Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d14f475b by Ola Lundqvist at 2018-12-12T22:59:43Z
Triage results.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1149,6 +1149,7 @@ CVE-2018-19971
RESERVED
CVE-2018-19970 (In phpMyAdmin before 4.8.4, an XSS vulnerability was found in
the ...)
- phpmyadmin <unfixed>
+ [jessie] - phpmyadmin <postponed> (Minor issue, can be worth fixing
together with other issues)
NOTE: https://www.phpmyadmin.net/security/PMASA-2018-8/
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/b293ff5f234ef493336ed8638f623a12164d359e
CVE-2018-19969 (phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are
affected by a ...)
@@ -12686,6 +12687,7 @@ CVE-2018-16877
CVE-2018-16876 [Information disclosure in vvv+ mode with no_log on]
RESERVED
- ansible <unfixed> (bug #916102)
+ [jessie] - ansible <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ansible/ansible/pull/49569
NOTE:
https://github.com/ansible/ansible/commit/4c6d714aefb05366cb329e139214c89ebb364899
CVE-2018-16875
@@ -16303,6 +16305,7 @@ CVE-2018-15518 [Qt Base: "double free or corruption" in
QXmlStreamReader]
RESERVED
[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
- qtbase-opensource-src <unfixed>
+ [jessie] - qtbase-opensource-src <ignored> (Minor issue)
NOTE:
https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
NOTE: https://codereview.qt-project.org/#/c/236691/
TODO: check for completeness
=====================================
data/dla-needed.txt
=====================================
@@ -85,6 +85,10 @@ linux (Ben Hutchings)
--
linux-4.9 (Ben Hutchings)
--
+nss
+ NOTE: 20181212: Bug report not public but it is likely that the package is
vulnerable. Maintainer not contacted
+ NOTE: 20181212: yet. Further investigation needed.
+--
openjpeg2 (Hugo Lefeuvre)
NOTE: working a second batch of patches to fix the remaining issues worth
taking time.
NOTE: The rest will wait for upstream patches/no-dsa
@@ -98,6 +102,8 @@ pdns-recursor (Abhijith PA)
php5 (Roberto C. Sánchez)
NOTE: 20181210: Upstream released 5.6.39 just a few days ago, that version
will be packaged (roberto)
--
+phpmyadmin
+--
polarssl
NOTE: 20121207: Not 100% sure if vulnerable. Upstream would prefer us to
move to latest version, etc. (!). (lamby)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d14f475baa4e068e52bd1681a9c05e3ccd006a12
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d14f475baa4e068e52bd1681a9c05e3ccd006a12
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
