Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9e17c72b by Chris Lamb at 2018-11-08T07:49:38Z
Correct "negligible" typos.
- - - - -
9357fb31 by Chris Lamb at 2018-11-08T07:50:34Z
Triage CVE-2018-18897 (poppler) for jessie LTS; memork leak has negligible
security impact.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -422,7 +422,8 @@ CVE-2018-18898
RESERVED
CVE-2018-18897 (An issue was discovered in Poppler 0.71.0. There is a memory
leak in ...)
- poppler <unfixed> (low; bug #913164)
- [stretch] - poppler <ignored> (Negligable security impact)
+ [jessie] - poppler <ignored> (Negligible security impact; memory leak)
+ [stretch] - poppler <ignored> (Negligible security impact)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/654
CVE-2018-18896
RESERVED
@@ -749,7 +750,7 @@ CVE-2018-18752 (Webiness Inventory 2.3 suffers from an
Arbitrary File upload ...
CVE-2018-18751 (An issue was discovered in GNU gettext 0.19.8. There is a
double free ...)
- gettext <unfixed> (unimportant; bug #913173)
NOTE:
https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=commitdiff;h=dce3a16e5e9368245735e29bf498dcd5e3e474a4
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2018-18750
RESERVED
CVE-2018-18749 (data-tools through 2017-07-26 has an Integer Overflow leading
to an ...)
@@ -18802,7 +18803,7 @@ CVE-2018-11646 (webkitFaviconDatabaseSetIconForPageURL
and ...)
CVE-2018-11645 (psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the
status ...)
{DLA-1504-1}
- ghostscript 9.21~dfsg-1 (low)
- [stretch] - ghostscript <ignored> (Negligable impact)
+ [stretch] - ghostscript <ignored> (Negligible impact)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697193
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b60d50b7567369ad856cebe1efb6cd7dd2284219
(9.21rc1)
CVE-2018-11644
@@ -25164,7 +25165,7 @@ CVE-2018-9253
CVE-2018-9252 (JasPer 2.0.14 allows denial of service via a reachable
assertion in the ...)
- jasper <removed> (unimportant)
NOTE: https://github.com/mdadams/jasper/issues/173
- NOTE: Negligable impact
+ NOTE: Negligible impact
CVE-2018-9251 (The xz_decomp function in xzlib.c in libxml2 2.9.8, if
--with-lzma is ...)
- libxml2 <not-affected> (Fix for CVE-2017-18258 not applied, cf. bug
#895195)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=794914
@@ -25644,7 +25645,7 @@ CVE-2018-9056 (Systems with microprocessors utilizing
speculative execution may
CVE-2018-9055 (JasPer 2.0.14 allows denial of service via a reachable
assertion in the ...)
- jasper <removed> (unimportant)
NOTE: https://github.com/mdadams/jasper/issues/172
- NOTE: Negligable impact
+ NOTE: Negligible impact
CVE-2018-9054 (In Windows Master (aka Windows Optimization Master)
7.99.13.604, the ...)
NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9053 (In Windows Master (aka Windows Optimization Master)
7.99.13.604, the ...)
@@ -28108,7 +28109,7 @@ CVE-2018-8051
CVE-2018-8050 (The af_get_page() function in lib/afflib_pages.cpp in AFFLIB
(aka ...)
- afflib 3.7.16-3 (unimportant; bug #892599)
NOTE:
https://github.com/sshock/AFFLIBv3/commit/435a2ca802358a3debb6d164d2c33049131df81c
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2018-8049 (The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before
...)
NOT-FOR-US: Unisys Stealth SVG
CVE-2018-8048 (In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML
...)
@@ -28132,7 +28133,7 @@ CVE-2018-8043 (The unimac_mdio_probe function in
drivers/net/phy/mdio-bcm-unimac
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://git.kernel.org/linus/297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5
- NOTE: Negligable security impact, only enabled on armhf
+ NOTE: Negligible security impact, only enabled on armhf
CVE-2018-8042 (Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop
credential ...)
NOT-FOR-US: Apache Ambari
CVE-2018-8041 (Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through
2.21.1 and ...)
