[Git][security-tracker-team/security-tracker][master] buster/stretch triage

Moritz Muehlenhoff jmm at debian.org
Mon Jul 15 16:18:26 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
df41bc15 by Moritz Muehlenhoff at 2019-07-15T15:17:47Z
buster/stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1035,7 +1035,9 @@ CVE-2019-13163
 CVE-2019-13162
 	RESERVED
 CVE-2019-13161 (An issue was discovered in Asterisk Open Source through 13.27.0, 14.x  ...)
-	- asterisk 1:16.2.1~dfsg-2 (bug #931981)
+	- asterisk 1:16.2.1~dfsg-2 (low; bug #931981)
+	[buster] - asterisk <no-dsa> (Minor issue)
+	[stretch] - asterisk <no-dsa> (Minor issue)
 	NOTE: http://downloads.digium.com/pub/security/AST-2019-003.html
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28465
 CVE-2019-13160
@@ -1537,6 +1539,8 @@ CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in cod
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24
 CVE-2019-12973 (In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_c ...)
 	- openjpeg2 <unfixed> (bug #931292)
+	[buster] - openjpeg2 <no-dsa> (Minor issue)
+	[stretch] - openjpeg2 <no-dsa> (Minor issue)
 	[jessie] - openjpeg2 <not-affected> (vulnerable code is not present)
 	NOTE: https://github.com/uclouvain/openjpeg/pull/1185
 	NOTE: https://github.com/uclouvain/openjpeg/commit/21399f6b7d318fcdf4406d5e88723c4922202aa3
@@ -1922,6 +1926,8 @@ CVE-2019-12828 (An issue was discovered in Electronic Arts Origin before 10.5.39
 	NOT-FOR-US: Electronic Arts Origin
 CVE-2019-12827 (Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13. ...)
 	- asterisk 1:16.2.1~dfsg-2 (bug #931980)
+	[buster] - asterisk <no-dsa> (Minor issue)
+	[stretch] - asterisk <no-dsa> (Minor issue)
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2019-002.html
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28447
 CVE-2019-12826 (A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php  ...)
@@ -9572,18 +9578,23 @@ CVE-2019-9888
 	RESERVED
 CVE-2019-1010319 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialize ...)
 	- wavpack 5.1.0-7 (low; bug #932061)
+	[buster] - wavpack <no-dsa> (Minor issue)
+	[stretch] - wavpack <no-dsa> (Minor issue)
 	NOTE: https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe
 	NOTE: https://github.com/dbry/WavPack/issues/68
 CVE-2019-1010318
 	REJECTED
 CVE-2019-1010317 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialize ...)
 	- wavpack 5.1.0-7 (low; bug #932060)
+	[buster] - wavpack <no-dsa> (Minor issue)
+	[stretch] - wavpack <no-dsa> (Minor issue)
 	NOTE: https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b
 	NOTE: https://github.com/dbry/WavPack/issues/66
 CVE-2019-1010316 (pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. Th ...)
 	NOT-FOR-US: pyxtrlock
 CVE-2019-1010315 (WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The i ...)
 	- wavpack 5.1.0-6 (low)
+	[stretch] - wavpack <no-dsa> (Minor issue)
 	NOTE: https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc
 	NOTE: https://github.com/dbry/WavPack/issues/65
 CVE-2019-1010314 (Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The imp ...)
@@ -45868,8 +45879,8 @@ CVE-2018-15912 (An issue was discovered in manjaro-update-system.sh in manjaro-s
 	NOT-FOR-US: manjaro-update-system.sh in manjaro-system on Manjaro Linux
 CVE-2018-15919 (Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 co ...)
 	- openssh <unfixed> (low; bug #907503)
-	[buster] - openssh <no-dsa> (Minor issue)
-	[stretch] - openssh <no-dsa> (Minor issue)
+	[buster] - openssh <ignored> (Minor issue)
+	[stretch] - openssh <ignored> (Minor issue)
 	[jessie] - openssh <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/08/27/2
 CVE-2018-15911 (In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to suppl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df41bc15aa0493081cb199b42ea7c2da4a2826b5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df41bc15aa0493081cb199b42ea7c2da4a2826b5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190715/3d1bace5/attachment.html>

More information about the debian-security-tracker-commits mailing list