Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
819e5651 by Salvatore Bonaccorso at 2019-02-09T10:25:06Z
CVE-2017-18197: sort suite entries
- - - - -
4bc0ec6a by Salvatore Bonaccorso at 2019-02-09T10:25:06Z
Add fixing version for CVE-2017-17718/ruby-net-ldap
- - - - -
e56648a1 by Salvatore Bonaccorso at 2019-02-09T10:27:50Z
Remove doubled entry in dsa-needed list
- - - - -
995945c6 by Salvatore Bonaccorso at 2019-02-09T10:29:04Z
Reference upstream commit for CVE-2017-1000071/php-cas
- - - - -
07559e01 by Salvatore Bonaccorso at 2019-02-09T10:35:21Z
Process two NFUs
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2019-7654
CVE-2019-7652
RESERVED
CVE-2019-7651 (EPP.sys in Emsisoft Anti-Malware 2018.8.1.8923 allows an
attacker to ...)
- TODO: check
+ NOT-FOR-US: Emsisoft Anti-Malware
CVE-2019-7650
RESERVED
CVE-2019-7653 (The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2
has ...)
@@ -21,7 +21,7 @@ CVE-2019-7653 (The Debian python-rdflib-tools 4.2.2-1 package
for RDFLib 4.2.2 h
CVE-2019-7649
RESERVED
CVE-2019-7648 (controller/fetchpwd.php and controller/doAction.php in
Hotels_Server ...)
- TODO: check
+ NOT-FOR-US: Hotels_Server
CVE-2019-7647
RESERVED
CVE-2019-7646
@@ -51451,8 +51451,8 @@ CVE-2017-18198 (print_iso9660_recurse in iso-info.c in
GNU libcdio before 1.0.0
CVE-2017-18197 (In mxGraphViewImageReader.java in mxGraph before 3.7.6, the
...)
{DLA-1299-1}
- libjgraphx-java <unfixed> (low; bug #891796)
- [jessie] - libjgraphx-java <no-dsa> (Minor issue)
[stretch] - libjgraphx-java <no-dsa> (Minor issue)
+ [jessie] - libjgraphx-java <no-dsa> (Minor issue)
NOTE: https://github.com/jgraph/mxgraph/issues/124
NOTE:
https://bitbucket.org/jgraph/mxgraph2/commits/7d159ca3259b961cbb1c51b4ea42cb408c624ff1
CVE-2018-7443 (The ReadTIFFImage function in coders/tiff.c in ImageMagick
7.0.7-23 Q16 ...)
@@ -63739,7 +63739,7 @@ CVE-2017-17720
CVE-2017-17719 (A cross-site scripting (XSS) vulnerability in the wp-concours
plugin ...)
NOT-FOR-US: wp-concours plugin for WordPress
CVE-2017-17718 (The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has
Missing SSL ...)
- - ruby-net-ldap <unfixed> (bug #884693)
+ - ruby-net-ldap 0.16.1-1 (bug #884693)
[stretch] - ruby-net-ldap <no-dsa> (Minor issue)
[jessie] - ruby-net-ldap <not-affected> (Documentation already states
that there is no validation)
[wheezy] - ruby-net-ldap <ignored> (Doc always said that there is no
validation)
@@ -91896,6 +91896,7 @@ CVE-2017-1000071 (Jasig phpCAS version 1.3.4 is
vulnerable to an authentication
[jessie] - php-cas <no-dsa> (Minor issue)
[wheezy] - php-cas <no-dsa> (Minor issue, only works with old CAS
server)
NOTE: https://github.com/Jasig/phpCAS/issues/228
+ NOTE: Fixed by:
https://github.com/apereo/phpCAS/commit/c9ba00327fd0ac8faecc62ce150c1986022856cd
NOTE: The vulnerability only exists when the server is affected by
NOTE: another very old vulnerability fixed in 2010.
CVE-2017-1000070 (The Bitly oauth2_proxy in version 2.1 and earlier was
affected by an ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -27,8 +27,6 @@ glusterfs
--
graphicsmagick
--
-libu2f-host
---
libidn
santiago proposed debdiffs for jessie and stretch
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/6776ff8401f2d9d23dc6b7782798cb49c449ff59...07559e0189f2986512fb49bd8931a5a3248ea8a1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/6776ff8401f2d9d23dc6b7782798cb49c449ff59...07559e0189f2986512fb49bd8931a5a3248ea8a1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
