[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff jmm at debian.org
Tue Jun 25 21:46:21 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c4033775 by Moritz Muehlenhoff at 2019-06-25T20:45:50Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -245,6 +245,7 @@ CVE-2019-12856
 	RESERVED
 CVE-2019-12855 (In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP su ...)
 	- twisted <unfixed> (bug #930626)
+	[buster] - twisted <no-dsa> (Minor issue)
 	[stretch] - twisted <no-dsa> (Minor issue)
 	[jessie] - twisted <no-dsa> (Minor issue)
 	NOTE: https://github.com/twisted/twisted/pull/1147
@@ -1098,15 +1099,21 @@ CVE-2019-12485
 CVE-2019-12484
 	RESERVED
 CVE-2019-12483 (An issue was discovered in GPAC 0.7.1. There is a heap-based buffer ov ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #931088)
+	[buster] - gpac <no-dsa> (Minor issue)
+	[stretch] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/1249
 	NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1
 CVE-2019-12482 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer derefer ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #931088)
+	[buster] - gpac <no-dsa> (Minor issue)
+	[stretch] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/1249
 	NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1
 CVE-2019-12481 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer derefer ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #931088)
+	[buster] - gpac <no-dsa> (Minor issue)
+	[stretch] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/1249
 	NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1
 CVE-2019-12480 (BACnet Protocol Stack through 0.8.6 could allow an unauthenticated, re ...)
@@ -1393,6 +1400,7 @@ CVE-2019-12388
 	RESERVED
 CVE-2019-12387 (In Twisted before 19.2.1, twisted.web did not validate or sanitize URI ...)
 	- twisted <unfixed> (bug #930389)
+	[buster] - twisted <no-dsa> (Minor issue)
 	[stretch] - twisted <no-dsa> (Minor issue)
 	[jessie] - twisted <no-dsa> (Minor issue)
 	NOTE: https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2
@@ -23347,6 +23355,8 @@ CVE-2019-3812 (QEMU, through version 2.10 and through version 3.1.0, is vulnerab
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=78c71af8049c40657b646d9dd722867fa15c0f1b
 CVE-2019-3811 (A vulnerability was found in sssd. If a user was configured with no ho ...)
 	{DLA-1635-1}
+	[buster] - sssd <no-dsa> (Minor issue)
+	[stretch] - sssd <no-dsa> (Minor issue)
 	- sssd <unfixed> (bug #919051)
 	NOTE: Upstream ticket: https://pagure.io/SSSD/sssd/issue/3901
 	NOTE: Pull request: https://github.com/SSSD/sssd/pull/703
@@ -41418,6 +41428,7 @@ CVE-2018-16884 (A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1660375
 CVE-2018-16883 (sssd versions from 1.13.0 to before 2.0.0 did not properly restrict ac ...)
 	- sssd <unfixed> (bug #916824)
+	[buster] - sssd <no-dsa> (Minor issue)
 	[stretch] - sssd <no-dsa> (Minor issue)
 	[jessie] - sssd <not-affected> (Issue got introduced with 1.13.0)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1659862
@@ -41687,6 +41698,8 @@ CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer o
 	NOTE: Fixed by: https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5
 CVE-2018-16838 (A flaw was found in sssd Group Policy Objects implementation. When the ...)
 	- sssd <unfixed>
+	[buster] - sssd <no-dsa> (Minor issue)
+	[stretch] - sssd <no-dsa> (Minor issue)
 	[jessie] - sssd <not-affected> (GPO based access control introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1640820
 	NOTE: GPO based access control introduced in https://github.com/SSSD/sssd/commit/60cab26b12
@@ -57704,6 +57717,8 @@ CVE-2018-10853 (A flaw was found in the way Linux kernel KVM hypervisor before 4
 	NOTE: Fixed by: https://git.kernel.org/linus/3c9fa24ca7c9c47605672916491f79e8ccacb9e6
 CVE-2018-10852 (The UNIX pipe which sudo uses to contact SSSD and read the available s ...)
 	{DLA-1429-1}
+	[buster] - sssd <no-dsa> (Minor issue)
+	[stretch] - sssd <no-dsa> (Minor issue)
 	- sssd <unfixed> (bug #902860)
 	NOTE: https://pagure.io/SSSD/sssd/issue/3766
 CVE-2018-10851 (PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4033775c5141833ea637b88b4fb427fd1c725b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4033775c5141833ea637b88b4fb427fd1c725b8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190625/dc957b6d/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list