[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff Fri, 01 Feb 2019 16:05:56 -0800

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f70866c1 by Moritz Muehlenhoff at 2019-02-02T00:04:59Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2358,7 +2358,8 @@ CVE-2019-6293 (An issue was discovered in the function 
mark_beginning_as_normal
        [jessie] - flex <no-dsa> (Minor issue)
        NOTE: https://github.com/westes/flex/issues/414
 CVE-2019-6292 (An issue was discovered in singledocparser.cpp in yaml-cpp (aka 
...)
-       - yaml-cpp <unfixed> (bug #919430)
+       - yaml-cpp <unfixed> (low; bug #919430)
+       [buster] - yaml-cpp <no-dsa> (Minor issue)
        [stretch] - yaml-cpp <no-dsa> (Minor issue)
        [jessie] - yaml-cpp <no-dsa> (Minor issue)
        - yaml-cpp0.3 <removed>
@@ -2384,7 +2385,8 @@ CVE-2019-6286 (In LibSass 3.5.5, a heap-based buffer 
over-read exists in ...)
        [stretch] - libsass <no-dsa> (Minor issue)
        NOTE: https://github.com/sass/libsass/issues/2815
 CVE-2019-6285 (The SingleDocParser::HandleFlowSequence function in yaml-cpp 
(aka ...)
-       - yaml-cpp <unfixed> (bug #919432)
+       - yaml-cpp <unfixed> (low; bug #919432)
+       [buster] - yaml-cpp <no-dsa> (Minor issue)
        [stretch] - yaml-cpp <no-dsa> (Minor issue)
        [jessie] - yaml-cpp <no-dsa> (Minor issue)
        - yaml-cpp0.3 <removed>
@@ -8779,6 +8781,7 @@ CVE-2018-20575 (Orange Livebox 00.96.320S devices have an 
undocumented ...)
        NOT-FOR-US: Orange Livebox 00.96.320S devices
 CVE-2018-20574 (The SingleDocParser::HandleFlowMap function in yaml-cpp (aka 
...)
        - yaml-cpp <unfixed> (low; bug #918145)
+       [buster] - yaml-cpp <no-dsa> (Minor issue)
        [stretch] - yaml-cpp <no-dsa> (Minor issue)
        [jessie] - yaml-cpp <postponed> (Minor issue)
        - yaml-cpp0.3 <removed> (low; bug #918146)
@@ -8787,6 +8790,7 @@ CVE-2018-20574 (The SingleDocParser::HandleFlowMap 
function in yaml-cpp (aka ...
        NOTE: https://github.com/jbeder/yaml-cpp/issues/654
 CVE-2018-20573 (The Scanner::EnsureTokensInQueue function in yaml-cpp (aka 
LibYaml-C++) ...)
        - yaml-cpp <unfixed> (low; bug #918147)
+       [buster] - yaml-cpp <no-dsa> (Minor issue)
        [stretch] - yaml-cpp <no-dsa> (Minor issue)
        [jessie] - yaml-cpp <postponed> (Minor issue)
        - yaml-cpp0.3 <removed> (low; bug #918148)
@@ -30231,7 +30235,7 @@ CVE-2018-1000637 (zutils version prior to version 
1.8-pre2 contains a Buffer Ove
        NOTE: 
https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.html
        NOTE: Fixed by: upstream/0001-zcat-buffer-overrun.patch (in 1.7-3)
 CVE-2018-14938 (An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW 
through ...)
-       - tcpflow <unfixed> (bug #905483)
+       - tcpflow 1.5.0+repack1-1 (bug #905483)
        [stretch] - tcpflow <no-dsa> (Minor issue)
        [jessie] - tcpflow <no-dsa> (Minor issue)
        NOTE: 
https://github.com/simsong/tcpflow/commit/a4e1cd14eb5ccc51ed271b65b3420f7d692c40eb
@@ -52207,6 +52211,7 @@ CVE-2018-6869 (In ZZIPlib 0.13.68, there is an 
uncontrolled memory allocation an
        [stretch] - zziplib <no-dsa> (Minor issue)
        [jessie] - zziplib <no-dsa> (Minor issue)
        NOTE: https://github.com/gdraheim/zziplib/issues/22
