[Git][security-tracker-team/security-tracker][master] buster triage
Moritz Muehlenhoff
jmm at debian.org
Thu Mar 14 21:52:50 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b1bac99d by Moritz Muehlenhoff at 2019-03-14T21:52:28Z
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1556,7 +1556,7 @@ CVE-2019-9170 [IDOR milestone name information disclosure]
- gitlab <unfixed> (bug #924447)
NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9169 (In the GNU C Library (aka glibc or libc6) through 2.29, ...)
- - glibc <unfixed>
+ - glibc <unfixed> (bug #924612)
[stretch] - glibc <no-dsa> (Minor issue)
[jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
@@ -1600,7 +1600,7 @@ CVE-2018-20796 (In the GNU C Library (aka glibc or libc6) through 2.29, ...)
NOTE: No treated as vulnerability: https://sourceware.org/glibc/wiki/Security%20Exceptions
CVE-2009-5155 (In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in ...)
[experimental] - gnulib 20180621~6979c25-1
- - gnulib <unfixed>
+ - gnulib <unfixed> (bug #924613)
- glibc 2.28-1
[stretch] - glibc <no-dsa> (Minor issue)
[jessie] - glibc <no-dsa> (Minor issue)
@@ -5015,35 +5015,35 @@ CVE-2019-7639 (An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29.
NOT-FOR-US: gsi-openssh-server (OpenSSH patched with openssh-7.9p1-gsissh.patch)
CVE-2019-7638 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
{DLA-1714-1 DLA-1713-1}
- - libsdl1.2 <unfixed>
+ - libsdl1.2 <unfixed> (bug #924609)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- - libsdl2 <unfixed>
+ - libsdl2 <unfixed> (bug #924610)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4500
NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf
CVE-2019-7637 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
{DLA-1714-1 DLA-1713-1}
- - libsdl1.2 <unfixed>
+ - libsdl1.2 <unfixed> (bug #924609)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- - libsdl2 <unfixed>
+ - libsdl2 <unfixed> (bug #924610)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4497
NOTE: Proposed patch: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3630
CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
{DLA-1714-1 DLA-1713-1}
- - libsdl1.2 <unfixed>
+ - libsdl1.2 <unfixed> (bug #924609)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- - libsdl2 <unfixed>
+ - libsdl2 <unfixed> (bug #924610)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4499
NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf
CVE-2019-7635 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
{DLA-1714-1 DLA-1713-1}
- - libsdl1.2 <unfixed>
+ - libsdl1.2 <unfixed> (bug #924609)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- - libsdl2 <unfixed>
+ - libsdl2 <unfixed> (bug #924610)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4498
NOTE: Proposed patch: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3637
@@ -5171,59 +5171,59 @@ CVE-2019-7579
RESERVED
CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
{DLA-1714-1 DLA-1713-1}
- - libsdl1.2 <unfixed>
+ - libsdl1.2 <unfixed> (bug #924609)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- - libsdl2 <unfixed>
+ - libsdl2 <unfixed> (bug #924610)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4494
NOTE: Proposed patch: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3623
CVE-2019-7577 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
{DLA-1714-1 DLA-1713-1}
- - libsdl1.2 <unfixed>
+ - libsdl1.2 <unfixed> (bug #924609)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- - libsdl2 <unfixed>
+ - libsdl2 <unfixed> (bug #924610)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4492
NOTE: Proposed patch: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3608
NOTE: Proposed patch: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3694
CVE-2019-7576 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
{DLA-1714-1 DLA-1713-1}
- - libsdl1.2 <unfixed>
+ - libsdl1.2 <unfixed> (bug #924609)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- - libsdl2 <unfixed>
+ - libsdl2 <unfixed> (bug #924610)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4490
NOTE: Proposed patch: https://bugzilla.libsdl.org/attachment.cgi?id=3620&action=diff
NOTE: very similar bug to CVE-2019-7573, fix for CVE-2019-7573 is applicable to this
CVE-2019-7575 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
{DLA-1714-1 DLA-1713-1}
- - libsdl1.2 <unfixed>
+ - libsdl1.2 <unfixed> (bug #924609)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- - libsdl2 <unfixed>
+ - libsdl2 <unfixed> (bug #924610)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4493
NOTE: Proposed patch: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3609
CVE-2019-7574 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
{DLA-1714-1 DLA-1713-1}
- - libsdl1.2 <unfixed>
+ - libsdl1.2 <unfixed> (bug #924609)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- - libsdl2 <unfixed>
+ - libsdl2 <unfixed> (bug #924610)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4496
NOTE: Proposed patch: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3610
CVE-2019-7573 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
{DLA-1714-1 DLA-1713-1}
- - libsdl1.2 <unfixed>
+ - libsdl1.2 <unfixed> (bug #924609)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- - libsdl2 <unfixed>
+ - libsdl2 <unfixed> (bug #924610)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4491
NOTE: Proposed patch: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3620
CVE-2019-7572 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
{DLA-1714-1 DLA-1713-1}
- - libsdl1.2 <unfixed>
+ - libsdl1.2 <unfixed> (bug #924609)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- - libsdl2 <unfixed>
+ - libsdl2 <unfixed> (bug #924610)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4495
NOTE: Proposed patch: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3612
@@ -15165,7 +15165,8 @@ CVE-2018-20540 (There is memory leak at liblas::Open (liblas/liblas.hpp) in libL
NOTE: https://github.com/libLAS/libLAS/issues/158
NOTE: https://github.com/libLAS/libLAS/commit/ba7346d349fb00b18d0c12e226ac3090eac25d7b
CVE-2018-20539 (There is a Segmentation fault triggered by illegal address access at ...)
