Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
82a8541d by Moritz Muehlenhoff at 2019-02-10T18:43:41Z
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29934,11 +29934,11 @@ CVE-2018-1000656 (The Pallets Project flask version
Before 0.12.3 contains a CWE
CVE-2018-1000655 (Jsish version 2.4.65 contains a CWE-476: NULL Pointer
Dereference ...)
NOT-FOR-US: Jsish
CVE-2018-1000654 (GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13,
libtasn1-4.12 ...)
- - libtasn1-6 <unfixed> (bug #906768)
- [stretch] - libtasn1-6 <no-dsa> (Minor issue)
- [jessie] - libtasn1-6 <no-dsa> (Minor issue since this cannot be
exploited at runtime)
+ - libtasn1-6 <unfixed> (unimportant; bug #906768)
- libtasn1-3 <removed>
NOTE: https://gitlab.com/gnutls/libtasn1/issues/4
+ NOTE: No security impact, does not affect libtasn, but only the
asn1Parser from
+ NOTE: libtasn1-bin
CVE-2018-1000653 (zzcms version 8.3 and earlier contains a SQL Injection
vulnerability ...)
NOT-FOR-US: zzcms
CVE-2018-1000652 (JabRef version <=4.3.1 contains a XML External Entity
(XXE) ...)
@@ -78279,6 +78279,7 @@ CVE-2017-15638 (The SuSEfirewall2 package before
3.6.312-2.13.1 in SUSE Linux ..
NOT-FOR-US: SuSEfirewall2 in SUSE
CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing
...)
- wordpress <unfixed> (bug #880868)
+ [buster] - wordpress <postponed> (Minor issue, can be revisited with
upstream has picked a new hashing solution)
[stretch] - wordpress <postponed> (Minor issue, can be revisited with
upstream has picked a new hashing solution)
[jessie] - wordpress <postponed> (Minor issue, can be revisited with
upstream has picked a new hashing solution)
[wheezy] - wordpress <postponed> (Minor issue, can be revisited with
upstream has picked a new hashing solution)
@@ -232280,6 +232281,7 @@ CVE-2012-4231 (Cross-site scripting (XSS)
vulnerability in admin/index.php in jC
NOT-FOR-US: jCore
CVE-2012-4230 (The bbcode plugin in TinyMCE 3.5.8 does not properly enforce
the ...)
- tinymce <unfixed> (low; bug #796117)
+ [buster] - tinymce <no-dsa> (Minor issue)
[stretch] - tinymce <no-dsa> (Minor issue)
[jessie] - tinymce <no-dsa> (Minor issue)
[squeeze] - tinymce <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/82a8541d73f997d03c5e6def88ac86ddd41a4254
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/82a8541d73f997d03c5e6def88ac86ddd41a4254
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
