[Git][security-tracker-team/security-tracker][master] puppet confirmed/no-dsa

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2fd1f835 by Moritz Muehlenhoff at 2020-01-16T12:15:00+01:00
puppet confirmed/no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -52194,8 +52194,8 @@ CVE-2019-7443 (KDE KAuth before 5.55 allows the passing of parameters with arbit
 	- kauth 5.54.0-2 (bug #921995)
 	[stretch] - kauth 5.28.0-2+deb9u1
 	- kde4libs <removed> (bug #922727)
-	[buster] - kde4libs <no-dsa> (Minor issue)
-	[stretch] - kde4libs <no-dsa> (Minor issue)
+	[buster] - kde4libs <ignored> (Minor issue)
+	[stretch] - kde4libs <ignored> (Minor issue)
 	[jessie] - kde4libs <no-dsa> (Minor issue)
 	NOTE: https://mail.kde.org/pipermail/kde-announce/2019-February/000011.html
 	NOTE: https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a
@@ -93294,10 +93294,11 @@ CVE-2018-11753
 CVE-2018-11752 (Previous releases of the Puppet cisco_ios module output SSH session de ...)
 	NOT-FOR-US: cisco_ios Puppet module
 CVE-2018-11751 (Previous versions of Puppet Agent didn't verify the peer in the SSL co ...)
-	- puppet <undetermined>
+	- puppet <unfixed>
+	[buster] - puppet <no-dsa> (Minor issue)
+	[stretch] - puppet <no-dsa> (Minor issue)
 	NOTE: https://puppet.com/security/cve/CVE-2018-11751/
 	NOTE: https://tickets.puppetlabs.com/browse/PUP-9459
-	TODO: check
 CVE-2018-11750 (Previous releases of the Puppet cisco_ios module did not validate a ho ...)
 	NOT-FOR-US: cisco_ios Puppet module
 CVE-2018-11749 (When users are configured to use startTLS with RBAC LDAP, at login tim ...)
@@ -152419,8 +152420,8 @@ CVE-2017-8872 (The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/123234f2cfcd9e9b9f83047eee1dc17b4c3f4407
 CVE-2017-8871 (The cr_parser_parse_selector_core function in cr-parser.c in libcroco  ...)
 	- libcroco <unfixed> (bug #864666; low)
-	[buster] - libcroco <no-dsa> (Minor issue)
-	[stretch] - libcroco <no-dsa> (Minor issue)
+	[buster] - libcroco <ignored> (Minor issue)
+	[stretch] - libcroco <ignored> (Minor issue)
 	[jessie] - libcroco <no-dsa> (Minor issue)
 	[wheezy] - libcroco <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=782649
@@ -152547,8 +152548,8 @@ CVE-2016-10369 (unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp fo
 	NOTE: Fixed by: https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648
 CVE-2017-8834 (The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 a ...)
 	- libcroco <unfixed> (bug #864666; low)
-	[buster] - libcroco <no-dsa> (Minor issue)
-	[stretch] - libcroco <no-dsa> (Minor issue)
+	[buster] - libcroco <ignored> (Minor issue)
+	[stretch] - libcroco <ignored> (Minor issue)
 	[jessie] - libcroco <no-dsa> (Minor issue)
 	[wheezy] - libcroco <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=782647
@@ -278746,8 +278747,8 @@ CVE-2013-0343 (The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the L
 	- linux-2.6 <removed> (low)
 CVE-2013-0342 (The CreateID function in packet.py in pyrad before 2.1 uses sequential ...)
 	- pyrad <unfixed> (low; bug #701151)
-	[buster] - pyrad <no-dsa> (Minor issue)
-	[stretch] - pyrad <no-dsa> (Minor issue)
+	[buster] - pyrad <ignored> (Minor issue)
+	[stretch] - pyrad <ignored> (Minor issue)
 	[jessie] - pyrad <no-dsa> (Minor issue)
 	[wheezy] - pyrad <no-dsa> (Minor issue)
 	[squeeze] - pyrad <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2fd1f835a1b838445fb895cc62ff84639f301dc2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2fd1f835a1b838445fb895cc62ff84639f301dc2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200116/0f73a5c2/attachment-0001.html>