Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
df160c16 by Ola Lundqvist at 2018-09-21T18:44:01Z
Triage results.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,6 +19,7 @@ CVE-2018-17295
CVE-2018-17294 (The matchCurrentInput function inside lou_translateString.c of
Liblouis ...)
- liblouis 3.7.0-1
[stretch] - liblouis <no-dsa> (Minor issue)
+ [jessie] - liblouis <ignore> (Minor issue)
NOTE:
https://github.com/liblouis/liblouis/commit/5e4089659bb49b3095fa541fa6387b4c40d7396e
NOTE: https://github.com/liblouis/liblouis/issues/635
CVE-2018-17293 (An issue was discovered in WAVM before 2018-09-16. The run
function in ...)
@@ -144,10 +145,12 @@ CVE-2018-17237 (A SIGFPE signal is raised in the function
H5D__chunk_set_info_re
CVE-2018-17236 (The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0
internally ...)
- mp4v2 <unfixed> (bug #909277)
[stretch] - mp4v2 <no-dsa> (Minor issue)
+ [jessie] - mp4v2 <ignore> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629453
CVE-2018-17235 (The function mp4v2::impl::MP4Track::FinishSdtp() in
mp4track.cpp in ...)
- mp4v2 <unfixed> (bug #909278)
[stretch] - mp4v2 <no-dsa> (Minor issue)
+ [jessie] - mp4v2 <ignore> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629451
CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in
H5Ocache.c in ...)
- hdf5 <undetermined>
@@ -212,16 +215,19 @@ CVE-2018-17207 (An issue was discovered in Snap Creek
Duplicator before 1.2.42.
NOT-FOR-US: Snap Creek Duplicator
CVE-2018-17206 (An issue was discovered in Open vSwitch (OvS) 2.7.x through
2.7.6. The ...)
- openvswitch <unfixed>
+ [jessie] - openvswitch <not-affected> (Vulnerable code does not exist)
NOTE:
https://github.com/openvswitch/ovs/commit/5026a263d7846077eee540de42192d27da513226
(master)
NOTE:
https://github.com/openvswitch/ovs/commit/20626d38c1a1d4cebb5a6911ea3cb6a7f4f993f8
(branch-2.8)
NOTE:
https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8
(branch-2.7)
CVE-2018-17205 (An issue was discovered in Open vSwitch (OvS) 2.7.x through
2.7.6, ...)
- openvswitch <unfixed>
+ [jessie] - openvswitch <not-affected> (Vulnerable code does not exist)
NOTE:
https://github.com/openvswitch/ovs/commit/9a0ac025de9303334688ff08f01fc08604d2f624
(master)
NOTE:
https://github.com/openvswitch/ovs/commit/638d406e3b647359f3d82189d7a6ee56b4a54928
(branch-2.8)
NOTE:
https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6
(branch-2.7)
CVE-2018-17204 (An issue was discovered in Open vSwitch (OvS) 2.7.x through
2.7.6, ...)
- openvswitch <unfixed>
+ [jessie] - openvswitch <not-affected> (Vulnerable code does not exist)
NOTE:
https://github.com/openvswitch/ovs/commit/9740d81d94888cb158fa99a9366fe2b32b3e4aaa
(master)
NOTE:
https://github.com/openvswitch/ovs/commit/8976ea1d680ab7a2d726a50e5666aa8fefd24168
(branch-2.8)
NOTE:
https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde
(branch-2.7)
=====================================
data/dla-needed.txt
=====================================
@@ -77,6 +77,13 @@ phpldapadmin (Mike Gabriel)
polarssl (Mike Gabriel)
NOTE: 20180902: The no-dsa/postponed issues could be fixed as well. (apo)
--
+python2.7
+--
+salt
+ NOTE: CVE-2017-7893 is not crucial since the managed system must be
+ NOTE: compromised first. But the security escalation effect can cause
+ NOTE: a lot of system compromised.
+--
samba (Holger Levsen)
--
smarty3 (Mike Gabriel)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/df160c16fc6d33bb4c682112747bbeded8eb563d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/df160c16fc6d33bb4c682112747bbeded8eb563d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
