[Git][security-tracker-team/security-tracker][master] Add CVE-2019-38{29,36}/gnutls28

Salvatore Bonaccorso carnil at debian.org
Wed Mar 27 22:26:28 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
784fad09 by Salvatore Bonaccorso at 2019-03-27T22:24:38Z
Add CVE-2019-38{29,36}/gnutls28

Explicitly track only the src:gnutl28 source package as the issue
affects only GnuTLS versions later than 3.5.8.

Although it needs to be checked if potentially the commit introducing
the issue was backported (but unlikely in those cases) but needs to be
further checked.

For that add a note on the respective upstream versions in the NOTEs.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15655,6 +15655,11 @@ CVE-2019-3837
 	RESERVED
 CVE-2019-3836
 	RESERVED
+	- gnutls28 <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1678411
+	NOTE: https://gitlab.com/gnutls/gnutls/issues/704
+	NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27
+	NOTE: Upstream versions affected are 3.6.3 and later before 3.6.7
 CVE-2019-3835 (It was found that the superexec operator was available in the internal ...)
 	[experimental] - ghostscript 9.27~~dc1~dfsg-1
 	- ghostscript <unfixed> (bug #925256)
@@ -15679,7 +15684,11 @@ CVE-2019-3830 (A vulnerability was found in ceilometer before version 12.0.0.0rc
 	- ceilometer <unfixed> (bug #925298)
 	NOTE: https://bugs.launchpad.net/ceilometer/+bug/1811098/
 CVE-2019-3829 (A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7.  ...)
-	TODO: check
+	- gnutls28 <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1677048
+	NOTE: https://gitlab.com/gnutls/gnutls/issues/694
+	NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27
+	NOTE: Upstream versions affected are from 3.5.8 and before 3.6.7.
 CVE-2019-3828 (Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path  ...)
 	{DSA-4396-1}
 	- ansible 2.7.7+dfsg-1 (bug #922537)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/784fad091ef526bc1f983117e36f953f4640c266

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/784fad091ef526bc1f983117e36f953f4640c266
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190327/14fa9135/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list