[Git][security-tracker-team/security-tracker][master] Mark glusterfs issues as no-dsa

Tue Mar 3 20:09:58 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
69ed454b by Salvatore Bonaccorso at 2020-03-03T21:09:27+01:00
Mark glusterfs issues as no-dsa

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -92910,12 +92910,14 @@ CVE-2018-14662 (It was found Ceph versions before 13.2.4 that authenticated ceph
 CVE-2018-14661 (It was found that usage of snprintf function in feature/locks translat ...)
 	{DLA-1565-1}
 	- glusterfs 5.1-1 (bug #912997)
+	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1636880
 	NOTE: https://review.gluster.org/#/c/glusterfs/+/21532/
 	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=74dbf0a9aac4b960832029ec122685b5b5009127
 CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2  ...)
 	- glusterfs 5.1-1 (bug #912997)
+	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
 	[jessie] - glusterfs <not-affected> (vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635926
@@ -92924,6 +92926,7 @@ CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and
 CVE-2018-14659 (The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable ...)
 	{DLA-1565-1}
 	- glusterfs 5.1-1 (bug #912997)
+	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635929
 	NOTE: https://review.gluster.org/#/c/glusterfs/+/21530/
@@ -92941,6 +92944,7 @@ CVE-2018-14655 (A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Fin
 	NOT-FOR-US: Keycloak
 CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to abuse o ...)
 	- glusterfs 5.1-1 (bug #912997)
+	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
 	[jessie] - glusterfs <not-affected> (vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1631576
@@ -92950,6 +92954,7 @@ CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to a
 CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulnerable  ...)
 	{DLA-1565-1}
 	- glusterfs 5.1-1 (bug #912997)
+	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1633431
 	NOTE: https://review.gluster.org/#/c/glusterfs/+/21528/
@@ -92959,6 +92964,7 @@ CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulne
 CVE-2018-14652 (The Gluster file system through versions 3.12 and 4.1.4 is vulnerable  ...)
 	{DLA-1565-1}
 	- glusterfs 5.0-1 (bug #912997)
+	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632974
 	NOTE: https://review.gluster.org/#/c/glusterfs/+/21535/
@@ -103181,30 +103187,35 @@ CVE-2018-10931 (It was found that cobbler 2.6.x exposed all functions from its C
 CVE-2018-10930 (A flaw was found in RPC request using gfs3_rename_req in glusterfs ser ...)
 	{DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
+	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612664
 	NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
 	NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
 CVE-2018-10929 (A flaw was found in RPC request using gfs2_create_req in glusterfs ser ...)
 	{DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
+	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612660
 	NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
 	NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
 CVE-2018-10928 (A flaw was found in RPC request using gfs3_symlink_req in glusterfs se ...)
 	{DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
+	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612659
 	NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
 	NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
 CVE-2018-10927 (A flaw was found in RPC request using gfs3_lookup_req in glusterfs ser ...)
 	{DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
+	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612658
 	NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
 	NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
 CVE-2018-10926 (A flaw was found in RPC request using gfs3_mknod_req supported by glus ...)
 	{DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
+	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1613143
 	NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
 	NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
@@ -103228,6 +103239,7 @@ CVE-2018-10924 (It was discovered that fsync(2) system call in glusterfs client
 CVE-2018-10923 (It was found that the "mknod" call derived from mknod(2) can create fi ...)
 	{DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
+	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1610659
 	NOTE: https://github.com/gluster/glusterfs/commit/4bafcc97e812acc854dfc436ade35df0308d5a3e
 CVE-2018-10922 (An input validation flaw exists in ttembed. With a crafted input file, ...)
@@ -103268,11 +103280,13 @@ CVE-2018-10915 (A vulnerability was found in libpq, the default PostgreSQL clien
 CVE-2018-10914 (It was found that an attacker could issue a xattr request via glusterf ...)
 	{DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
+	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607617
 	NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad
 CVE-2018-10913 (An information disclosure vulnerability was discovered in glusterfs se ...)
 	{DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
+	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607618
 	NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad
 CVE-2018-10912 (keycloak before version 4.0.0.final is vulnerable to a infinite loop i ...)
@@ -103280,6 +103294,7 @@ CVE-2018-10912 (keycloak before version 4.0.0.final is vulnerable to a infinite
 CVE-2018-10911 (A flaw was found in the way dic_unserialize function of glusterfs does ...)
 	{DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
+	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601657
 	NOTE: https://github.com/gluster/glusterfs/commit/cc3271ebf3aacdbbc77fdd527375af78ab12ea8d
 CVE-2018-10910 (A bug in Bluez may allow for the Bluetooth Discoverable state being se ...)
@@ -103299,6 +103314,7 @@ CVE-2018-10908 (It was found that vdsm before version 4.20.37 invokes qemu-img o
 CVE-2018-10907 (It was found that glusterfs server is vulnerable to multiple stack bas ...)
 	{DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
+	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601642
 	NOTE: https://github.com/gluster/glusterfs/commit/35f86ce46240c4f9c216bbc29164ce441cfca1e7
 CVE-2018-10906 (In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vuln ...)
@@ -103312,6 +103328,7 @@ CVE-2018-10905 (CloudForms Management Engine (cfme) is vulnerable to an improper
 CVE-2018-10904 (It was found that glusterfs server does not properly sanitize file pat ...)
 	{DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
+	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601298
 	NOTE: https://github.com/gluster/glusterfs/commit/9716ce88b3a1faf135a6badc02d94249898059dd
 CVE-2018-10903 (A flaw was found in python-cryptography versions between >=1.9.0 an ...)
@@ -103616,6 +103633,7 @@ CVE-2018-10842
 	REJECTED
 CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster server node ...)
 	- glusterfs 4.1.2-1 (bug #901968)
+	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
 	[jessie] - glusterfs <not-affected> (vulnerable code not present)
 	NOTE: https://review.gluster.org/#/c/20328/
 	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e8d928e34680079e42be6947ffacc4ddd7defca2
@@ -131626,6 +131644,7 @@ CVE-2018-1089 (389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not pr
 	NOTE: http://www.openwall.com/lists/oss-security/2018/05/07/2
 CVE-2018-1088 (A privilege escalation flaw was found in gluster 3.x snapshot schedule ...)
 	- glusterfs 4.0.2-1 (bug #896128)
+	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
 	[jessie] - glusterfs <not-affected> (vulnerable code not present)
 	[wheezy] - glusterfs <not-affected> (vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1558721


=====================================
data/dsa-needed.txt
=====================================
@@ -20,8 +20,6 @@ amd64-microcode
 --
 chromium/stable
 --
-glusterfs/oldstable
---
 graphicsmagick
 --
 jruby/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69ed454bb968cc4d9be683b6c8585f906bdc2242

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69ed454bb968cc4d9be683b6c8585f906bdc2242
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200303/c9fdf8bd/attachment-0001.html>
