[Git][security-tracker-team/security-tracker][master] gcrypt, gvfs no-dsa

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
91ae8fc1 by Moritz Muehlenhoff at 2019-09-28T20:22:45Z
gcrypt, gvfs no-dsa
xpdf n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,7 +35,7 @@ CVE-2019-16930
 CVE-2019-16929
 	RESERVED
 CVE-2019-16927 (Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the ...)
-	TODO: check
+	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
 CVE-2019-16926 (Flower 1.0.0 has XSS via a crafted worker name. ...)
 	NOT-FOR-US: Flower
 CVE-2019-16925 (Flower 1.0.0 has XSS via the name parameter in an @app.task call. ...)
@@ -12629,6 +12629,8 @@ CVE-2019-12905 (FileRun 2019.05.21 allows XSS via the filename to the ?module=fi
 	NOT-FOR-US: FileRun
 CVE-2019-12904 (In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flu ...)
 	- libgcrypt20 <unfixed> (bug #930885)
+	[buster] - libgcrypt20 <no-dsa> (Minor issue)
+	[stretch] - libgcrypt20 <no-dsa> (Minor issue)
 	[jessie] - libgcrypt20 <not-affected> (Vulnerable code introduced later in version 1.7.0)
 	- libgcrypt11 <removed>
 	NOTE: https://dev.gnupg.org/T4541
@@ -12925,6 +12927,7 @@ CVE-2019-12796
 CVE-2019-12795 (daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x bef ...)
 	{DLA-1827-1}
 	- gvfs 1.38.1-5 (bug #930376)
+	[stretch] - gvfs <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a (master)
 	NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f (gnome-3-32)
 	NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe (gnome-3-30)
@@ -13802,14 +13805,17 @@ CVE-2019-12450 (file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2
 	NOTE: https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
 CVE-2019-12449 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gv ...)
 	- gvfs 1.38.1-4 (bug #929755)
+	[stretch] - gvfs <no-dsa> (Minor issue)
 	[jessie] - gvfs <not-affected> (Vulnerable code introduced later)
 	NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/d5dfd823c94045488aef8727c553f1e0f7666b90
 CVE-2019-12448 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gv ...)
 	- gvfs 1.38.1-4 (bug #929755)
+	[stretch] - gvfs <no-dsa> (Minor issue)
 	[jessie] - gvfs <not-affected> (Vulnerable code introduced later)
 	NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/5cd76d627f4d1982b6e77a0e271ef9301732d09e
 CVE-2019-12447 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gv ...)
 	- gvfs 1.38.1-4 (bug #929755)
+	[stretch] - gvfs <no-dsa> (Minor issue)
 	[jessie] - gvfs <not-affected> (Vulnerable code introduced later)
 	NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/daf1163aba229afcfddf0f925aef7e97047e8959
 	NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/3895e09d784ebec0fbc4614d5c37068736120e1d



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/91ae8fc1fc78e63bd3484e51bf0b576499149326

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/91ae8fc1fc78e63bd3484e51bf0b576499149326
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190928/ae1c0a3d/attachment-0001.html>