[Git][security-tracker-team/security-tracker][master] buster/stretch triage

Moritz Muehlenhoff jmm at debian.org
Thu Sep 26 21:35:34 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b38ab216 by Moritz Muehlenhoff at 2019-09-26T20:29:36Z
buster/stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3648,10 +3648,12 @@ CVE-2019-15555 (FredReinink Wellness-app before 2019-06-19 allows SQL injection,
 	NOT-FOR-US: FredReinink Wellness-app
 CVE-2019-15554 (An issue was discovered in the smallvec crate before 0.6.10 for Rust.  ...)
 	- rust-smallvec 0.6.10-1
+	[buster] - rust-smallvec <no-dsa> (Minor issue)
 	NOTE: https://github.com/servo/rust-smallvec/issues/149
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0012.html
 CVE-2019-15553 (An issue was discovered in the memoffset crate before 0.5.0 for Rust.  ...)
 	- rust-memoffset 0.5.1-1 (bug #936025)
+	[buster] - rust-memoffset <no-dsa> (Minor issue)
 	NOTE: https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0011.html
 CVE-2019-15552 (An issue was discovered in the libflate crate before 0.1.25 for Rust.  ...)
@@ -4867,22 +4869,30 @@ CVE-2019-15146 (GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 byt
 	NOT-FOR-US: gpmf-parser
 CVE-2019-15145 (DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack  ...)
 	{DLA-1902-1}
-	- djvulibre 3.5.27.1-11
+	- djvulibre 3.5.27.1-11 (low)
+	[buster] - djvulibre <no-dsa> (Minor issue)
+	[stretch] - djvulibre <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/djvu/bugs/298/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/
 CVE-2019-15144 (In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate< ...)
 	{DLA-1902-1}
-	- djvulibre 3.5.27.1-11
+	- djvulibre 3.5.27.1-11 (low)
+	[buster] - djvulibre <no-dsa> (Minor issue)
+	[stretch] - djvulibre <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/djvu/bugs/299/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/
 CVE-2019-15143 (In DjVuLibre 3.5.27, the bitmap reader component allows attackers to c ...)
 	{DLA-1902-1}
-	- djvulibre 3.5.27.1-11
+	- djvulibre 3.5.27.1-11 (low)
+	[buster] - djvulibre <no-dsa> (Minor issue)
+	[stretch] - djvulibre <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/djvu/bugs/297/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/
 CVE-2019-15142 (In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows a ...)
 	{DLA-1902-1}
-	- djvulibre 3.5.27.1-11
+	- djvulibre 3.5.27.1-11 (low)
+	[buster] - djvulibre <no-dsa> (Minor issue)
+	[stretch] - djvulibre <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/djvu/bugs/296/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/
 CVE-2019-15141 (WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows att ...)
@@ -19757,6 +19767,8 @@ CVE-2019-10186 (A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7.
 CVE-2019-10185 (It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was  ...)
 	{DLA-1914-1}
 	- icedtea-web 1.8.3-1 (bug #934319)
+	[buster] - icedtea-web <no-dsa> (Minor issue)
+	[stretch] - icedtea-web <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2
 	NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344
 CVE-2019-10184 (undertow before version 2.0.23.Final is vulnerable to an information l ...)
@@ -19769,11 +19781,15 @@ CVE-2019-10183 (Virt-install(1) utility used to provision new virtual machines h
 CVE-2019-10182 (It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly  ...)
 	{DLA-1914-1}
 	- icedtea-web 1.8.3-1 (bug #934319)
+	[buster] - icedtea-web <no-dsa> (Minor issue)
+	[stretch] - icedtea-web <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2
 	NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344
 CVE-2019-10181 (It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 e ...)
 	{DLA-1914-1}
 	- icedtea-web 1.8.3-1 (bug #934319)
+	[buster] - icedtea-web <no-dsa> (Minor issue)
+	[stretch] - icedtea-web <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2
 	NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344
 CVE-2019-10180
@@ -30388,14 +30404,17 @@ CVE-2019-6475
 CVE-2019-6474 [An oversight when validating incoming client requests can lead to a situation where the Kea server will exit when trying to restart]
 	RESERVED
 	- isc-kea <unfixed> (bug #936040)
+	[stretch] - isc-kea <no-dsa> (Minor issue)
 	NOTE: https://kb.isc.org/docs/cve-2019-6474
 CVE-2019-6473 [An invalid hostname option can cause the kea-dhcp4 server to terminate]
 	RESERVED
 	- isc-kea <unfixed> (bug #936040)
+	[stretch] - isc-kea <no-dsa> (Minor issue)
 	NOTE: https://kb.isc.org/docs/cve-2019-6473
 CVE-2019-6472 [A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate]
 	RESERVED
 	- isc-kea <unfixed> (bug #936040)
+	[stretch] - isc-kea <no-dsa> (Minor issue)
 	NOTE: https://kb.isc.org/docs/cve-2019-6472
 CVE-2019-6471 [A race condition when discarding malformed packets can cause BIND to exit with an assertion failure]
 	RESERVED
@@ -39266,7 +39285,9 @@ CVE-2018-20197 (There is a stack-based buffer underflow in the third instance of
 	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
 CVE-2018-20196 (There is a stack-based buffer overflow in the third instance of the ca ...)
 	{DLA-1899-1}
-	- faad2 2.8.8-3.1
+	- faad2 2.8.8-3.1 (low)
+	[buster] - faad2 <no-dsa> (Minor issue)
+	[stretch] - faad2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/knik0/faad2/issues/19
 	NOTE: https://github.com/knik0/faad2/commit/6aeeaa1af0caf986daf22852a97f7c13c5edd879
 CVE-2018-20195 (A NULL pointer dereference was discovered in ic_predict of libfaad/ic_ ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b38ab216584eb33046feb91f827006f18ec94329

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b38ab216584eb33046feb91f827006f18ec94329
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190926/132b9823/attachment.html>

More information about the debian-security-tracker-commits mailing list