@@ -42193,20 +42194,20 @@ CVE-2017-17786 (In GIMP 2.8.22, there is a heap-based
buffer over-read in ReadIm
NOTE:
https://git.gnome.org/browse/gimp/commit/?id=8ea316667c8a3296bce2832b3986b58d0fdfc077
(master)
NOTE:
https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=ef9c821fff8b637a2178eab1c78cae6764c50e12
(gimp-2-8)
NOTE:
https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=22e2571c25425f225abdb11a566cc281fca6f366
(gimp-2-8)
- NOTE: Crash in desktop tool, no/negligable security impact
+ NOTE: Crash in desktop tool, no/negligible security impact
CVE-2017-17788 (In GIMP 2.8.22, there is a stack-based buffer over-read in ...)
{DSA-4077-1 DLA-1220-1}
- gimp 2.8.20-1.1 (unimportant; bug #885347)
NOTE:
https://git.gnome.org/browse/gimp/commit/?id=702c4227e8b6169f781e4bb5ae4b5733f51ab126
(master)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790783
- NOTE: Crash in desktop tool, no/negligable security impact
+ NOTE: Crash in desktop tool, no/negligible security impact
CVE-2017-17784 (In GIMP 2.8.22, there is a heap-based buffer over-read in
load_image in ...)
{DSA-4077-1 DLA-1220-1}
- gimp 2.8.20-1.1 (unimportant; bug #884925)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790784
NOTE:
https://git.gnome.org/browse/gimp/commit/?id=06d24a79af94837d615d0024916bb95a01bf3c59
(master)
NOTE:
https://git.gnome.org/browse/gimp/commit/?id=c57f9dcf1934a9ab0cd67650f2dea18cb0902270
(gimp-2-8)
- NOTE: Crash in desktop tool, no/negligable security impact
+ NOTE: Crash in desktop tool, no/negligible security impact
CVE-2017-17789 (In GIMP 2.8.22, there is a heap-based buffer overflow in ...)
{DSA-4077-1 DLA-1220-1}
- gimp 2.8.20-1.1 (bug #884837)
@@ -42221,7 +42222,7 @@ CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based
buffer over-read in ...)
NOTE:
https://git.gnome.org/browse/GIMP/commit/?id=eb2980683e6472aff35a3117587c4f814515c74d
(master)
NOTE:
https://git.gnome.org/browse/GIMP/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d
(gimp-2-8)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790853
- NOTE: Crash in desktop tool, no/negligable security impact
+ NOTE: Crash in desktop tool, no/negligible security impact
CVE-2017-17760 (OpenCV 3.3.1 has a Buffer Overflow in the
cv::PxMDecoder::readData ...)
{DLA-1438-1 DLA-1235-1}
- opencv <unfixed> (bug #885843)
@@ -61384,7 +61385,7 @@ CVE-2017-14176 (Bazaar through 2.7.0, when Subprocess
SSH is used, allows remote
CVE-2017-14159 (slapd in OpenLDAP 2.4.45 and earlier creates a PID file after
dropping ...)
- openldap <unfixed> (unimportant)
NOTE: http://www.openldap.org/its/index.cgi?findid=8703
- NOTE: Negligable security impact, but filed #877512
+ NOTE: Negligible security impact, but filed #877512
CVE-2017-14158 (Scrapy 1.4 allows remote attackers to cause a denial of
service (memory ...)
- python-scrapy <unfixed> (bug #875947)
[stretch] - python-scrapy <no-dsa> (Minor issue)
@@ -62475,7 +62476,7 @@ CVE-2017-13761 (The Fastly CDN module before 1.2.26 for
Magento2, when used with
CVE-2017-13760 (In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat
image in ...)
- sleuthkit 4.4.2-3 (unimportant; bug #873724)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/906
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2017-13759
RESERVED
CVE-2017-13758 (In ImageMagick 7.0.6-10, there is a heap-based buffer overflow
in the ...)
@@ -62494,11 +62495,11 @@ CVE-2017-13757 (The Binary File Descriptor (BFD)
library (aka libbfd), as distri
CVE-2017-13756 (In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image
triggers ...)
