Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cc85dabb by Ola Lundqvist at 2018-11-14T20:22:30Z
Triage results.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -459,6 +459,7 @@ CVE-2018-19209 (Netwide Assembler (NASM) 2.14rc15 has a
NULL pointer dereference
CVE-2018-19208 (In libwpd 0.10.2, there is a NULL pointer dereference in the
function ...)
- libwpd <unfixed> (low; bug #913702)
[stretch] - libwpd <no-dsa> (Minor issue)
+ [jessie] - libwpd <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643752
NOTE: Patch used in Fedora:
https://src.fedoraproject.org/rpms/libwpd/raw/e42834b844f3282d8ccb0889abf1b33f3f71e02f/f/0001-Resolves-rhbz-1643752-bounds-check-m_currentTable-ac.patch
CVE-2018-19204 (PRTG Network Monitor before 18.3.44.2054 allows a remote
authenticated ...)
@@ -1044,6 +1045,7 @@ CVE-2018-18957 (An issue has been found in libIEC61850
v1.3. It is a stack-based
NOT-FOR-US: libIEC61850
CVE-2018-18956 (The ProcessMimeEntity function in util-decode-mime.c in
Suricata 4.x ...)
- suricata <unfixed>
+ [jessie] - suricata <not-affected> (Vulnerable code not present, no
MIME support in this version)
NOTE:
https://lists.openinfosecfoundation.org/pipermail/oisf-users/2018-October/016227.html
NOTE: https://redmine.openinfosecfoundation.org/issues/2658#change-10374
CVE-2018-18955 [userns: also map extents in the reverse map to kernel IDs]
@@ -3609,6 +3611,7 @@ CVE-2018-17960 [ckeditor XSS]
RESERVED
- ckeditor 4.11.1+dfsg-1 (low)
[stretch] - ckeditor <no-dsa> (Minor issue)
+ [jessie] - ckeditor <ignored> (Minor issue)
- fckeditor <removed>
CVE-2018-17959
RESERVED
@@ -3862,16 +3865,19 @@ CVE-2018-17849 (Navigate CMS 2.8 has Stored XSS via a
navigate_upload.php (aka F
CVE-2018-17848 (The html package (aka x/net/html) through 2018-09-25 in Go
mishandles ...)
- golang-golang-x-net-dev <unfixed> (bug #911795)
- golang-go.net-dev <removed>
+ [jessie] - golang-go.net-dev <ignored> (Minor issue)
NOTE: https://github.com/golang/go/issues/27846
TODO: check, possibly introduced in later versions
CVE-2018-17847 (The html package (aka x/net/html) through 2018-09-25 in Go
mishandles ...)
- golang-golang-x-net-dev <unfixed> (bug #911795)
- golang-go.net-dev <removed>
+ [jessie] - golang-go.net-dev <ignored> (Minor issue)
NOTE: https://github.com/golang/go/issues/27846
TODO: check, possibly introduced in later versions
CVE-2018-17846 (The html package (aka x/net/html) through 2018-09-25 in Go
mishandles ...)
- golang-golang-x-net-dev <unfixed> (bug #911795)
- golang-go.net-dev <removed>
+ [jessie] - golang-go.net-dev <ignored> (Minor issue)
NOTE: https://github.com/golang/go/issues/27842
TODO: check, possibly introduced in later versions
CVE-2018-17845
=====================================
data/dla-needed.txt
=====================================
@@ -88,6 +88,8 @@ systemd (Antoine Beaupre)
--
tiff (Brian May)
--
+uriparser
+--
xen
--
xml-security-c
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc85dabb2d62a2208b02a9e528b974b045cd62cf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc85dabb2d62a2208b02a9e528b974b045cd62cf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
