[Git][security-tracker-team/security-tracker][master] new k8s issue

Thu, 20 Dec 2018 04:31:27 -0800 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b87e6d01 by Moritz Muehlenhoff at 2018-12-20T12:30:01Z
new k8s issue
two freerdp issues specific to freerdp2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -184,6 +184,7 @@ CVE-2018-20231 (Cross Site Request Forgery (CSRF) in the 
two-factor-authenticati
        NOT-FOR-US: two-factor-authentication plugin for WordPress
 CVE-2018-20230 (An issue was discovered in PSPP 1.2.0. There is a heap-based 
buffer ...)
        - pspp <unfixed> (bug #916902)
+       [stretch] - pspp <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1660318
 CVE-2018-20229
        RESERVED
@@ -28703,7 +28704,8 @@ CVE-2018-11709 (wpforo_get_request_uri in 
wpf-includes/functions.php in the wpFo
 CVE-2018-11708
        RESERVED
 CVE-2018-1002101 (In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 
1.11.0-1.11.1, ...)
-       TODO: check
+       - kubernetes <unfixed>
+       NOTE: https://github.com/kubernetes/kubernetes/issues/65750
 CVE-2016-1000343 (In the Bouncy Castle JCE Provider version 1.55 and earlier 
the DSA key ...)
        {DLA-1418-1}
        - bouncycastle 1.56-1
@@ -36488,10 +36490,12 @@ CVE-2018-8786 (FreeRDP prior to version 2.0.0-rc4 
contains an Integer Truncation
 CVE-2018-8785 (FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer 
...)
        - freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
        - freerdp <removed>
+       [stretch] - freerdp <not-affected> (Vulnerable code not present, zgfx 
not yet supported)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d
 CVE-2018-8784 (FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer 
...)
        - freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
        - freerdp <removed>
+       [stretch] - freerdp <not-affected> (Vulnerable code not present, zgfx 
not yet supported)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7
 CVE-2018-8783
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b87e6d01c57164c0096514e7ff4f993504918aaa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b87e6d01c57164c0096514e7ff4f993504918aaa
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to