- sleuthkit 4.4.2-3 (unimportant; bug #873725)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/914
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2017-13755 (In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660
image ...)
- sleuthkit 4.4.2-3 (unimportant; bug #873726)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/913
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2017-13754 (Cross-site scripting (XSS) vulnerability in the "advanced
settings - ...)
NOT-FOR-US: Wibu-Systems
CVE-2016-10507 (Integer overflow vulnerability in the bmp24toimage function in
...)
@@ -67494,7 +67495,7 @@ CVE-2017-12146 (The driver_override implementation in
drivers/base/platform.c in
NOTE: Fixed by:
https://git.kernel.org/linus/6265539776a0810b7ce6398c27866ddb9c6bd154
(v4.13-rc1)
CVE-2017-12145 (In libquicktime 1.2.4, an allocation failure was found in the
function ...)
- libquicktime <unfixed> (unimportant)
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2017-12144 (In ytnef 1.9.2, an allocation failure was found in the
function ...)
- libytnef 1.9.3-1 (bug #870817)
[stretch] - libytnef <no-dsa> (Minor issue)
@@ -67504,7 +67505,7 @@ CVE-2017-12144 (In ytnef 1.9.2, an allocation failure
was found in the function
NOTE:
https://github.com/ohwgiles/ytnef/commit/a341b7f1bf8a2c59ece89f2d6cdc09856d501cc0
CVE-2017-12143 (In libquicktime 1.2.4, an allocation failure was found in the
function ...)
- libquicktime <unfixed> (unimportant)
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2017-12142 (In ytnef 1.9.2, an invalid memory read vulnerability was found
in the ...)
- libytnef 1.9.3-1 (low; bug #870816)
[stretch] - libytnef <no-dsa> (Minor issue)
@@ -68479,7 +68480,7 @@ CVE-2017-11746 (Tenshi 0.15 creates a tenshi.pid file
after dropping privileges
- tenshi <unfixed> (unimportant; bug #871321)
NOTE: https://github.com/inversepath/tenshi/issues/6
NOTE:
https://github.com/inversepath/tenshi/commit/d0e7f28c13ffbd5888b31d6532c2faf78f10f176
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2017-11745
RESERVED
CVE-2017-11744 (In MODX Revolution 2.5.7, the "key" and
"name" parameters in the System ...)
@@ -68825,11 +68826,11 @@ CVE-2017-11656
CVE-2017-11655 (A memory leak was found in the way SIPcrack 0.2 handled
processing of ...)
- sipcrack <unfixed> (unimportant; bug #869803)
NOTE: http://www.openwall.com/lists/oss-security/2017/07/26/1
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2017-11654 (An out-of-bounds read and write flaw was found in the way
SIPcrack 0.2 ...)
- sipcrack <unfixed> (unimportant; bug #869803)
NOTE: http://www.openwall.com/lists/oss-security/2017/07/26/1
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2017-11653 (Razer Synapse 2.20.15.1104 and earlier uses weak permissions
for the ...)
NOT-FOR-US: Razer Synapse
CVE-2017-11652 (Razer Synapse 2.20.15.1104 and earlier uses weak permissions
for the ...)
@@ -82088,7 +82089,7 @@ CVE-2017-7407 (The ourWriteOut function in
tool_writeout.c in curl 7.53.1 might
{DLA-883-1}
- curl 7.52.1-4 (unimportant; bug #859500)
NOTE:
https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2017-7406 (The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL
for any of ...)
NOT-FOR-US: D-Link
CVE-2017-7405 (On the D-Link DIR-615 before v20.12PTb04, once authenticated,
this ...)
@@ -95124,7 +95125,7 @@ CVE-2017-3226 (Das U-Boot is a device bootloader that
can read its configuration
NOTE: in u-boot-tools supports it. Upstream has deprecated it and plans
to remove
NOTE: it in future versions.
NOTE: https://www.kb.cert.org/vuls/id/166743
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2017-3225 (Das U-Boot is a device bootloader that can read its
configuration from ...)
