[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff Tue, 19 Feb 2019 13:15:22 -0800

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
00a06476 by Moritz Muehlenhoff at 2019-02-19T21:13:40Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -32444,6 +32444,7 @@ CVE-2018-15686 (A vulnerability in unit_deserialize of 
systemd allows an attacke
        NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1687
        NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796402
        NOTE: https://github.com/systemd/systemd/pull/10519
+       NOTE: 
https://github.com/systemd/systemd/commit/9f1c81d80a435d15ca1bd536a6d043c18c81c047
 CVE-2018-15685 (GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in 
certain ...)
        - electron <itp> (bug #842420)
 CVE-2018-15684 (An issue was discovered in BTITeam XBTIT. PHP error logs are 
stored in ...)
@@ -58131,10 +58132,13 @@ CVE-2018-6261 (NVIDIA GeForce Experience prior to 
3.15 contains a vulnerability
        NOT-FOR-US: NVIDIA GeForce Experience
 CVE-2018-6260 (NVIDIA graphics driver contains a vulnerability that may allow 
access ...)
        - nvidia-graphics-drivers <unfixed> (bug #913467)
+       [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
        [stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
        [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
        - nvidia-graphics-drivers-legacy-390xx <unfixed>
+       [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not 
supported)
        - nvidia-graphics-drivers-legacy-340xx <unfixed>
+       [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not 
supported)
        [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not 
supported)
        - nvidia-graphics-drivers-legacy-304xx <unfixed>
        [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not 
supported)
@@ -73541,7 +73545,7 @@ CVE-2018-1064 (libvirt version before 4.2.0-rc1 is 
vulnerable to a resource ...)
        - libvirt 4.1.0-1
        NOTE: Fixed by: 
https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513
 CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic 
link ...)
-       - policycoreutils <unfixed>
+       - policycoreutils 2.7-1
        [stretch] - policycoreutils <no-dsa> (Minor issue)
        [jessie] - policycoreutils <no-dsa> (Minor issue)
        [wheezy] - policycoreutils <no-dsa> (Minor issue)
@@ -73549,6 +73553,7 @@ CVE-2018-1063 (Context relabeling of filesystems is 
vulnerable to symbolic link
        NOTE: Mitigation by removing any symbolic link in /tmp and /var/tmp 
directories
        NOTE: before relabeling the file system. Futhtermore only triggerable at
        NOTE: relabeling time.
+       NOTE: 
https://github.com/SELinuxProject/selinux/commit/2608b4d6660af0fb8ad93f2cc144bdaab3c2afa8
 CVE-2018-1062 (A vulnerability was discovered in oVirt 4.1.x before 4.1.9, 
where the ...)
        NOT-FOR-US: ovirt-engine
 CVE-2018-1061 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 
3.7.0 is ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/00a06476a73bbe51ad4b11f0fbca7d0db6432d9c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/00a06476a73bbe51ad4b11f0fbca7d0db6432d9c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster triage

Reply via email to