- - liblas <unfixed>
+ - liblas <unfixed> (low; bug #924614)
+ [buster] - liblas <no-dsa> (Minor issue)
[stretch] - liblas <no-dsa> (Minor issue)
[jessie] - liblas <no-dsa> (Minor issue)
NOTE: https://github.com/libLAS/libLAS/issues/159
@@ -15175,12 +15176,14 @@ CVE-2018-20538 (There is a use-after-free at asm/preproc.c (function pp_getline)
[jessie] - nasm <no-dsa> (Minor issue)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392531
CVE-2018-20537 (There is a NULL pointer dereference at ...)
- - liblas <unfixed>
+ - liblas <unfixed> (low; bug #924614)
+ [buster] - liblas <no-dsa> (Minor issue)
[stretch] - liblas <no-dsa> (Minor issue)
[jessie] - liblas <no-dsa> (Minor issue)
NOTE: https://github.com/libLAS/libLAS/issues/160
CVE-2018-20536 (There is a heap-based buffer over-read at ...)
- - liblas <unfixed>
+ - liblas <unfixed> (low; bug #924614)
+ [buster] - liblas <no-dsa> (Minor issue)
[stretch] - liblas <no-dsa> (Minor issue)
[jessie] - liblas <no-dsa> (Minor issue)
NOTE: https://github.com/libLAS/libLAS/issues/161
@@ -21347,7 +21350,7 @@ CVE-2018-19760 (cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. ...
NOTE: Issue caused by premature exit without cleanup on an error in the caller
NOTE: not in the library; Negligible security impact in itself and disputed.
CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h (function: ...)
- - libsixel <unfixed>
+ - libsixel <undetermined>
NOTE: https://github.com/saitoha/libsixel/issues/77
CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_header in ...)
{DLA-1632-1}
@@ -122912,24 +122915,32 @@ CVE-2016-9843 (The crc32_big function in crc32.c in zlib 1.2.8 might allow ...)
- zlib 1:1.2.8.dfsg-3 (bug #847275)
[jessie] - zlib <no-dsa> (Minor issue)
[wheezy] - zlib <no-dsa> (Minor issue)
+ - rsync <unfixed> (bug #924509)
+ [stretch] - rsync <no-dsa> (Minor issue)
NOTE: https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
CVE-2016-9842 (The inflateMark function in inflate.c in zlib 1.2.8 might allow ...)
- zlib 1:1.2.8.dfsg-3 (bug #847274)
[jessie] - zlib <no-dsa> (Minor issue)
[wheezy] - zlib <no-dsa> (Minor issue)
+ - rsync <unfixed> (bug #924509)
+ [stretch] - rsync <no-dsa> (Minor issue)
NOTE: https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow context-dependent attackers to ...)
- zlib 1:1.2.8.dfsg-4 (bug #847270)
[jessie] - zlib <no-dsa> (Minor issue)
[wheezy] - zlib <no-dsa> (Minor issue)
+ - rsync <unfixed> (bug #924509)
+ [stretch] - rsync <no-dsa> (Minor issue)
NOTE: https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
CVE-2016-9840 (inftrees.c in zlib 1.2.8 might allow context-dependent attackers to ...)
- zlib 1:1.2.8.dfsg-3 (bug #847270)
[jessie] - zlib <no-dsa> (Minor issue)
[wheezy] - zlib <no-dsa> (Minor issue)
+ - rsync <unfixed> (bug #924509)
+ [stretch] - rsync <no-dsa> (Minor issue)
NOTE: https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
CVE-2016-9844 (Buffer overflow in the zi_short function in zipinfo.c in Info-Zip ...)
@@ -144097,6 +144108,7 @@ CVE-2016-4456 (The "GNUTLS_KEYLOGFILE" environment variable in gnutls
CVE-2016-1000002
RESERVED
- gdm3 <unfixed> (low; bug #849432)
+ [buster] - gdm3 <ignored> (Minor issue)
[stretch] - gdm3 <ignored> (Minor issue)
[jessie] - gdm3 <ignored> (Minor issue)
[wheezy] - gdm3 <ignored> (Minor issue)
@@ -190926,6 +190938,7 @@ CVE-2014-XXXX [rsync collision attack]
CVE-2014-8242 (librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, ...)
[experimental] - librsync 1.0.0-1~exp1
- librsync <unfixed> (low; bug #776246)
+ [buster] - librsync <no-dsa> (Minor issue, too instrusive to backport)
[stretch] - librsync <no-dsa> (Minor issue, too instrusive to backport)
[jessie] - librsync <no-dsa> (Minor issue, too instrusive to backport)
[wheezy] - librsync <no-dsa> (Minor issue, too instrusive to backport)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1bac99d7beb0476168a6e8be36ee1526a52dcc0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1bac99d7beb0476168a6e8be36ee1526a52dcc0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190314/14311beb/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list