[Git][security-tracker-team/security-tracker][master] stretch triage

Tue Mar 5 20:38:44 GMT 2019

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e4248732 by Moritz Muehlenhoff at 2019-03-05T20:38:13Z
stretch triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4561,21 +4561,25 @@ CVE-2019-7542
 CVE-2018-20763 (In GPAC through 0.7.2, gf_text_get_utf8_line in ...)
 	{DLA-1693-1}
 	- gpac <unfixed> (bug #921969)
+	[stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update)
 	NOTE: https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd
 	NOTE: https://github.com/gpac/gpac/issues/1188
 CVE-2018-20762 (GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in ...)
 	{DLA-1693-1}
 	- gpac <unfixed> (bug #921969)
+	[stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update)
 	NOTE: https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658
 	NOTE: https://github.com/gpac/gpac/issues/1187
 CVE-2018-20761 (GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in ...)
 	{DLA-1693-1}
 	- gpac <unfixed> (bug #921969)
+	[stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update)
 	NOTE: https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658
 	NOTE: https://github.com/gpac/gpac/issues/1186
 CVE-2018-20760 (In GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in ...)
 	{DLA-1693-1}
 	- gpac <unfixed> (bug #921969)
+	[stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update)
 	NOTE: https://github.com/gpac/gpac/commit/4c1360818fc8948e9307059fba4dc47ba8ad255d
 	NOTE: https://github.com/gpac/gpac/issues/1177
 CVE-2019-7541
@@ -30982,6 +30986,7 @@ CVE-2018-16870 (It was found that wolfssl before 3.15.7 is vulnerable to a new v
 	NOTE: https://github.com/wolfSSL/wolfssl/pull/1950
 CVE-2018-16869 (A Bleichenbacher type side-channel based padding oracle attack was ...)
 	- nettle 3.4.1~rc1-1
+	[stretch] - nettle <no-dsa> (Minor issue)
 	NOTE: http://cat.eyalro.net/
 	NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007363.html
 	NOTE: The upstream correction is to make a new public function that packages using
@@ -38471,6 +38476,7 @@ CVE-2018-14037 (Cross-site scripting (XSS) vulnerability in Progress Kendo UI Ed
 	NOT-FOR-US: Progress Kendo UI Editor
 CVE-2018-1000211 (Doorkeeper version 4.2.0 and later contains a Incorrect Access Control ...)
 	- ruby-doorkeeper 4.4.2-1 (bug #903980)
+	[stretch] - ruby-doorkeeper <no-dsa> (Minor issue)
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/891
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1119
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1031
@@ -40793,12 +40799,12 @@ CVE-2018-13007 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-ba
 CVE-2018-13006 (An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based ...)
 	{DLA-1432-1}
 	- gpac <unfixed> (bug #902782)
-	[stretch] - gpac <no-dsa> (Minor issue)
+	[stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update)
 	NOTE: https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86
 CVE-2018-13005 (An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read ...)
 	{DLA-1432-1}
 	- gpac <unfixed> (bug #902782)
-	[stretch] - gpac <no-dsa> (Minor issue)
+	[stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update)
 	NOTE: https://github.com/gpac/gpac/issues/1088
 	NOTE: https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86
 CVE-2018-13004
@@ -55075,7 +55081,7 @@ CVE-2018-7719 (Acrolinx Server before 5.2.5 on Windows allows Directory Traversa
 CVE-2018-7752 (GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps ...)
 	{DLA-1693-1}
 	- gpac <unfixed> (bug #892526)
-	[stretch] - gpac <no-dsa> (Minor issue)
+	[stretch] - gpac <no-dsa> (Minor issue, will be fixed via point release)
 	[wheezy] - gpac <not-affected> (vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/997
 	NOTE: https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4
@@ -56603,6 +56609,7 @@ CVE-2018-1000089 (Anymail django-anymail version version 0.2 through 1.3 contain
 	NOTE: https://github.com/anymail/django-anymail/commit/1a6086f2b58478d71f89bf27eb034ed81aefe5ef
 CVE-2018-1000088 (Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting ...)
 	- ruby-doorkeeper 4.3.1-1 (bug #891069)
+	[stretch] - ruby-doorkeeper <no-dsa> (Minor issue)
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/969
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/970
 CVE-2018-1000087 (WolfCMS version version 0.8.3.1 contains a Reflected Cross Site ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -38,7 +38,7 @@ mariadb-10.1
 --
 mercurial
 
-mumble
+mumble (jmm)
 --
 nss
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e42487324fbc083637e33f723bf9a25e5986d1db

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e42487324fbc083637e33f723bf9a25e5986d1db
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190305/55d55cf0/attachment.html>
