Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
617038f2 by Moritz Muehlenhoff at 2018-07-17T08:01:53+02:00
stable triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -168,9 +168,11 @@ CVE-2018-14241
RESERVED
CVE-2018-14326 (In MP4v2 2.0.0, there is an integer overflow (with resultant
memory ...)
- mp4v2 <unfixed>
+ [stretch] - mp4v2 <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2018/07/16/1
CVE-2018-14325 (In MP4v2 2.0.0, there is an integer underflow (with resultant
memory ...)
- mp4v2 <unfixed>
+ [stretch] - mp4v2 <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2018/07/16/1
CVE-2018-14240
RESERVED
@@ -1207,6 +1209,7 @@ CVE-2018-1000611 (SURFnet OpenConext EngineBlock version
5.7.0 to 5.7.3 contains
NOT-FOR-US: SURFnet OpenConext EngineBlock
CVE-2018-1000622 (The Rust Programming Language rustdoc version Between 0.8
and 1.27.0 ...)
- rustc <unfixed>
+ [stretch] - rustc <ignored> (Minor issue, can be fixed along in future
rustc update for ESR69)
NOTE:
https://groups.google.com/forum/#!topic/rustlang-security-announcements/4ybxYLTtXuM
CVE-2018-13787 (Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1,
A2, and ...)
NOT-FOR-US: Supermicro
@@ -3818,7 +3821,8 @@ CVE-2018-1000522
CVE-2018-1000521 (BigTree-CMS contains a Cross Site Scripting (XSS)
vulnerability in ...)
NOT-FOR-US: BigTree-CMS
CVE-2018-1000520 (ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite
Allows ...)
- - mbedtls <unfixed>
+ - mbedtls <unfixed> (low)
+ [stretch] - mbedtls <no-dsa> (Minor issue)
- polarssl <removed>
NOTE: https://github.com/ARMmbed/mbedtls/issues/1561
CVE-2018-1000519 (aio-libs aiohttp-session contains a Session Fixation
vulnerability in ...)
@@ -32229,6 +32233,7 @@ CVE-2017-17690
RESERVED
CVE-2017-17689 (The S/MIME specification allows a Cipher Block Chaining (CBC)
...)
- thunderbird <unfixed> (bug #898631)
+ [stretch] - thunderbird <postponed> (Wait until fixed in upstream
release)
- evolution <unfixed> (bug #898633)
- kmail <unfixed> (bug #898634)
- kf5-messagelib <unfixed> (bug #899127)
@@ -37468,7 +37473,8 @@ CVE-2018-0739 (Constructed ASN.1 types with a recursive
definition (such as can
{DSA-4158-1 DSA-4157-1 DLA-1330-1}
- openssl 1.1.0h-1
- openssl1.0 1.0.2o-1
- - libtomcrypt 1.18.2-1
+ - libtomcrypt 1.18.2-1 (low)
+ [stretch] - libtomcrypt <no-dsa> (Minor issue)
NOTE: https://www.openssl.org/news/secadv/20180327.txt
NOTE: OpenSSL_1_1_0-stable:
https://git.openssl.org/?p=openssl.git;a=commit;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33
NOTE: OpenSSL_1_0_2-stable:
https://git.openssl.org/?p=openssl.git;a=commit;h=9310d45087ae546e27e61ddf8f6367f29848220d
=====================================
data/dsa-needed.txt
=====================================
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -51,7 +51,6 @@ mailman
mariadb-10.1/stable
--
mercurial
- 2018-06-07: jessie update proposed by anarcat in
https://lists.debian.org/[email protected]
--
mosquitto (seb)
2018-02-27: Roger Light provided a debdiff targetting stretch, needs review
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/617038f2a055c00cdd92b9384e3c9a85fe8cbb86
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/617038f2a055c00cdd92b9384e3c9a85fe8cbb86
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
