[Git][security-tracker-team/security-tracker][master] stretch triage

Moritz Muehlenhoff jmm at debian.org
Mon Mar 4 21:37:26 GMT 2019 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
73941fc3 by Moritz Muehlenhoff at 2019-03-04T21:36:52Z
stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39,8 +39,9 @@ CVE-2019-9550 (DhCms through 2017-09-18 has admin.php?r=admin/Index/index XSS. .
 CVE-2019-9549 (An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the ...)
 	NOT-FOR-US: PopojiCMS
 CVE-2019-XXXX [insecure use of /tmp]
-	- bubblewrap 0.3.1-3 (bug #923557)
+	- bubblewrap 0.3.1-3 (unimportant; bug #923557)
 	NOTE: https://github.com/projectatomic/bubblewrap/issues/304
+	NOTE: Negligable security impact
 CVE-2019-1002100 [kube-apiserver: DoS with crafted patch of type json-patch]
 	- kubernetes <unfixed> (bug #923686)
 	NOTE: https://github.com/kubernetes/kubernetes/issues/74534
@@ -5336,6 +5337,7 @@ CVE-2019-7252
 CVE-2019-7251 [Remote crash vulnerability with SDP protocol violation]
 	RESERVED
 	- asterisk <unfixed> (bug #923690)
+	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	[jessie] - asterisk <not-affected> (Vulnerable code introduced later)
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2019-001.html
 CVE-2019-7250 (An issue was discovered in the Cross Reference Add-on 36 for Google ...)
@@ -8953,7 +8955,8 @@ CVE-2018-20685 (In OpenSSH 7.9, scp.c in the scp client allows remote SSH server
 CVE-2018-20682 (Fork CMS 5.0.6 allows stored XSS via the private/en/settings ...)
 	NOT-FOR-US: Fork CMS
 CVE-2018-20681 (mate-screensaver before 1.20.2 in MATE Desktop Environment allows ...)
-	- mate-screensaver 1.20.2-1
+	- mate-screensaver 1.20.2-1 (low)
+	[stretch] - mate-screensaver <no-dsa> (Minor issue)
 	[jessie] - mate-screensaver <not-affected> (Vulnerability only manifests when built against GTK-3.22)
 	NOTE: https://github.com/mate-desktop/mate-screensaver/issues/152
 	NOTE: https://github.com/mate-desktop/mate-screensaver/issues/155
@@ -12991,6 +12994,7 @@ CVE-2019-3842
 	RESERVED
 CVE-2019-3841
 	RESERVED
+	NOT-FOR-US: KubeVirt
 CVE-2019-3840 [NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function]
 	RESERVED
 	- libvirt 5.0.0-1
@@ -43241,6 +43245,8 @@ CVE-2018-12180 [Buffer Overflow in BlockIo service for RAM disk]
 	NOTE: https://lists.01.org/pipermail/edk2-devel/2019-February/037248.html
 	NOTE: https://lists.01.org/pipermail/edk2-devel/2019-February/037249.html
 	NOTE: https://lists.01.org/pipermail/edk2-devel/2019-February/037250.html
+	NOTE: https://github.com/tianocore/edk2/commit/38c9fbdcaa0219eb86fe82d90e3f8cfb5a54be9f
+	NOTE: https://github.com/tianocore/edk2/commit/fccdb88022c1f6d85c773fce506b10c879063f1d
 CVE-2018-12179
 	RESERVED
 CVE-2018-12178 [improper DNS packet size check]
@@ -43248,6 +43254,7 @@ CVE-2018-12178 [improper DNS packet size check]
 	- edk2 <unfixed>
 	[jessie] - edk2 <end-of-life> (non-free is not supported)
 	NOTE: https://lists.01.org/pipermail/edk2-devel/2019-February/037251.html
+	NOTE: https://github.com/tianocore/edk2/commit/84110bbe4bb3a346514b9bb12eadb7586bca7dfd
 CVE-2018-12177 (Improper directory permissions in the ZeroConfig service in Intel(R) ...)
 	NOT-FOR-US: Intel PROSet/Wireless WiFi Software
 CVE-2018-12176 (Improper input validation in firmware for Intel NUC Kits may allow a ...)
@@ -67370,9 +67377,10 @@ CVE-2018-3631
 	RESERVED
 CVE-2018-3630 [Logic error in FV parsing in MdeModulePkg\Core\Pei\FwVol\FwVol.c]
 	RESERVED
-	- edk2 <undetermined>
+	- edk2 <unfixed> (unimportant)
 	[jessie] - edk2 <end-of-life> (non-free is not supported)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1683653
+	NOTE: No security impact
 CVE-2018-3629 (Buffer overflow in event handler in Intel Active Management Technology ...)
 	NOT-FOR-US: Intel
 CVE-2018-3628 (Buffer overflow in HTTP handler in Intel Active Management Technology ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/73941fc35173e67bcacf7a932b1b751268133af8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/73941fc35173e67bcacf7a932b1b751268133af8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190304/bd92feda/attachment.html>

More information about the debian-security-tracker-commits mailing list