Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5c7f646f by Moritz Muehlenhoff at 2018-08-20T18:43:34Z
stretch triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -168,7 +168,8 @@ CVE-2018-15503 (The unpack implementation in Swoole version
4.0.4 lacks correct
CVE-2018-15502
RESERVED
CVE-2018-15501 (In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6
and 0.27.x ...)
- - libgit2 0.27.4+dfsg.1-0.1
+ - libgit2 0.27.4+dfsg.1-0.1 (low)
+ [stretch] - libgit2 <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406
NOTE:
https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649
CVE-2018-15500
@@ -773,6 +774,7 @@ CVE-2018-15210
RESERVED
CVE-2018-15209 (ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF
4.0.9 allows ...)
- tiff <unfixed> (bug #905798)
+ [stretch] - tiff <postponed> (Can be fixed along in future DSA)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2808
CVE-2018-15208
@@ -3739,6 +3741,7 @@ CVE-2018-14029 (CSRF vulnerability in admin/user/edit in
Creatiwity wityCMS 0.6.
NOT-FOR-US: Creatiwity wityCMS
CVE-2018-14028 (In WordPress 4.9.7, plugins uploaded via the admin area are
not ...)
- wordpress <unfixed> (bug #906565)
+ [stretch] - wordpress <no-dsa> (Minor issue)
[jessie] - wordpress <postponed> (can be fixed with a later update)
NOTE: https://core.trac.wordpress.org/ticket/44710
NOTE:
https://rastating.github.io/unrestricted-file-upload-via-plugin-uploader-in-wordpress/
@@ -9284,6 +9287,7 @@ CVE-2018-11772
RESERVED
CVE-2018-11771 (When reading a specially crafted ZIP archive, the read method
of ...)
- libcommons-compress-java <unfixed> (bug #906301)
+ [stretch] - libcommons-compress-java <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2018/08/16/2
CVE-2018-11770 (From version 1.3.0 onward, Apache Spark's standalone master
exposes a ...)
NOT-FOR-US: Apache Spark
@@ -18925,9 +18929,11 @@ CVE-2018-8021
RESERVED
CVE-2018-8020 (Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a
flaw ...)
- tomcat-native 1.2.17-1
+ [stretch] - tomcat-native <no-dsa> (Minor issue)
NOTE: https://svn.apache.org/r1832863
CVE-2018-8019 (When using an OCSP responder Apache Tomcat Native 1.2.0 to
1.2.16 and ...)
- tomcat-native 1.2.17-1
+ [stretch] - tomcat-native <no-dsa> (Minor issue)
NOTE: https://svn.apache.org/r1832832
CVE-2018-8018 (Apache Ignite 2.5 and earlier serialization mechanism does not
have a ...)
NOT-FOR-US: Apache Ignite
@@ -31268,6 +31274,7 @@ CVE-2017-1000434 (Wordpress plugin Furikake version
0.1.0 is vulnerable to an Op
CVE-2017-1000433 (pysaml2 version 4.4.0 and older accept any password when run
with ...)
{DLA-1410-1}
- python-pysaml2 <unfixed> (bug #886423)
+ [stretch] - python-pysaml2 <no-dsa> (Minor issue)
NOTE: https://github.com/rohe/pysaml2/issues/451
NOTE: Fixed by:
https://github.com/rohe/pysaml2/commit/6312a41e037954850867f29d329e5007df1424a5
CVE-2017-1000432 (Vanilla Forums below 2.1.5 are affected by CSRF leading to
Deleting ...)
=====================================
data/dsa-needed.txt
=====================================
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -65,6 +65,8 @@ openjpeg2 (luciano)
openssh (seb)
User enumeration vulnerability
--
+openssh
+--
otrs2
--
passenger
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5c7f646f0e6c5f4f5372ce5f3f528145eb739255
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5c7f646f0e6c5f4f5372ce5f3f528145eb739255
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