- u-boot <unfixed> (unimportant)
[wheezy] - u-boot <not-affected> (Vulnerable code do not exist)
@@ -95132,7 +95133,7 @@ CVE-2017-3225 (Das U-Boot is a device bootloader that
can read its configuration
NOTE: in u-boot-tools supports it. Upstream has deprecated it and plans
to remove
NOTE: it in future versions.
NOTE: https://www.kb.cert.org/vuls/id/166743
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2017-3224 (Open Shortest Path First (OSPF) protocol implementations may
...)
- quagga <unfixed> (low; bug #871617)
[stretch] - quagga <no-dsa> (Minor issue)
@@ -103584,65 +103585,65 @@ CVE-2016-9401 (popd in bash might allow local users
to bypass the restricted she
CVE-2016-9399 (The calcstepsizes function in jpc_dec.c in JasPer 1.900.22
allows ...)
- jasper <removed> (unimportant)
NOTE: Testcase:
https://github.com/asarubbo/poc/blob/master/00044-jasper-assert-calcstepsizes
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2016-9398 (The jpc_floorlog2 function in jpc_math.c in JasPer before
1.900.17 ...)
- jasper <removed> (unimportant)
NOTE: Testcase:
https://github.com/asarubbo/poc/blob/master/00023-jasper-assert-jpc_floorlog2
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2016-9397 (The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13
allows ...)
- jasper <removed> (unimportant)
NOTE: Testcase:
https://github.com/asarubbo/poc/blob/master/00010-jasper-assert-jpc_dequantize
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2016-9396 (The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer
through ...)
- jasper <removed> (unimportant)
NOTE: Testcase:
https://github.com/asarubbo/poc/blob/master/00004-jasper-assert-JPC_NOMINALGAIN
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2016-9395 (The jas_seq2d_create function in jas_seq.c in JasPer before
1.900.25 ...)
- jasper <removed> (unimportant)
NOTE: Fix:
https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a
NOTE: Testcase:
https://github.com/asarubbo/poc/blob/master/00043-jasper-assert-jas_matrix_t
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2016-9394 (The jas_seq2d_create function in jas_seq.c in JasPer before
1.900.17 ...)
- jasper <removed> (unimportant)
NOTE: Fix:
https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330
NOTE: Testcase:
https://github.com/asarubbo/poc/blob/master/00016-jasper-assert-jas_matrix_t
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2016-9393 (The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before
1.900.17 ...)
- jasper <removed> (unimportant)
NOTE: Fix:
https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330
NOTE: Testcase:
https://github.com/asarubbo/poc/blob/master/00013-jasper-assert-jpc_pi_nextrpcl
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2016-9392 (The calcstepsizes function in jpc_dec.c in JasPer before
1.900.17 ...)
- jasper <removed> (unimportant)
NOTE: Fix:
https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330
NOTE: Testcase:
https://github.com/asarubbo/poc/blob/master/00012-jasper-assert-calcstepsizes
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2016-9391 (The jpc_bitstream_getbits function in jpc_bs.c in JasPer before
2.0.10 ...)
- jasper <removed> (unimportant)
NOTE: Fix:
https://github.com/mdadams/jasper/commit/1e84674d95353c64e5c4c0e7232ae86fd6ea813b
NOTE: Testcase:
https://github.com/asarubbo/poc/blob/master/00014-jasper-assert-jpc_bitstream_getbits
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2016-9390 (The jas_seq2d_create function in jas_seq.c in JasPer before
1.900.14 ...)
- jasper <removed> (unimportant)
NOTE: Fix:
https://github.com/mdadams/jasper/commit/ba2b9d000660313af7b692542afbd374c5685865
NOTE: Testcase:
https://github.com/asarubbo/poc/blob/master/00007-jasper-assert-jas_matrix_t
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2016-9389 (The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer
before ...)
