[Git][security-tracker-team/security-tracker][master] buster/stretch triage
Moritz Muehlenhoff
jmm at debian.org
Tue Jan 21 17:10:30 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
116eb621 by Moritz Muehlenhoff at 2020-01-21T18:10:07+01:00
buster/stretch triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14267,8 +14267,8 @@ CVE-2019-19260 (GitLab Community Edition (CE) and Enterprise Edition (EE) throug
[experimental] - gitlab 12.2.9-5
- gitlab <unfixed>
- gitlab-workhorse 8.8.1+debian-3
- [buster] - gitlab-workhorse <no-dsa> (Minor issue)
- [stretch] - gitlab-workhorse <no-dsa> (Minor issue)
+ [buster] - gitlab-workhorse <ignored> (Minor issue)
+ [stretch] - gitlab-workhorse <ignored> (Minor issue)
[experimental] - gitaly 1.65.2+dfsg-1
- gitaly <unfixed>
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
@@ -62812,15 +62812,15 @@ CVE-2018-20541 (There is a heap-based buffer overflow in libxsmm_sparse_csc_read
NOTE: https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d
NOTE: https://github.com/hfp/libxsmm/issues/287
CVE-2018-20540 (There is memory leak at liblas::Open (liblas/liblas.hpp) in libLAS 1.8 ...)
- - liblas 1.8.1-10 (bug #922459)
- [stretch] - liblas <no-dsa> (Minor issue)
+ - liblas 1.8.1-10 (low; bug #922459)
+ [stretch] - liblas <ignored> (Minor issue)
[jessie] - liblas <no-dsa> (Minor issue)
NOTE: https://github.com/libLAS/libLAS/issues/158
NOTE: https://github.com/libLAS/libLAS/commit/ba7346d349fb00b18d0c12e226ac3090eac25d7b
CVE-2018-20539 (There is a Segmentation fault triggered by illegal address access at l ...)
- liblas <removed> (low; bug #924614)
- [buster] - liblas <no-dsa> (Minor issue)
- [stretch] - liblas <no-dsa> (Minor issue)
+ [buster] - liblas <ignored> (Minor issue)
+ [stretch] - liblas <ignored> (Minor issue)
[jessie] - liblas <no-dsa> (Minor issue)
NOTE: https://github.com/libLAS/libLAS/issues/159
CVE-2018-20538 (There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ...)
@@ -62829,14 +62829,14 @@ CVE-2018-20538 (There is a use-after-free at asm/preproc.c (function pp_getline)
NOTE: Crash in CLI tool, no security impact
CVE-2018-20537 (There is a NULL pointer dereference at liblas::SpatialReference::GetGT ...)
- liblas <removed> (low; bug #924614)
- [buster] - liblas <no-dsa> (Minor issue)
- [stretch] - liblas <no-dsa> (Minor issue)
+ [buster] - liblas <ignored> (Minor issue)
+ [stretch] - liblas <ignored> (Minor issue)
[jessie] - liblas <no-dsa> (Minor issue)
NOTE: https://github.com/libLAS/libLAS/issues/160
CVE-2018-20536 (There is a heap-based buffer over-read at liblas::SpatialReference::Ge ...)
- liblas <removed> (low; bug #924614)
- [buster] - liblas <no-dsa> (Minor issue)
- [stretch] - liblas <no-dsa> (Minor issue)
+ [buster] - liblas <ignored> (Minor issue)
+ [stretch] - liblas <ignored> (Minor issue)
[jessie] - liblas <no-dsa> (Minor issue)
NOTE: https://github.com/libLAS/libLAS/issues/161
CVE-2018-20535 (There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ...)
@@ -103529,8 +103529,8 @@ CVE-2017-18227 (TitanHQ WebTitan Gateway has incorrect certificate validation fo
NOT-FOR-US: TitanHQ WebTitan Gateway
CVE-2017-18226 (The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of ...)
- jabberd2 <unfixed> (low; bug #902783)
- [buster] - jabberd2 <no-dsa> (Minor issue, default init system not affected)
- [stretch] - jabberd2 <no-dsa> (Minor issue, default init system not affected)
+ [buster] - jabberd2 <ignored> (Minor issue, default init system not affected)
+ [stretch] - jabberd2 <ignored> (Minor issue, default init system not affected)
NOTE: https://bugs.gentoo.org/631068
CVE-2017-18225 (The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jab ...)
- jabberd2 <not-affected> (Installed with correct permissions in Debian)
@@ -109280,10 +109280,10 @@ CVE-2018-6260 (NVIDIA graphics driver contains a vulnerability that may allow ac
- nvidia-graphics-drivers-legacy-390xx 390.116-1
[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
- [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
- [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
- [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
+ [stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported)
[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4738
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4772
@@ -109305,10 +109305,10 @@ CVE-2018-6253 (NVIDIA GPU Display Driver contains a vulnerability in the DirectX
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
- [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported, no updates provided by Nvidia for 340)
- [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
- [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
+ [stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported)
[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4649
CVE-2018-6252 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
@@ -109323,10 +109323,10 @@ CVE-2018-6249 (NVIDIA GPU Display Driver contains a vulnerability in kernel mode
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
- [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported, no updates provided by Nvidia for 340)
- [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
- [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
+ [stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported)
[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4649
CVE-2018-6248 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
@@ -161317,10 +161317,10 @@ CVE-2017-6272 (NVIDIA GPU Display Driver contains a vulnerability in the kernel
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
- [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported, no updates provided by Nvidia for 340)
- [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
- [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
+ [stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported)
[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544
CVE-2017-6271 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
@@ -161338,10 +161338,10 @@ CVE-2017-6267 (NVIDIA GPU Display Driver contains a vulnerability in the kernel
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
- [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported, no updates provided by Nvidia for 340)
- [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
- [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
+ [stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported)
[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544
CVE-2017-6266 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...)
@@ -161351,10 +161351,10 @@ CVE-2017-6266 (NVIDIA GPU Display Driver contains a vulnerability in the kernel
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
- [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported, no updates provided by Nvidia for 340)
- [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
- [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
+ [stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported)
[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544
CVE-2017-6265
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/116eb62167a8a57c1075eecff529e1a62d7ce15f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/116eb62167a8a57c1075eecff529e1a62d7ce15f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200121/dd951717/attachment.html>
More information about the debian-security-tracker-commits
mailing list