[Git][security-tracker-team/security-tracker][master] 3 commits: Remove trailing whitespaces

Thu, 07 Feb 2019 05:42:36 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
42d9337a by Salvatore Bonaccorso at 2019-02-07T13:41:14Z
Remove trailing whitespaces

- - - - -
5fd51f07 by Salvatore Bonaccorso at 2019-02-07T13:41:14Z
Four CVEs fixed for open-build-service in unstable

- - - - -
78b63fc6 by Salvatore Bonaccorso at 2019-02-07T13:41:15Z
Add fixed version for CVE-2018-20185/graphicsmagick

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10883,12 +10883,13 @@ CVE-2018-20186 (An issue was discovered in Bento4 
1.5.1-627. AP4_Sample::ReadDat
        NOT-FOR-US: Bento4
 CVE-2018-20185 (In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit 
platforms, there ...)
        {DLA-1619-1}
-       - graphicsmagick <unfixed> (bug #916719)
+       - graphicsmagick 1.4~hg15880-1 (bug #916719)
        NOTE: Partial fix: 
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293
        NOTE: https://sourceforge.net/p/graphicsmagick/bugs/582/
        NOTE: Partial fix adressed in 1.4~hg15873-1, but according to 
maintainer not yet
        NOTE: complete: Cf. https://bugs.debian.org/916719#15
        NOTE: Fix causes more issues: 
https://bugzilla.suse.com/show_bug.cgi?id=1119823#c1
+       NOTE: Followup: 
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/c38fc0e3e465
 CVE-2018-20184 (In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a 
heap-based ...)
        {DLA-1619-1}
        - graphicsmagick 1.4~hg15873-1 (bug #916721)
@@ -19122,9 +19123,9 @@ CVE-2018-19510
 CVE-2018-19509
        RESERVED
 CVE-2018-19508 (CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at 
a ...)
-       NOT-FOR-US: CMSimple 
+       NOT-FOR-US: CMSimple
 CVE-2018-19507 (CMSimple 4.7.5 has XSS via an admin's use of a ...)
-       NOT-FOR-US: CMSimple 
+       NOT-FOR-US: CMSimple
 CVE-2018-19506 (Zurmo 3.2.4 has XSS via an admin's use of the name parameter 
in the ...)
        NOT-FOR-US: Zurmo
 CVE-2018-19505 (Remedy AR System Server in BMC Remedy 7.1 may fail to set the 
correct ...)
@@ -37455,7 +37456,7 @@ CVE-2018-12481 (The Olive Tree Ftp Server application 
1.32 for Android has a &qu
 CVE-2018-12480 (Mitigates an XSS issue in NetIQ Access Manager versions prior 
to 4.4 ...)
        NOT-FOR-US: NetIQ Access Manager
 CVE-2018-12479 (A Improper Input Validation vulnerability in Open Build 
Service allows ...)
-       - open-build-service <unfixed> (bug #911797)
+       - open-build-service 2.9.4-1 (bug #911797)
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1108435
        NOTE: https://github.com/openSUSE/open-build-service/pull/5880
        NOTE: 
https://github.com/openSUSE/open-build-service/commit/01b015ca2a320afc4fae823465d1e72da8bd60df
@@ -37485,7 +37486,7 @@ CVE-2018-12469 (Incorrect handling of an invalid value 
for an HTTP request param
 CVE-2018-12468 (A vulnerability in the administration console of Micro Focus 
GroupWise ...)
        NOT-FOR-US: Micro Focus
 CVE-2018-12467 (Authorized users of the openbuildservice before 2.9.4 could 
delete ...)
-       - open-build-service <unfixed> (bug #911797)
+       - open-build-service 2.9.4-1 (bug #911797)
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1100217
        NOTE: Fixed by: 
https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063
        NOTE: Introduced by: 
https://github.com/openSUSE/open-build-service/commit/990ef7cccef6f38fc1d1a1bb22a08e174dcba43b
@@ -50311,12 +50312,12 @@ CVE-2018-7691 (A potential Remote Unauthorized Access 
in Micro Focus Fortify Sof
 CVE-2018-7690 (A potential Remote Unauthorized Access in Micro Focus Fortify 
Software ...)
        NOT-FOR-US: Micro Focus
 CVE-2018-7689 (Lack of permission checks in the InitializeDevelPackage 
function in ...)
-       - open-build-service <unfixed> (low; bug #903797)
+       - open-build-service 2.9.4-1 (low; bug #903797)
        [stretch] - open-build-service <no-dsa> (Minor issue)
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1094819
        NOTE: 
https://github.com/openSUSE/open-build-service/commit/990ef7cccef6f38fc1d1a1bb22a08e174dcba43b
 CVE-2018-7688 (A missing permission check in the review handling of openSUSE 
Open ...)
-       - open-build-service <unfixed> (low; bug #903796)
+       - open-build-service 2.9.4-1 (low; bug #903796)
        [stretch] - open-build-service <no-dsa> (Minor issue)
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1094820
        NOTE: 
https://github.com/openSUSE/open-build-service/commit/b15cf19e9e01115f653c76ffdc8f54cd97566553



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/579771f7262a2e177f884b8076ed8c454e177f04...78b63fc62c02d3c04bc62ce73c9d59ac3eef36e3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/579771f7262a2e177f884b8076ed8c454e177f04...78b63fc62c02d3c04bc62ce73c9d59ac3eef36e3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to