- jasper <removed> (unimportant)
NOTE: Fix:
https://github.com/mdadams/jasper/commit/dee11ec440d7908d1daf69f40a3324b27cf213ba
NOTE: Testcase:
https://github.com/asarubbo/poc/blob/master/00006-jasper-assert-jpc_irct
NOTE: Testcase:
https://github.com/asarubbo/poc/blob/master/00008-jasper-assert-jpc_iict
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2016-9388 (The ras_getcmap function in ras_dec.c in JasPer before 1.900.14
allows ...)
- jasper <removed> (unimportant)
NOTE: Fix:
https://github.com/mdadams/jasper/commit/411a4068f8c464e883358bf403a3e25158863823
NOTE: Testcase:
https://github.com/asarubbo/poc/blob/master/00005-jasper-assert-ras_getcmap
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2016-9387 (Integer overflow in the jpc_dec_process_siz function in ...)
- jasper <removed> (unimportant)
NOTE: Fix:
https://github.com/mdadams/jasper/commit/d91198abd00fc435a397fe6bad906a4c1748e9cf
NOTE: Testcase:
https://github.com/asarubbo/poc/blob/master/00003-jasper-assert-jas_matrix_t
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2016-9372 (In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could
loop ...)
- wireshark 2.2.2+g9c5aae3-1
[jessie] - wireshark <not-affected> (Only affects 2.2.x)
@@ -114133,7 +114134,7 @@ CVE-2016-6170 (ISC BIND through 9.9.9-P1, 9.10.x
through 9.10.4-P1, and 9.11.x .
NOTE: Not fixed upstream, proposed patches below are unofficial:
NOTE: Fixed by
https://github.com/sischkg/xfer-limit/blob/master/bind-9.10.3-xfer-limit-0.0.1.patch
NOTE: Fixed by
https://github.com/sischkg/xfer-limit/blob/master/bind-9.9.9-P1-xfer-limit-0.0.1.patch
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2016-6163 (The rsvg_pattern_fix_fallback function in rsvg-paint_server.c
in ...)
- librsvg 2.40.9-2
[jessie] - librsvg <no-dsa> (Minor issue)
@@ -119908,7 +119909,7 @@ CVE-2016-4485 (The llc_cmsg_rcv function in
net/llc/af_llc.c in the Linux kernel
CVE-2016-4484 (The Debian initrd script for the cryptsetup package 2:1.7.3-2
and ...)
- cryptsetup 2:1.7.3-2 (unimportant)
NOTE:
http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
NOTE: in #860981 claimed to still be unresolved as per 2:1.7.3-3
CVE-2016-4481
RESERVED
@@ -125240,7 +125241,7 @@ CVE-2015-8852 (Varnish 3.x before 3.0.7, when used in
certain stacked installati
CVE-2016-XXXX [unsafe use of /tmp]
- wine <unfixed> (unimportant; bug #816034)
- wine-development 3.12-2 (unimportant; bug #903622)
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2016-XXXX [remote memory disclosure]
- node-ws 1.0.1+ds1.e6ddaae4-1 (unimportant)
NOTE: fixed in 1.0.1
@@ -146570,7 +146571,7 @@ CVE-2015-5364 (The (1) udp_recvmsg and (2)
udpv6_recvmsg functions in the Linux
NOTE: http://www.openwall.com/lists/oss-security/2015/06/30/13
CVE-2015-XXXX [uudecode: stack out of bounds read access]
- sharutils <unfixed> (unimportant)
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/06/02/8
CVE-2014-9730 (The udf_pc_to_char function in fs/udf/symlink.c in the Linux
kernel ...)
{DLA-246-1}
@@ -159286,7 +159287,7 @@ CVE-2014-XXXX
- json-glib <unfixed> (unimportant; bug #772585)
[squeeze] - json-glib <not-affected> (Tool not yet present)
[wheezy] - json-glib <not-affected> (Tool not yet present)
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2014-9475 (Cross-site scripting (XSS) vulnerability in thumb.php in
MediaWiki ...)
{DSA-3110-1}
- mediawiki 1:1.19.20+dfsg-2.2 (bug #773654)
@@ -192704,7 +192705,7 @@ CVE-2013-4246 (libsvn_fs_fs/fs_fs.c in Apache
Subversion 1.8.x before 1.8.2 migh
CVE-2013-4245 [Arbitrary code execution due to insecure CWD Python module load]
RESERVED
- gnome-orca <unfixed> (unimportant)
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2013-4244 (The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and
earlier ...)
