[Git][security-tracker-team/security-tracker][master] buster triage

Tue Jun 25 23:13:55 BST 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0e9346d0 by Moritz Muehlenhoff at 2019-06-25T22:13:28Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7022,9 +7022,10 @@ CVE-2019-10157 (It was found that Keycloak's Node.js adapter before version 4.8.
 	NOT-FOR-US: Keycloak
 CVE-2019-10156 [templating causing an unexpected key file to be set on remote node]
 	RESERVED
-	- ansible <unfixed> (bug #930065)
+	- ansible <unfixed> (low; bug #930065)
+	[buster] - ansible <no-dsa> (Minor issue)
+	[stretch] - ansible <no-dsa> (Minor issue)
 	NOTE: https://github.com/ansible/ansible/pull/57188
-	TODO: check details
 CVE-2019-10155 (The Libreswan Project has found a vulnerability in the processing of I ...)
 	- libreswan 3.27-6 (bug #930338)
 	- strongswan 5.1.0-1
@@ -47641,6 +47642,7 @@ CVE-2018-14568 (Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST
 CVE-2018-14567 (libxml2 2.9.8, if --with-lzma is used, allows remote attackers to caus ...)
 	{DLA-1524-1}
 	- libxml2 <unfixed>
+	[buster] - libxml2 <no-dsa> (Minor issue)
 	[stretch] - libxml2 <postponed> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/13 (not public yet)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
@@ -61844,7 +61846,8 @@ CVE-2018-9251 (The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzm
 	NOTE: is applied.
 CVE-2017-18258 (The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote  ...)
 	{DLA-1524-1}
-	- libxml2 <unfixed> (bug #895245)
+	- libxml2 <unfixed> (low; bug #895245)
+	[buster] - libxml2 <no-dsa> (Minor issue)
 	[stretch] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914)
 	[wheezy] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=786696



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0e9346d0e4462d5c1e20efc44032d7808fd55871

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0e9346d0e4462d5c1e20efc44032d7808fd55871
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190625/4c8b7e15/attachment.html>
