[Git][security-tracker-team/security-tracker][master] new runc issue

Moritz Muehlenhoff jmm at debian.org
Wed Sep 25 21:54:59 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a7496e0b by Moritz Muehlenhoff at 2019-09-25T20:54:29Z
new runc issue
new gradle issues
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,8 @@ CVE-2019-16886
 CVE-2019-16885
 	RESERVED
 CVE-2019-16884 (runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other ...)
-	TODO: check
+	- runc <unfixed>
+	NOTE: https://github.com/opencontainers/runc/issues/2128
 CVE-2019-16883
 	RESERVED
 CVE-2019-16882 (An issue was discovered in the string-interner crate before 0.7.1 for  ...)
@@ -1305,7 +1306,8 @@ CVE-2019-16372
 CVE-2019-16371 (LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted ...)
 	NOT-FOR-US: LogMeIn LastPass
 CVE-2019-16370 (The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algori ...)
-	TODO: check
+	- gradle <unfixed> (low)
+	NOTE: https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f
 CVE-2019-16369
 	RESERVED
 CVE-2019-16368
@@ -4803,7 +4805,7 @@ CVE-2019-15140 (coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers
 CVE-2019-15139 (The XWD image (X Window System window dumping file) parsing component  ...)
 	TODO: check
 CVE-2019-15138 (The html-pdf package 2.2.0 for Node.js has an arbitrary file read vuln ...)
-	TODO: check
+	NOT-FOR-US: node html-pdf
 CVE-2019-15137 (The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows f ...)
 	NOT-FOR-US: eProsima Fast RTPS
 CVE-2019-15136 (The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not ...)
@@ -5137,7 +5139,10 @@ CVE-2019-15054
 CVE-2019-15053 (The "HTML Include and replace macro" plugin before 1.5.0 for Confluenc ...)
 	NOT-FOR-US: "HTML Include and replace macro" plugin for Confluence Server
 CVE-2019-15052 (The HTTP client in Gradle before 5.6 sends authentication credentials  ...)
-	TODO: check
+	- gradle <unfixed> (low)
+	NOTE: https://github.com/gradle/gradle/issues/10278
+	NOTE: https://github.com/gradle/gradle/pull/10176
+	NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95
 CVE-2019-15051
 	RESERVED
 CVE-2019-15050 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a7496e0b55d58e1ddeca888d66ec4942e667ae18

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a7496e0b55d58e1ddeca888d66ec4942e667ae18
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190925/1f1e1ea8/attachment.html>

More information about the debian-security-tracker-commits mailing list