{DSA-2744-1}
- tiff 4.0.3-3
@@ -194478,7 +194479,7 @@ CVE-2013-3566
CVE-2013-3565 [XSS in HTTP Interface]
RESERVED
- vlc 2.0.7-1 (unimportant)
- NOTE: Negligable impact
+ NOTE: Negligible impact
CVE-2013-3564
RESERVED
CVE-2013-3563 (Stack-based buffer overflow in db_netserver in Lianja SQL
Server ...)
@@ -216252,11 +216253,11 @@ CVE-2012-2092
CVE-2012-2091 (Multiple buffer overflows in FlightGear 2.6 and earlier and
SimGear ...)
- simgear 2.10.0-3 (unimportant; bug #669024)
- flightgear 2.6.0-1.1 (unimportant; bug #669025)
- NOTE: Negligable security impact, very obscure attack vector
+ NOTE: Negligible security impact, very obscure attack vector
CVE-2012-2090 (Multiple format string vulnerabilities in FlightGear 2.6 and
earlier ...)
- simgear 2.10.0-2 (unimportant; bug #669024)
- flightgear 2.6.0-1.1 (unimportant; bug #669025)
- NOTE: Negligable security impact, very obscure attack vector
+ NOTE: Negligible security impact, very obscure attack vector
CVE-2012-2089 (Buffer overflow in ngx_http_mp4_module.c in the
ngx_http_mp4_module ...)
- nginx 1.1.19-1
[squeeze] - nginx <not-affected> (Vulnerable code not present)
@@ -218189,7 +218190,7 @@ CVE-2012-1258
CVE-2012-1257
RESERVED
- pidgin <unfixed> (unimportant)
- NOTE: Negligable local information disclosure
+ NOTE: Negligible local information disclosure
CVE-2012-1256 (The single sign-on (SSO) implementation in EasyVista before ...)
NOT-FOR-US: EasyVista
CVE-2012-1255 (SQL injection vulnerability in Segue 2.2.10.2 and earlier
allows ...)
@@ -219161,10 +219162,10 @@ CVE-2012-0882 (Buffer overflow in yaSSL, as used in
MySQL 5.5.20 and possibly ot
NOTE: limited information about issue, only a video of exploit taking
place
CVE-2012-0881 (Apache Xerces2 Java allows remote attackers to cause a denial
of ...)
- libxerces2-java <unfixed> (unimportant)
- NOTE: Negligable impact for Xerces
+ NOTE: Negligible impact for Xerces
CVE-2012-0880 (Apache Xerces-C++ allows remote attackers to cause a denial of
service ...)
- xerces-c <unfixed> (unimportant)
- NOTE: Negligable impact for Xerces
+ NOTE: Negligible impact for Xerces
CVE-2012-0879 (The I/O implementation for block devices in the Linux kernel
before ...)
{DSA-2469-1}
- linux-2.6 2.6.33-1
@@ -221161,7 +221162,7 @@ CVE-2011-4944 (Python 2.6 through 3.2 creates
~/.pypirc with world-readable ...)
{DLA-25-1}
- python2.7 2.7.3~rc2-2 (low; bug #650555)
- python2.6 2.6.8-1 (unimportant; bug #615118)
- NOTE: Negligable impact
+ NOTE: Negligible impact
CVE-2011-4943
RESERVED
CVE-2011-4942 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -229951,7 +229952,7 @@ CVE-2011-2212 (Buffer overflow in the virtio
subsystem in qemu-kvm 0.14.0 and ea
CVE-2011-2207
RESERVED
- dirmngr <unfixed> (unimportant; bug #627377)
- NOTE: Negligable impact
+ NOTE: Negligible impact
CVE-2011-2206 (XMLParser.pm in DJabberd before 0.85 allows remote
authenticated users ...)
NOT-FOR-US: Djabberd
CVE-2011-2205 (Prosody before 0.8.1 does not properly detect recursion during
entity ...)
