-commits
mailing list