+       NOTE: 
https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3
 CVE-2018-6868 (Cross Site Scripting (XSS) exists in PHP Scripts Mall 
Slickdeals / ...)
        NOT-FOR-US: PHP Scripts Mall Slickdeals / DealNews / Groupon Clone 
Script
 CVE-2018-6867 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba 
Clone ...)
@@ -73691,11 +73696,9 @@ CVE-2017-16810 (Cross-site scripting (XSS) 
vulnerability in the All Variables ta
 CVE-2017-16809
        RESERVED
 CVE-2017-16808 (tcpdump 4.9.2 has a heap-based buffer over-read related to 
aoe_print in ...)
-       - tcpdump <unfixed> (low; bug #881862)
-       [stretch] - tcpdump <postponed> (Can be fixed along in a future update)
-       [jessie] - tcpdump <postponed> (Can be fixed along in a future update)
-       [wheezy] - tcpdump <postponed> (Can be fixed along in a future update)
+       - tcpdump <unfixed> (unimportant; bug #881862)
        NOTE: https://github.com/the-tcpdump-group/tcpdump/issues/645
+       NOTE: Crash in CLI tool, no security impact
 CVE-2017-16807 (A cross-site Scripting (XSS) vulnerability in Kirby Panel 
before 2.3.3, ...)
        NOT-FOR-US: Kirby Panel
 CVE-2017-16806 (The Process function in 
RemoteTaskServer/WebServer/HttpServer.cs in ...)
@@ -89049,7 +89052,8 @@ CVE-2017-11694 (MEDHOST Document Management System 
contains hard-coded credentia
 CVE-2017-11693 (MEDHOST Document Management System contains hard-coded 
credentials that ...)
        NOT-FOR-US: MEDHOST Document Management System
 CVE-2017-11692 (The function &quot;Token&amp; Scanner::peek&quot; in 
scanner.cpp in yaml-cpp 0.5.3 ...)
-       - yaml-cpp <unfixed> (bug #870326)
+       - yaml-cpp <unfixed> (low; bug #870326)
+       [buster] - yaml-cpp <no-dsa> (Minor issue)
        [stretch] - yaml-cpp <no-dsa> (Minor issue)
        [jessie] - yaml-cpp <no-dsa> (Minor issue)
        [wheezy] - yaml-cpp <no-dsa> (Minor issue)
@@ -107006,6 +107010,7 @@ CVE-2017-5951 (The mem_get_bits_rectangle function in 
base/gdevmem.c in Artifex
        NOTE: Fixed by: 
http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8
 CVE-2017-5950 (The SingleDocParser::HandleNode function in yaml-cpp (aka 
LibYaml-C++) ...)
        - yaml-cpp <unfixed> (low; bug #859891)
+       [buster] - yaml-cpp <no-dsa> (Minor issue)
        [stretch] - yaml-cpp <no-dsa> (Minor issue)
        [jessie] - yaml-cpp <no-dsa> (Minor issue)
        [wheezy] - yaml-cpp <no-dsa> (Minor issue)
@@ -116783,6 +116788,7 @@ CVE-2017-2827 (An exploitable command injection 
vulnerability exists in the web
        NOT-FOR-US: Foscam C1 Indoor HD Camera
 CVE-2017-2826 (An information disclosure vulnerability exists in the iConfig 
proxy ...)
        - zabbix <unfixed> (low)
+       [buster] - zabbix <ignored> (Minor issue, workaround exists)
        [stretch] - zabbix <ignored> (Minor issue, workaround exists)
        [jessie] - zabbix <ignored> (Minor issue, workaround exists)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0327



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f70866c1c01382dbcea4fe029dc9fc12e9a947b9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f70866c1c01382dbcea4fe029dc9fc12e9a947b9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster triage

Reply via email to