[Git][security-tracker-team/security-tracker][master] stretch triage

Moritz Muehlenhoff Mon, 29 Oct 2018 14:23:19 -0700

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
584185ce by Moritz Muehlenhoff at 2018-10-29T21:22:43Z
stretch triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -191,8 +191,9 @@ CVE-2018-18720 (An XSS issue was discovered in 
index.php/admin/system/basic in Y
 CVE-2018-18719
        RESERVED
 CVE-2018-18718 (An issue was discovered in gThumb through 3.6.2. There is a 
double-free ...)
-       - gthumb <unfixed>
+       - gthumb <unfixed> (unimportant)
        NOTE: https://gitlab.gnome.org/GNOME/gthumb/issues/18
+       NOTE: Crash in end user application, no security impact
 CVE-2018-18717 (An issue was discovered in Eleanor CMS through 2015-03-19. XSS 
exists ...)
        NOT-FOR-US: Eleanor CMS
 CVE-2018-18716
@@ -4901,7 +4902,9 @@ CVE-2018-16791
        RESERVED
 CVE-2018-16790 (_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as 
used in ...)
        - libbson <unfixed>
+       [stretch] - libbson <no-dsa> (Minor issue)
        NOTE: https://jira.mongodb.org/browse/CDRIVER-2819
+       NOTE: 
https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84
 CVE-2018-16789
        RESERVED
 CVE-2018-16788
@@ -26714,7 +26717,8 @@ CVE-2018-8294 (A remote code execution vulnerability 
exists in the way that the
 CVE-2018-8293
        RESERVED
 CVE-2018-8292 (An information disclosure vulnerability exists in .NET Core 
when ...)
-       - mono <unfixed>
+       NOT-FOR-US: .dotnet CoreFX
+       NOTE: 
https://github.com/dotnet/corefx/commit/56aae8a7076f283e334b88f642ef6bb7c59e02c3
 CVE-2018-8291 (A remote code execution vulnerability exists in the way the 
scripting ...)
        NOT-FOR-US: Microsoft
 CVE-2018-8290 (A remote code execution vulnerability exists in the way that 
the ...)
@@ -49832,7 +49836,9 @@ CVE-2018-0736
        RESERVED
 CVE-2018-0735 (The OpenSSL ECDSA signature algorithm has been shown to be 
vulnerable ...)
        - openssl <unfixed>
+       [stretch] - openssl <postponed> (Wait for next DSA and upstream release)
        - openssl1.0 <unfixed>
+       [stretch] - openssl1.0 <postponed> (Wait for next DSA and upstream 
release)
        NOTE: https://www.openssl.org/news/secadv/20181029.txt
        NOTE: OpenSSL_1_1_1-stable: 
https://git.openssl.org/?p=openssl.git;a=commit;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4
        NOTE: OpenSSL_1_1_0-stable: 
https://git.openssl.org/?p=openssl.git;a=commit;h=56fb454d281a023b3f950d969693553d3f3ceea1


=====================================
data/dsa-needed.txt
=====================================
@@ -68,3 +68,5 @@ sssd
 --
 symfony
 --
+tiff
+--



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/584185ce350a491fbc9dd7800c72d403eaa848bf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/584185ce350a491fbc9dd7800c72d403eaa848bf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] stretch triage

Reply via email to