[Git][security-tracker-team/security-tracker][master] djvulibre no-dsa

Moritz Muehlenhoff jmm at debian.org
Thu Nov 7 22:49:21 GMT 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cdf14178 by Moritz Muehlenhoff at 2019-11-07T22:48:49Z
djvulibre no-dsa
strip source package reference from bogus reports

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,6 +35,8 @@ CVE-2019-18805 (An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Lin
 	NOTE: https://git.kernel.org/linus/19fad20d15a6494f47f85d869f00b11343ee5c78
 CVE-2019-18804 (DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU:: ...)
 	- djvulibre <unfixed>
+	[buster] - djvulibre <no-dsa> (Minor issue)
+	[stretch] - djvulibre <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/djvu/bugs/309/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125/
 CVE-2019-18803
@@ -2460,7 +2462,6 @@ CVE-2019-18686
 CVE-2019-18685
 	REJECTED
 CVE-2019-18684 (** DISPUTED ** Sudo through 1.8.29 allows local users to escalate to r ...)
-	- sudo <unfixed> (unimportant)
 	NOTE: https://gist.github.com/oxagast/51171aa161074188a11d96cbef884bbd
 	NOTE: Issue is bogus and a non-security issue (confirmed by upstream and in progress
 	NOTE: of beeing REJECTED). An attack is only viable if the attacker can write to fd/3.
@@ -5892,7 +5893,7 @@ CVE-2019-17626 (ReportLab through 3.5.26 allows remote code execution because of
 CVE-2019-17625 (There is a stored XSS in Rambox 0.6.9 that can lead to code execution. ...)
 	NOT-FOR-US: Rambox
 CVE-2019-17624 ("" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in ...)
-	- xorg-server <undetermined>
+	NOTE: Bogus report, will probably get rejected
 	NOTE: https://packetstormsecurity.com/files/154868/X.Org-X-Server-1.20.4-Local-Stack-Overflow.html
 CVE-2019-17623
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cdf14178292ae72d91f467fe504bb43f1584edcc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cdf14178292ae72d91f467fe504bb43f1584edcc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191107/b250bc75/attachment.html>

More information about the debian-security-tracker-commits mailing list