[Git][security-tracker-team/security-tracker][master] buster triage

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3522a0c8 by Moritz Muehlenhoff at 2019-05-09T20:46:48Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -435,6 +435,7 @@ CVE-2019-11645
 	RESERVED
 CVE-2019-11675 (The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ...)
 	- groonga 9.0.1-2 (bug #928304)
+	[buster] - groonga 9.0.0-1+deb10u1
 	[stretch] - groonga <no-dsa> (Minor issue, can be fixed via point release)
 CVE-2019-11644
 	RESERVED
@@ -942,7 +943,8 @@ CVE-2019-11461 (An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 a
 	[jessie] - nautilus <not-affected> (Vulnerable embedded gnome-desktop thumbnail script introduced later)
 	NOTE: https://gitlab.gnome.org/GNOME/nautilus/issues/987
 CVE-2019-11460 (An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 pr ...)
-	- gnome-desktop3 <unfixed>
+	- gnome-desktop3 <unfixed> (low; bug #928732)
+	[buster] - gnome-desktop3 <no-dsa> (Minor issue)
 	[stretch] - gnome-desktop3 <not-affected> (Vulnerable embedded gnome-desktop thumbnail script introduced later)
 	[jessie] - gnome-desktop3 <not-affected> (Vulnerable embedded gnome-desktop thumbnail script introduced later)
 	NOTE: https://gitlab.gnome.org/GNOME/gnome-desktop/issues/112
@@ -19870,6 +19872,7 @@ CVE-2019-3845 (A lack of access control was found in the message queues maintain
 CVE-2019-3844 (It was discovered that a systemd service that uses DynamicUser propert ...)
 	[experimental] - systemd 242-1
 	- systemd <unfixed> (bug #928102)
+	[buster] - systemd <ignored> (Minor issue; exploit vector needs control both of the service and a helper outside)
 	[stretch] - systemd <ignored> (Minor issue; exploit vector needs control both of the service and a helper outside)
 	[jessie] - systemd <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1684610
@@ -19879,6 +19882,7 @@ CVE-2019-3844 (It was discovered that a systemd service that uses DynamicUser pr
 CVE-2019-3843 (It was discovered that a systemd service that uses DynamicUser propert ...)
 	[experimental] - systemd 242-1
 	- systemd <unfixed> (bug #928102)
+	[buster] - systemd <ignored> (Minor issue; exploit vector needs control both of the service and a helper outside)
 	[stretch] - systemd <ignored> (Minor issue; exploit vector needs control both of the service and a helper outside)
 	[jessie] - systemd <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/systemd/systemd/commit/3c27973b13724ede05a06a5d346a569794cda433
@@ -162558,6 +162562,7 @@ CVE-2016-1586 (A malicious webview could install long-lived unload handlers that
 	NOT-FOR-US: Oxide
 CVE-2016-1585 (In all versions of AppArmor mount rules are accidentally widened when  ...)
 	- apparmor <unfixed> (low)
+	[buster] - apparmor <ignored> (Minor overall security impact)
 	[stretch] - apparmor <ignored> (Minor overall security impact)
 	[jessie] - apparmor <ignored> (Minor overall security impact)
 	NOTE: https://bugs.launchpad.net/apparmor/+bug/1597017



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3522a0c8a2e793cec752d362ac3b63a34dae84f1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3522a0c8a2e793cec752d362ac3b63a34dae84f1
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190509/e4e9e750/attachment.html>