[Git][security-tracker-team/security-tracker][master] freeradius unimportant

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9a6a8ba9 by Moritz Muehlenhoff at 2019-05-24T08:06:42Z
freeradius unimportant
mark some minor poppler issues as ignored for buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3521,6 +3521,7 @@ CVE-2019-10874 (Cross Site Request Forgery (CSRF) in the bolt/upload File Upload
 	NOT-FOR-US: Bolt CMS
 CVE-2019-10873 (An issue was discovered in Poppler 0.74.0. There is a NULL pointer der ...)
 	- poppler 0.71.0-4 (low; bug #926532)
+	[buster] - poppler <ignored> (Minor issue)
 	[stretch] - poppler <ignored> (Minor issue)
 	[jessie] - poppler <not-affected> (vulnerable code is not present)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/748
@@ -5200,10 +5201,11 @@ CVE-2019-10145
 	RESERVED
 CVE-2019-10144
 	RESERVED
-CVE-2019-10143 [privilege escalation due to insecure logration]
+CVE-2019-10143 [freeradius rotates logs with root permissions]
 	RESERVED
-	- freeradius <unfixed> (bug #929466)
+	- freeradius <unfixed> (unimportant; bug #929466)
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/pull/2666
+	NOTE: This is not a security issue per se
 CVE-2019-10142 [drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl]
 	RESERVED
 	- linux <unfixed> (unimportant)
@@ -5540,7 +5542,8 @@ CVE-2019-10020 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the
 CVE-2019-10019 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
 	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
 CVE-2019-10018 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
-	- poppler <unfixed> (bug #926133)
+	- poppler <unfixed> (low; bug #926133)
+	[buster] - poppler <ignored> (Minor issue)
 	[stretch] - poppler <ignored> (Minor issue)
 	[jessie] - poppler <ignored> (Minor issue)
 	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 (PostScriptFunction::exec at Function.cc:1374-42___FPE PoC)
@@ -7606,8 +7609,8 @@ CVE-2019-9546 (SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege
 	NOT-FOR-US: SolarWinds Orion Platform
 CVE-2019-9545 (An issue was discovered in Poppler 0.74.0. A recursive function call,  ...)
 	- poppler <unfixed> (low; bug #923552)
-	[buster] - poppler <postponed> (Revisit when fixed upstream)
-	[stretch] - poppler <postponed> (Revisit when fixed upstream)
+	[buster] - poppler <ignored> (Minor issue)
+	[stretch] - poppler <ignored> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/731
 CVE-2019-9544 (An issue was discovered in Bento4 1.5.1-628. An out of bounds write oc ...)
 	NOT-FOR-US: Bento4
@@ -33844,6 +33847,7 @@ CVE-2018-19059 (An issue was discovered in Poppler 0.71.0. There is a out-of-bou
 CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a reachable abort  ...)
 	{DLA-1706-1}
 	- poppler <unfixed> (low; bug #913177)
+	[buster] - poppler <ignored> (Minor issue)
 	[stretch] - poppler <ignored> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/659
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/6912e06d9ab19ba28991b5cab3319d61d856bd6d
@@ -34223,6 +34227,7 @@ CVE-2018-18898 (The email-ingestion feature in Best Practical Request Tracker 4.
 	NOTE: https://github.com/bestpractical/email-address-list/commit/31bd4dc2dfb26fd6a17e4436df3d3c8904856f30
 CVE-2018-18897 (An issue was discovered in Poppler 0.71.0. There is a memory leak in G ...)
 	- poppler <unfixed> (low; bug #913164)
+	[buster] - poppler <ignored> (Negligible security impact)
 	[stretch] - poppler <ignored> (Negligible security impact)
 	[jessie] - poppler <ignored> (Negligible security impact; memory leak)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/654



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a6a8ba96be26018e1d52148547d7f25c6dcdb4a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a6a8ba96be26018e1d52148547d7f25c6dcdb4a
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190524/5a19985d/attachment-0001.html>