[Git][security-tracker-team/security-tracker][master] buster/stretch triage
Moritz Muehlenhoff
jmm at debian.org
Thu Jul 25 21:45:03 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a91e6df6 by Moritz Muehlenhoff at 2019-07-25T20:42:27Z
buster/stretch triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1346,7 +1346,9 @@ CVE-2019-13619 (In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15870
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7e90aed666e809c0db5de9d1816802a7dcea28d9
CVE-2019-13618 (In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-bas ...)
- - gpac <unfixed> (bug #932242)
+ - gpac <unfixed> (low; bug #932242)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1250
NOTE: https://github.com/gpac/gpac/commit/c23d54ed15a70b4543e3191e6ead5097cda0878b
CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in ...)
@@ -2589,6 +2591,7 @@ CVE-2019-13510
RESERVED
CVE-2019-13509 (In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06. ...)
- docker.io <unfixed> (bug #932673)
+ [buster] - docker.io <no-dsa> (Minor issue)
CVE-2019-13508
RESERVED
CVE-2019-13507 (hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. ...)
@@ -2725,7 +2728,9 @@ CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplic
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1629
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4
CVE-2019-13453 (Zipios before 0.1.7 does not properly handle certain malformed zip arc ...)
- - zipios++ <unfixed> (bug #932556)
+ - zipios++ <unfixed> (low; bug #932556)
+ [buster] - zipios++ <no-dsa> (Minor issue)
+ [stretch] - zipios++ <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/
NOTE: Patch: https://sourceforge.net/p/zipios/code-git/ci/96e26640573410709bb863b8916a8216f4c6a546/tree/infinite_loop.patch
CVE-2019-13452
@@ -5293,10 +5298,12 @@ CVE-2018-20840 (An unhandled exception vulnerability exists during Google Sign-I
NOT-FOR-US: Google Sign-In
CVE-2019-12499 (Firejail before 0.9.60 allows truncation (resizing to length 0) of the ...)
- firejail 0.9.58.2-2 (bug #929733)
+ [stretch] - firejail <no-dsa> (Minor issue)
NOTE: https://github.com/netblue30/firejail/issues/2401
NOTE: https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134
CVE-2019-12589 (In Firejail before 0.9.60, seccomp filters are writable inside the jai ...)
- firejail 0.9.58.2-2 (bug #929732)
+ [stretch] - firejail <no-dsa> (Minor issue)
NOTE: https://github.com/netblue30/firejail/issues/2718
NOTE: https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134
CVE-2019-12456 (** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl ...)
@@ -12247,7 +12254,8 @@ CVE-2019-1010230
CVE-2019-1010229
RESERVED
CVE-2019-1010228 (OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The im ...)
- - dcmtk 3.6.4-1
+ - dcmtk 3.6.4-1 (low)
+ [stretch] - dcmtk <no-dsa> (Minor issue)
NOTE: https://support.dcmtk.org/redmine/issues/858
NOTE: https://github.com/commontk/DCMTK/commit/40917614e
CVE-2019-1010227
=====================================
data/dsa-needed.txt
=====================================
@@ -17,6 +17,8 @@ If needed, specify the release by adding a slash after the name of the source pa
--
chromium
--
+evince/oldstable
+--
faad2
not yet fixed upstream
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a91e6df6625f9c4b3612ff709daa0129c7ad3819
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a91e6df6625f9c4b3612ff709daa0129c7ad3819
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190725/83e73bcd/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list