[Git][security-tracker-team/security-tracker][master] stretch triage

Thu, 04 Oct 2018 13:57:04 -0700 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4e38ad89 by Moritz Muehlenhoff at 2018-10-04T20:56:29Z
stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -328,6 +328,7 @@ CVE-2018-17826 (HisiPHP 1.0.8 allows CSRF via 
admin.php/admin/user/adduser.html
        NOT-FOR-US: HisiPHP
 CVE-2018-17825 (An issue was discovered in AdPlug 2.3.1. There are several 
double-free ...)
        - adplug <unfixed>
+       [stretch] - adplug <no-dsa> (Minor issue)
        NOTE: https://github.com/adplug/adplug/issues/67
        NOTE: 
https://github.com/adplug/adplug/commit/19ebb61bf92262dc1868de10ba5a211db249ce76
 CVE-2018-17824
@@ -3251,7 +3252,8 @@ CVE-2018-16550 (TeamViewer 10.x through 13.x allows 
remote attackers to bypass t
 CVE-2018-16549 (HScripts PHP File Browser Script v1.0 allows Directory 
Traversal via ...)
        NOT-FOR-US: HScripts PHP File Browser Script
 CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a 
memory ...)
-       - zziplib <unfixed>
+       - zziplib <unfixed> (low)
+       [stretch] - zziplib <no-dsa> (Minor issue)
        [jessie] - zziplib <ignored> (Minor issue)
        NOTE: https://github.com/gdraheim/zziplib/issues/58
 CVE-2018-16547
@@ -15230,7 +15232,8 @@ CVE-2018-11776 (Apache Struts versions 2.3 to 2.3.34 
and 2.5 to 2.5.16 suffer fr
        - libstruts1.2-java <not-affected> (Specific to 2.x)
        NOTE: https://cwiki.apache.org/confluence/display/WW/S2-057
 CVE-2018-11775 (TLS hostname verification when using the Apache ActiveMQ 
Client before ...)
-       - activemq 5.15.6-1 (bug #908950)
+       - activemq 5.15.6-1 (low; bug #908950)
+       [stretch] - activemq <no-dsa> (Minor issue)
        NOTE: 
http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt
        NOTE: 
https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=bde7097fb8173cf871827df7811b3865679b963d
        NOTE: 
https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=02971a40e281713a8397d3a1809c164b594abfbb
@@ -76769,6 +76772,7 @@ CVE-2017-7894 (WinDjView 2.1 might allow user-assisted 
attackers to execute code
        NOT-FOR-US: WinDjView
 CVE-2017-7893 (In SaltStack Salt before 2016.3.6, compromised salt-minions can 
...)
        - salt 2016.11.5+ds-1
+       [stretch] - salt <no-dsa> (Minor issue)
        NOTE: https://docs.saltstack.com/en/2017.7/topics/releases/2016.3.6.html
        NOTE: https://github.com/saltstack/salt/issues/48939
        NOTE: 
https://github.com/saltstack/salt/commit/0a0f46fb1478be5eb2f90882a90390cb35ec43cb



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e38ad8905c952471a74d7f5573641591656e5e2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e38ad8905c952471a74d7f5573641591656e5e2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to