[Git][security-tracker-team/security-tracker][master] libxslt no-dsa
Moritz Muehlenhoff
jmm at debian.org
Tue Jul 16 11:11:25 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6fe2824f by Moritz Muehlenhoff at 2019-07-16T10:10:55Z
libxslt no-dsa
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -713,6 +713,7 @@ CVE-2014-10201
RESERVED
CVE-2014-10200
RESERVED
+ NOT-FOR-US: OpenShift
CVE-2014-1020
RESERVED
CVE-2014-10199
@@ -2140,12 +2141,16 @@ CVE-2019-13120
CVE-2019-13119
RESERVED
CVE-2019-13118 (In numbers.c in libxslt 1.1.33, a type holding grouping characters of ...)
- - libxslt <unfixed> (bug #931320)
+ - libxslt <unfixed> (low; bug #931320)
+ [buster] - libxslt <no-dsa> (Minor issue)
+ [stretch] - libxslt <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
NOTE: https://oss-fuzz.com/testcase-detail/5197371471822848
CVE-2019-13117 (In numbers.c in libxslt 1.1.33, an xsl:number with certain format stri ...)
- - libxslt <unfixed> (bug #931321)
+ - libxslt <unfixed> (low; bug #931321)
+ [buster] - libxslt <no-dsa> (Minor issue)
+ [stretch] - libxslt <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
NOTE: https://oss-fuzz.com/testcase-detail/5631739747106816
@@ -136965,8 +136970,7 @@ CVE-2017-2479 (An issue was discovered in certain Apple products. iOS before 10.
CVE-2017-2478 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
NOT-FOR-US: Apple involving Kernel component
CVE-2017-2477 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
- - libxslt <undetermined>
- NOTE: contacted Apple for more information, but no reply for quite a while
+ NOT-FOR-US: Potentially src:libxslt, but Apple doesn't play by the rules
CVE-2017-2476 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
- webkit2gtk 2.14.6-1 (unimportant)
NOTE: Not covered by security support
@@ -159021,7 +159025,7 @@ CVE-2016-4608 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes be
- libxslt 1.1.29-1
NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/5d0c6565bab5b9b7efceb33b626916d22b4101a7 (v1.1.29-rc1)
CVE-2016-4607 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
- - libxslt <undetermined>
+ NOT-FOR-US: Potentially src:libxslt, but Apple doesn't play by the rules
NOTE: contacted Apple for more information, but no reply for quite a while.
NOTE: Apple still does not provide information on this CVE, although it is
NOTE: possible that it's fixed in 1.1.29 upstream.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fe2824f42cde559937d72eb4bd5d305935b7d57
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fe2824f42cde559937d72eb4bd5d305935b7d57
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190716/6a657762/attachment.html>
More information about the debian-security-tracker-commits
mailing list