[Git][security-tracker-team/security-tracker][master] 4 commits: Process NFUs

Thu Oct 31 14:43:54 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cc46e1d2 by Salvatore Bonaccorso at 2019-10-31T14:40:52Z
Process NFUs

- - - - -
32e452da by Salvatore Bonaccorso at 2019-10-31T14:41:32Z
Add CVE-2018-21029/systemd

- - - - -
1c122e9a by Salvatore Bonaccorso at 2019-10-31T14:41:47Z
Add CVE-2019-15682/rdesktop

- - - - -
5c93b02c by Salvatore Bonaccorso at 2019-10-31T14:42:21Z
Merge remote-tracking branch 'origin/master'

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47,7 +47,11 @@ CVE-2019-18627
 CVE-2019-18626
 	RESERVED
 CVE-2018-21029 (systemd 239 through 243 accepts any certificate signed by a trusted ce ...)
-	TODO: check
+	- systemd <unfixed>
+	[buster] - systemd <no-dsa> (Minor issue; systemd-resolved not enabled by default)
+	[stretch] - systemd <not-affected> (Vulnerable code introduced later)
+	[jessie] - systemd <not-affected> (Vulnerable code introduced later)
+	NOTE: https://github.com/systemd/systemd/issues/9397
 CVE-2019-18625
 	RESERVED
 CVE-2019-18624 (Opera Mini for Android allows attackers to bypass intended restriction ...)
@@ -8644,7 +8648,9 @@ CVE-2019-15684
 CVE-2019-15683 (TurboVNC server code contains stack buffer overflow vulnerability in c ...)
 	TODO: check
 CVE-2019-15682 (RDesktop version 1.8.4 contains multiple out-of-bound access read vuln ...)
-	TODO: check
+	- rdesktop 1.8.6-1
+	[stretch] - rdesktop 1.8.6-2~deb9u1
+	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/10/30/klcert-19-032-denial-of-service-in-rdesktop-before-1-8-4/
 CVE-2019-15681 (LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains ...)
 	{DLA-1979-1 DLA-1977-1}
 	- libvncserver <unfixed> (bug #943793)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9e2cc2cc91c4f4a8663ee059d6971b80e9df8baf...5c93b02cc5d81e0dd0bea5e0ce299b34f4ed7307

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9e2cc2cc91c4f4a8663ee059d6971b80e9df8baf...5c93b02cc5d81e0dd0bea5e0ce299b34f4ed7307
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191031/e63ad503/attachment.html>
