[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff Sat, 09 Feb 2019 11:29:27 -0800

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ca9e1ae1 by Moritz Muehlenhoff at 2019-02-09T19:28:25Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3324,6 +3324,7 @@ CVE-2017-18356 (In the Automattic WooCommerce plugin 
before 3.2.4 for WordPress,
        NOT-FOR-US: Automattic WooCommerce plugin for WordPress
 CVE-2019-6293 (An issue was discovered in the function 
mark_beginning_as_normal in ...)
        - flex <unfixed> (low; bug #919428)
+       [buster] - flex <no-dsa> (Minor issue)
        [stretch] - flex <no-dsa> (Minor issue)
        [jessie] - flex <no-dsa> (Minor issue)
        NOTE: https://github.com/westes/flex/issues/414
@@ -15667,35 +15668,29 @@ CVE-2018-19893 (SearchController.php in PbootCMS 
1.2.1 has SQL injection via the
 CVE-2018-19892 (DomainMOD through 4.11.01 has XSS via the 
admin/dw/add-server.php ...)
        NOT-FOR-US: DomainMOD
 CVE-2018-19891 (An invalid memory address dereference was discovered in the 
huffcode ...)
-       - faac <unfixed> (bug #915763)
-       [stretch] - faac <no-dsa> (Non-free not supported)
-       [jessie] - faac <no-dsa> (Non-free not supported)
+       - faac <unfixed> (unimportant; bug #915763)
        NOTE: https://github.com/knik0/faac/issues/24
+       NOTE: Negligable security impact, crash in CLI tool (builds a lib, but 
only internal)
 CVE-2018-19890 (An invalid memory address dereference was discovered in the 
huffcode ...)
-       - faac <unfixed> (bug #915763)
-       [stretch] - faac <no-dsa> (Non-free not supported)
-       [jessie] - faac <no-dsa> (Non-free not supported)
+       - faac <unfixed> (unimportant; bug #915763)
        NOTE: https://github.com/knik0/faac/issues/20
+       NOTE: Negligable security impact, crash in CLI tool (builds a lib, but 
only internal)
 CVE-2018-19889 (An invalid memory address dereference was discovered in the 
huffcode ...)
-       - faac <unfixed> (bug #915763)
-       [stretch] - faac <no-dsa> (Non-free not supported)
-       [jessie] - faac <no-dsa> (Non-free not supported)
+       - faac <unfixed> (unimportant; bug #915763)
        NOTE: https://github.com/knik0/faac/issues/22
+       NOTE: Negligable security impact, crash in CLI tool (builds a lib, but 
only internal)
 CVE-2018-19888 (An invalid memory address dereference was discovered in the 
huffcode ...)
-       - faac <unfixed> (bug #915763)
-       [stretch] - faac <no-dsa> (Non-free not supported)
-       [jessie] - faac <no-dsa> (Non-free not supported)
+       - faac <unfixed> (unimportant; bug #915763)
        NOTE: https://github.com/knik0/faac/issues/25
+       NOTE: Negligable security impact, crash in CLI tool (builds a lib, but 
only internal)
 CVE-2018-19887 (An invalid memory address dereference was discovered in the 
huffcode ...)
-       - faac <unfixed> (bug #915763)
-       [stretch] - faac <no-dsa> (Non-free not supported)
-       [jessie] - faac <no-dsa> (Non-free not supported)
+       - faac <unfixed> (unimportant; bug #915763)
        NOTE: https://github.com/knik0/faac/issues/21
+       NOTE: Negligable security impact, crash in CLI tool (builds a lib, but 
only internal)
 CVE-2018-19886 (An invalid memory address dereference was discovered in the 
huffcode ...)
-       - faac <unfixed> (bug #915763)
-       [stretch] - faac <no-dsa> (Non-free not supported)
-       [jessie] - faac <no-dsa> (Non-free not supported)
+       - faac <unfixed> (unimportant; bug #915763)
        NOTE: https://github.com/knik0/faac/issues/23
+       NOTE: Negligable security impact, crash in CLI tool (builds a lib, but 
only internal)
 CVE-2018-19885
        RESERVED
 CVE-2018-19884
@@ -49745,6 +49740,7 @@ CVE-2018-8003 (Apache Ambari, versions 1.4.0 to 2.6.1, 
is susceptible to a direc
        NOT-FOR-US: Apache Ambari
 CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in 
...)
        - libpodofo <unfixed> (low; bug #892557)
+       [buster] - libpodofo <no-dsa> (Minor issue)
        [stretch] - libpodofo <no-dsa> (Minor issue)
        [jessie] - libpodofo <no-dsa> (Minor issue)
        [wheezy] - libpodofo <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ca9e1ae101b2f23cbe4484192da050c531ebcc14

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ca9e1ae101b2f23cbe4484192da050c531ebcc14
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster triage

Reply via email to