[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff Sat, 16 Feb 2019 04:39:00 -0800

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2634ae18 by Moritz Muehlenhoff at 2019-02-16T12:38:10Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10789,12 +10789,14 @@ CVE-2019-3576 (inxedu through 2018-12-24 has a SQL 
Injection vulnerability that
 CVE-2019-3575 (Sqla_yaml_fixtures 0.9.1 allows local users to execute 
arbitrary ...)
        NOT-FOR-US: Sqla_yaml_fixtures
 CVE-2019-3574 (In libsixel v1.8.2, there is a heap-based buffer over-read in 
the ...)
-       - libsixel <unfixed> (low)
+       - libsixel <unfixed> (low; bug #922460)
+       [buster] - libsixel <no-dsa> (Minor issue)
        [stretch] - libsixel <no-dsa> (Minor issue)
        [jessie] - libsixel <no-dsa> (Minor issue)
        NOTE: https://github.com/saitoha/libsixel/issues/83
 CVE-2019-3573 (In libsixel v1.8.2, there is an infinite loop in the function 
...)
-       - libsixel <unfixed> (low)
+       - libsixel <unfixed> (low; bug #922460)
+       [buster] - libsixel <no-dsa> (Minor issue)
        [stretch] - libsixel <no-dsa> (Minor issue)
        [jessie] - libsixel <postponed> (Minor issue)
        NOTE: https://github.com/saitoha/libsixel/issues/83
@@ -11499,7 +11501,7 @@ CVE-2018-20541 (There is a heap-based buffer overflow 
in libxsmm_sparse_csc_read
        NOTE: 
https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d
        NOTE: https://github.com/hfp/libxsmm/issues/287
 CVE-2018-20540 (There is memory leak at liblas::Open (liblas/liblas.hpp) in 
libLAS ...)
-       - liblas <unfixed>
+       - liblas <unfixed> (bug #922459)
        [stretch] - liblas <no-dsa> (Minor issue)
        [jessie] - liblas <no-dsa> (Minor issue)
        NOTE: https://github.com/libLAS/libLAS/issues/158
@@ -45804,6 +45806,7 @@ CVE-2018-10197 (There is a time-based blind SQL 
injection vulnerability in the A
        NOT-FOR-US: ELO
 CVE-2018-10196 (NULL pointer dereference vulnerability in the rebuild_vlists 
function ...)
        - graphviz <unfixed> (low; bug #898841)
+       [buster] - graphviz <no-dsa> (Minor issue)
        [stretch] - graphviz <no-dsa> (Minor issue)
        [jessie] - graphviz <no-dsa> (Minor issue)
        [wheezy] - graphviz <no-dsa> (Minor issue)
@@ -222377,6 +222380,7 @@ CVE-2013-1842 (SQL injection vulnerability in the 
Extbase Framework in TYPO3 4.5
        - typo3-src 4.5.19+dfsg1-5 (bug #702574)
 CVE-2013-1841 (Net-Server, when the reverse-lookups option is enabled, does 
not check ...)
        - libnet-server-perl <unfixed> (low; bug #702914)
+       [buster] - libnet-server-perl <ignored> (Minor issue)
        [stretch] - libnet-server-perl <ignored> (Minor issue)
        [jessie] - libnet-server-perl <ignored> (Minor issue)
        [wheezy] - libnet-server-perl <ignored> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2634ae18f34c599c78d30a8c3d47b2fb01431ffe

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2634ae18f34c599c78d30a8c3d47b2fb01431ffe
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster triage

Reply via email to