Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bdeff3da by Moritz Muehlenhoff at 2019-01-29T23:19:22Z
one nagios issue unimportant
yum commits
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21635,11 +21635,12 @@ CVE-2018-18246 (Icinga Web 2 before 2.6.2 has CSRF
via ...)
NOTE:
https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180027.txt
CVE-2018-18245 (Nagios Core 4.4.2 has XSS via the alert summary reports of
plugin ...)
{DLA-1615-1}
- - nagios4 <unfixed> (bug #917138)
- - nagios3 <removed>
+ - nagios4 <unfixed> (unimportant; bug #917138)
+ - nagios3 <removed> (unimportant)
NOTE:
https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180026.txt
NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/602
NOTE: Fixed by:
https://github.com/NagiosEnterprises/nagioscore/commit/0329033db9a1d0954c304f209ea88824e8f78b8a
+ NOTE: No real security impact, plugins need to be trusted to begin with
CVE-2018-18244 (Cross-site scripting in syslog.html in VIVOTEK Network Camera
Series ...)
NOT-FOR-US: VIVOTEK Network Camera
CVE-2018-18243
@@ -40756,6 +40757,9 @@ CVE-2018-10897 (A directory traversal issue was found
in reposync, a part of ...
[stretch] - yum-utils <ignored> (Minor issue)
[jessie] - yum-utils <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1600221
+ NOTE:
https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c
+ NOTE:
https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c
+ NOTE: https://github.com/rpm-software-management/yum-utils/pull/43
CVE-2018-10896 (The default cloud-init configuration, in cloud-init 0.6.2 and
newer, ...)
NOT-FOR-US: Red Hat-specific packaging flaw of cloud-init default config
CVE-2018-10895 (qutebrowser before version 1.4.1 is vulnerable to a cross-site
request ...)
@@ -47971,6 +47975,7 @@ CVE-2017-18227 (TitanHQ WebTitan Gateway has incorrect
certificate validation fo
NOT-FOR-US: TitanHQ WebTitan Gateway
CVE-2017-18226 (The Gentoo net-im/jabberd2 package through 2.6.1 sets the
ownership of ...)
- jabberd2 <unfixed> (low; bug #902783)
+ [buster] - jabberd2 <no-dsa> (Minor issue, default init system not
affected)
[stretch] - jabberd2 <no-dsa> (Minor issue, default init system not
affected)
NOTE: https://bugs.gentoo.org/631068
CVE-2017-18225 (The Gentoo net-im/jabberd2 package through 2.6.1 installs
jabberd, ...)
@@ -96005,6 +96010,7 @@ CVE-2017-9272 (The Bi-directional driver in IDM 4.5
before 4.0.3.0 could be ...)
NOT-FOR-US: IDM
CVE-2017-9271 (The commandline package update tool zypper writes HTTP proxy
...)
- zypper <unfixed> (low)
+ [buster] - zypper <ignored> (Minor issue)
[jessie] - zypper <ignored> (Minor issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1050625
CVE-2017-9270 (In cryptctl before version 2.0 a malicious server could send
RPC ...)
@@ -238613,6 +238619,7 @@ CVE-2012-1097 (The regset (aka register set) feature
in the Linux kernel before
CVE-2012-1096
RESERVED
- network-manager <unfixed> (low; bug #684259)
+ [buster] - network-manager <ignored> (Minor issue)
[stretch] - network-manager <ignored> (Minor issue)
[jessie] - network-manager <ignored> (Minor issue)
[wheezy] - network-manager <ignored> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bdeff3da368f71f977366fb5f8b941b5c55caf31
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bdeff3da368f71f977366fb5f8b941b5c55caf31
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