@@ -232240,7 +232241,7 @@ CVE-2011-1434 (Google Chrome before 11.0.696.57 does
not ensure thread safety du
- webkit <not-affected> (chromium specific)
CVE-2011-1433 (The (1) AgentInterface and (2) CustomerInterface components in
Open ...)
- otrs2 3.0.8+dfsg1-1 (unimportant)
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2010-4768 (Open Ticket Request System (OTRS) before 2.3.5 does not
properly ...)
- otrs2 2.4.5-1 (low)
[lenny] - otrs2 <no-dsa> (Minor issue)
@@ -232258,10 +232259,10 @@ CVE-2010-4764 (Open Ticket Request System (OTRS)
before 2.4.10, and 3.x before 3
NOTE: Marginal security impact, standard bug
CVE-2010-4763 (The ACL-customer-status Ticket Type setting in Open Ticket
Request ...)
- otrs2 3.0.8+dfsg1-1 (unimportant)
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2010-4762 (Cross-site scripting (XSS) vulnerability in the
rich-text-editor ...)
- otrs2 3.0.8+dfsg1-1 (unimportant)
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2010-4761 (The customer-interface ticket-print dialog in Open Ticket
Request ...)
- otrs2 3.0.8+dfsg1-1 (unimportant)
NOTE: Marginal security impact, standard bug
@@ -232273,7 +232274,7 @@ CVE-2010-4759 (Open Ticket Request System (OTRS)
before 3.0.0-beta7 does not pro
NOTE: No security impact, feature enhancement
CVE-2010-4758 (installer.pl in Open Ticket Request System (OTRS) before 3.0.3
has an ...)
- otrs2 3.0.8+dfsg1-1 (unimportant)
- NOTE: Negligable security enhancement
+ NOTE: Negligible security enhancement
CVE-2009-5057 (The S/MIME feature in Open Ticket Request System (OTRS) before
2.3.4 ...)
- otrs2 2.4.5-1 (low)
[lenny] - otrs2 <no-dsa> (Minor issue)
@@ -235606,7 +235607,7 @@ CVE-2010-4645 (strtod.c, as used in the zend_strtod
function in PHP 5.2 before 5
NOTE: and settings, the bug can't be reproduced.
CVE-2011-XXXX [Crash with long HOME environment variable]
- toppler 1.1.4-2 (unimportant; bug #608979)
- NOTE: Negligable privilege escalation
+ NOTE: Negligible privilege escalation
CVE-2011-XXXX [Crash with long HOME environment variable]
- lbreakout2 <unfixed> (unimportant; bug #608980)
NOTE: sgid games is dropped before buffer overflow
@@ -236301,7 +236302,7 @@ CVE-2011-0083 (Use-after-free vulnerability in the
nsSVGPathSegList::ReplaceItem
CVE-2011-0082 (The X.509 certificate validation functionality in Mozilla
Firefox ...)
- xulrunner <removed> (unimportant)
- iceweasel <removed> (unimportant; bug #627552)
- NOTE: Negligable impact
+ NOTE: Negligible impact
CVE-2011-0081 (Unspecified vulnerability in the browser engine in Mozilla
Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <not-affected> (Only affects Firefox 4.0/3.6, not yet in
unstable)
@@ -246470,7 +246471,7 @@ CVE-2010-1157 (Apache Tomcat 5.5.0 through 5.5.29 and
6.0.0 through 6.0.26 might
{DSA-2207-1}
- tomcat6 6.0.26-5 (bug #587447; unimportant)
- tomcat5.5 <removed> (unimportant)
- NOTE: Negligable information disclosure
+ NOTE: Negligible information disclosure
CVE-2010-1156 (core/nicklist.c in Irssi before 0.8.15 allows remote attackers
to ...)
- irssi 0.8.15-1 (low)
[lenny] - irssi <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/22938f745067befebb59becc50eae5c3abfea3eb...9357fb31e9189a1ade6047da9de9f165e220a67a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/22938f745067befebb59becc50eae5c3abfea3eb...9357fb31e9189a1ade6047da9de9f165e220a67a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
