[Git][security-tracker-team/security-tracker][master] mariadb, libsass fixed

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7f766980 by Moritz Muehlenhoff at 2019-05-21T13:12:37Z
mariadb, libsass fixed
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4552,8 +4552,10 @@ CVE-2019-10321
 	RESERVED
 CVE-2019-10320
 	RESERVED
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10319
 	RESERVED
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10318 (Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret une ...)
 	NOT-FOR-US: Jenkins Azure AD Plugin
 CVE-2019-10317 (Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostna ...)
@@ -15370,7 +15372,7 @@ CVE-2019-6288
 CVE-2019-6287 (In Rancher 2.0.0 through 2.1.5, project members have continued access  ...)
 	NOT-FOR-US: Rancher
 CVE-2019-6286 (In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...)
-	- libsass <unfixed> (low)
+	- libsass 3.5.5-3 (low)
 	[stretch] - libsass <no-dsa> (Minor issue)
 	NOTE: https://github.com/sass/libsass/issues/2815
 CVE-2019-6285 (The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibY ...)
@@ -15383,11 +15385,11 @@ CVE-2019-6285 (The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka
 	[jessie] - yaml-cpp0.3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/jbeder/yaml-cpp/issues/660
 CVE-2019-6284 (In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...)
-	- libsass <unfixed> (low)
+	- libsass 3.5.5-3 (low)
 	[stretch] - libsass <no-dsa> (Minor issue)
 	NOTE: https://github.com/sass/libsass/issues/2816
 CVE-2019-6283 (In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...)
-	- libsass <unfixed> (low)
+	- libsass 3.5.5-3 (low)
 	[stretch] - libsass <no-dsa> (Minor issue)
 	NOTE: https://github.com/sass/libsass/issues/2814
 CVE-2019-6282 (ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W ...)
@@ -25184,12 +25186,12 @@ CVE-2019-2630 (Vulnerability in the MySQL Server component of Oracle MySQL (subc
 CVE-2019-2629 (Vulnerability in the Oracle Health Sciences Data Management Workbench  ...)
 	NOT-FOR-US: Oracle
 CVE-2019-2628 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
-	- mariadb-10.3 <unfixed> (bug #928393)
+	- mariadb-10.3 1:10.3.15-1 (bug #928393)
 	- mysql-5.7 <unfixed> (bug #927308)
 	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
 	NOTE: Fixed in MariaDB: 10.3.15
 CVE-2019-2627 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
-	- mariadb-10.3 <unfixed> (bug #928393)
+	- mariadb-10.3 1:10.3.15-1 (bug #928393)
 	- mariadb-10.1 <removed>
 	[stretch] - mariadb-10.1 <no-dsa> (Minor issue)
 	- mariadb-10.0 <removed>
@@ -25222,7 +25224,7 @@ CVE-2019-2616 (Vulnerability in the BI Publisher (formerly XML Publisher) compon
 CVE-2019-2615 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
 	NOT-FOR-US: Oracle
 CVE-2019-2614 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
-	- mariadb-10.3 <unfixed> (bug #928393)
+	- mariadb-10.3 1:10.3.15-1 (bug #928393)
 	- mariadb-10.1 <removed>
 	[stretch] - mariadb-10.1 <no-dsa> (Minor issue)
 	- mariadb-10.0 <removed>
@@ -28423,7 +28425,7 @@ CVE-2018-19829 (Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_us
 CVE-2018-19828 (Artica Integria IMS 5.0.83 has XSS via the search_string parameter. ...)
 	NOT-FOR-US: Artica Integria IMS
 CVE-2018-19827 (In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedP ...)
-	- libsass <unfixed>
+	- libsass 3.5.5-3
 	[stretch] - libsass <no-dsa> (Minor issue)
 	NOTE: https://github.com/sass/libsass/issues/2782
 CVE-2018-19826 (** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprin ...)
@@ -53474,7 +53476,7 @@ CVE-2018-11501 (PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_s
 CVE-2018-11500 (An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vu ...)
 	NOT-FOR-US: PublicCMS
 CVE-2018-11499 (A use-after-free vulnerability exists in handle_error() in sass_contex ...)
-	- libsass <unfixed> (bug #900182)
+	- libsass 3.5.5-3 (bug #900182)
 	[stretch] - libsass <not-affected> (Vulnerability introduced in 3.4.7 upstream)
 	NOTE: https://github.com/sass/libsass/issues/2643
 	NOTE: https://github.com/sass/libsass/commit/84eaca254ca726531def3569c990089b3154e640



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f766980730f4169bf7a350018692b780dc608fe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f766980730f4169bf7a350018692b780dc608fe
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190521/060942f2/attachment.html>