[Git][security-tracker-team/security-tracker][master] Remove no-dsa tags for upcoming glusterfs update
Markus Koschany (@apo)
apo at debian.org
Sun Oct 31 22:27:37 GMT 2021
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
194a3161 by Markus Koschany at 2021-10-31T23:26:56+01:00
Remove no-dsa tags for upcoming glusterfs update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -209257,14 +209257,12 @@ CVE-2018-14662 (It was found Ceph versions before 13.2.4 that authenticated ceph
CVE-2018-14661 (It was found that usage of snprintf function in feature/locks translat ...)
{DLA-1565-1}
- glusterfs 5.1-1 (bug #912997)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1636880
NOTE: https://review.gluster.org/#/c/glusterfs/+/21532/
NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=74dbf0a9aac4b960832029ec122685b5b5009127
CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 ...)
- glusterfs 5.1-1 (bug #912997)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
[jessie] - glusterfs <not-affected> (vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635926
@@ -209273,7 +209271,6 @@ CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and
CVE-2018-14659 (The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable ...)
{DLA-1565-1}
- glusterfs 5.1-1 (bug #912997)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635929
NOTE: https://review.gluster.org/#/c/glusterfs/+/21530/
@@ -209291,7 +209288,6 @@ CVE-2018-14655 (A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Fin
NOT-FOR-US: Keycloak
CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to abuse o ...)
- glusterfs 5.1-1 (bug #912997)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
[jessie] - glusterfs <not-affected> (vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1631576
@@ -209301,7 +209297,6 @@ CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to a
CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulnerable ...)
{DLA-1565-1}
- glusterfs 5.1-1 (bug #912997)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1633431
NOTE: https://review.gluster.org/#/c/glusterfs/+/21528/
@@ -209311,7 +209306,6 @@ CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulne
CVE-2018-14652 (The Gluster file system through versions 3.12 and 4.1.4 is vulnerable ...)
{DLA-1565-1}
- glusterfs 5.0-1 (bug #912997)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632974
NOTE: https://review.gluster.org/#/c/glusterfs/+/21535/
@@ -219546,35 +219540,30 @@ CVE-2018-10931 (It was found that cobbler 2.6.x exposed all functions from its C
CVE-2018-10930 (A flaw was found in RPC request using gfs3_rename_req in glusterfs ser ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612664
NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10929 (A flaw was found in RPC request using gfs2_create_req in glusterfs ser ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612660
NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10928 (A flaw was found in RPC request using gfs3_symlink_req in glusterfs se ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612659
NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10927 (A flaw was found in RPC request using gfs3_lookup_req in glusterfs ser ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612658
NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10926 (A flaw was found in RPC request using gfs3_mknod_req supported by glus ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1613143
NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
@@ -219597,7 +219586,6 @@ CVE-2018-10924 (It was discovered that fsync(2) system call in glusterfs client
CVE-2018-10923 (It was found that the "mknod" call derived from mknod(2) can create fi ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1610659
NOTE: https://github.com/gluster/glusterfs/commit/4bafcc97e812acc854dfc436ade35df0308d5a3e
CVE-2018-10922 (An input validation flaw exists in ttembed. With a crafted input file, ...)
@@ -219638,13 +219626,11 @@ CVE-2018-10915 (A vulnerability was found in libpq, the default PostgreSQL clien
CVE-2018-10914 (It was found that an attacker could issue a xattr request via glusterf ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607617
NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad
CVE-2018-10913 (An information disclosure vulnerability was discovered in glusterfs se ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607618
NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad
CVE-2018-10912 (keycloak before version 4.0.0.final is vulnerable to a infinite loop i ...)
@@ -219652,7 +219638,6 @@ CVE-2018-10912 (keycloak before version 4.0.0.final is vulnerable to a infinite
CVE-2018-10911 (A flaw was found in the way dic_unserialize function of glusterfs does ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601657
NOTE: https://github.com/gluster/glusterfs/commit/cc3271ebf3aacdbbc77fdd527375af78ab12ea8d
CVE-2018-10910 (A bug in Bluez may allow for the Bluetooth Discoverable state being se ...)
@@ -219672,7 +219657,6 @@ CVE-2018-10908 (It was found that vdsm before version 4.20.37 invokes qemu-img o
CVE-2018-10907 (It was found that glusterfs server is vulnerable to multiple stack bas ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601642
NOTE: https://github.com/gluster/glusterfs/commit/35f86ce46240c4f9c216bbc29164ce441cfca1e7
CVE-2018-10906 (In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vuln ...)
@@ -219686,7 +219670,6 @@ CVE-2018-10905 (CloudForms Management Engine (cfme) is vulnerable to an improper
CVE-2018-10904 (It was found that glusterfs server does not properly sanitize file pat ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601298
NOTE: https://github.com/gluster/glusterfs/commit/9716ce88b3a1faf135a6badc02d94249898059dd
CVE-2018-10903 (A flaw was found in python-cryptography versions between >=1.9.0 an ...)
@@ -219990,7 +219973,6 @@ CVE-2018-10842
REJECTED
CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster server node ...)
- glusterfs 4.1.2-1 (bug #901968)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
[jessie] - glusterfs <not-affected> (vulnerable code not present)
NOTE: https://review.gluster.org/#/c/20328/
NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e8d928e34680079e42be6947ffacc4ddd7defca2
@@ -248039,7 +248021,6 @@ CVE-2018-1089 (389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not pr
NOTE: https://www.openwall.com/lists/oss-security/2018/05/07/2
CVE-2018-1088 (A privilege escalation flaw was found in gluster 3.x snapshot schedule ...)
- glusterfs 4.0.2-1 (bug #896128)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
[jessie] - glusterfs <not-affected> (vulnerable code not present)
[wheezy] - glusterfs <not-affected> (vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1558721
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/194a31618ffa294c8b7d03ecf99bd7f672b548b1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/194a31618ffa294c8b7d03ecf99bd7f672b548b1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211031/576cbb03/attachment.htm>
More information about the debian-security-tracker-commits
mailing list