Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bd11f797 by Moritz Muehlenhoff at 2019-02-19T22:21:14Z
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5466,7 +5466,7 @@ CVE-2019-6503 (There is a deserialization vulnerability
in Chatopera cosin v3.10
CVE-2019-6502 (sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a
memory ...)
- opensc <unfixed> (unimportant)
NOTE: https://github.com/OpenSC/OpenSC/issues/1586
- NOTE: Negligable security impact, assigning a CVE seems out of
proportion...
+ NOTE: Negligible security impact, assigning a CVE seems out of
proportion...
CVE-2019-1003004 (An improper authorization vulnerability exists in Jenkins
2.158 and ...)
NOT-FOR-US: Jenkins
CVE-2019-1003003 (An improper authorization vulnerability exists in Jenkins
2.158 and ...)
@@ -5632,22 +5632,22 @@ CVE-2019-6461 (An issue was discovered in cairo 1.16.0.
There is an assertion pr
NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/352
CVE-2019-6460 (An issue was discovered in GNU Recutils 1.8. There is a NULL
pointer ...)
- recutils <unfixed> (unimportant)
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2019-6459 (An issue was discovered in GNU Recutils 1.8. There is a memory
leak in ...)
- recutils <unfixed> (unimportant)
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2019-6458 (An issue was discovered in GNU Recutils 1.8. There is a memory
leak in ...)
- recutils <unfixed> (unimportant)
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2019-6457 (An issue was discovered in GNU Recutils 1.8. There is a memory
leak in ...)
- recutils <unfixed> (unimportant)
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2019-6456 (An issue was discovered in GNU Recutils 1.8. There is a NULL
pointer ...)
- recutils <unfixed> (unimportant)
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2019-6455 (An issue was discovered in GNU Recutils 1.8. There is a
double-free ...)
- recutils <unfixed> (unimportant)
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
CVE-2019-6454 [systemd (PID1) crash with specially crafted D-Bus message]
RESERVED
{DSA-4393-1 DLA-1684-1}
@@ -5709,17 +5709,14 @@ CVE-2015-9277 (MailEnable before 8.60 allows Directory
Traversal for reading the
CVE-2015-9276 (SmarterTools SmarterMail before 13.3.5535 was vulnerable to
stored XSS ...)
NOT-FOR-US: SmarterTools SmarterMail
CVE-2019-6446 (An issue was discovered in NumPy 1.16.0 and earlier. It uses
the pickle ...)
- - python-numpy <unfixed>
- [stretch] - python-numpy <no-dsa> (Minor issue)
+ - python-numpy 1:1.10.4-1
[jessie] - python-numpy <no-dsa> (Minor issue)
NOTE: https://github.com/numpy/numpy/issues/12759
- NOTE: For upstream this works as intended and is documented. Proposed
- NOTE: solution of switching the default might be dangerous for users
who rely on
- NOTE: the current behavior.
+ NOTE: For upstream this works as intended and is documented.
NOTE:
https://github.com/numpy/numpy/commit/a2bd3a7eabfe053d6d16a2130fdcad9e5211f6bb
- NOTE: adds already support to disable use of picke in load/save.
- NOTE: Proposed fix/partial mitigation via:
- NOTE: https://github.com/numpy/numpy/pull/12889
+ NOTE: added support to disable use of picke in load/save, marking that
as the fixed
+ NOTE: version. The use of that is at the discretion of anyone using
numpy
+ NOTE: Further discussion at https://github.com/numpy/numpy/pull/12889
CVE-2019-6445 (An issue was discovered in NTPsec before 1.1.3. An
authenticated ...)
- ntpsec 1.1.3+dfsg1-1 (bug #919513)
CVE-2019-6444 (An issue was discovered in NTPsec before 1.1.3.
process_control() in ...)
@@ -13191,15 +13188,15 @@ CVE-2018-20377 (Orange Livebox 00.96.320S devices
allow remote attackers to disc
NOT-FOR-US: Orange Livebox
CVE-2018-20376 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC)
0.9.27. ...)
- tcc <unfixed> (unimportant)
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
NOTE:
https://lists.nongnu.org/archive/html/tinycc-devel/2018-12/msg00013.html
CVE-2018-20375 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC)
0.9.27. ...)
- tcc <unfixed> (unimportant)
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
NOTE:
https://lists.nongnu.org/archive/html/tinycc-devel/2018-12/msg00014.html
CVE-2018-20374 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC)
0.9.27. ...)
- tcc <unfixed> (unimportant)
- NOTE: Negligable security impact
+ NOTE: Negligible security impact
NOTE:
https://lists.nongnu.org/archive/html/tinycc-devel/2018-12/msg00015.html
CVE-2018-20373 (Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a
DHCP ...)
NOT-FOR-US: Tenda ADSL modem routers
@@ -18334,7 +18331,7 @@ CVE-2018-19960 (The debug_mode function in web/web.py
in OnionShare through 1.3.
- onionshare 1.3.2-1 (bug #915859; unimportant)
[jessie] - onionshare <no-dsa> (contrib not supported)
NOTE: https://github.com/micahflee/onionshare/issues/837
- NOTE: Negligable (and disputable) security impact, as the debug mode is
not enabled by default
+ NOTE: Negligible (and disputable) security impact, as the debug mode is
not enabled by default
CVE-2018-19935 (ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows
remote ...)
{DSA-4353-1 DLA-1608-1}
- php7.3 7.3.0-1
@@ -58164,6 +58161,7 @@ CVE-2018-6253 (NVIDIA GPU Display Driver contains a
vulnerability in the DirectX
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
+ [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported, no updates provided by Nvidia for 340)
[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
@@ -58181,6 +58179,7 @@ CVE-2018-6249 (NVIDIA GPU Display Driver contains a
vulnerability in kernel mode
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
+ [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported, no updates provided by Nvidia for 340)
[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
@@ -85724,12 +85723,10 @@ CVE-2017-14159 (slapd in OpenLDAP 2.4.45 and earlier
creates a PID file after dr
NOTE: http://www.openldap.org/its/index.cgi?findid=8703
NOTE: Negligible security impact, but filed #877512
CVE-2017-14158 (Scrapy 1.4 allows remote attackers to cause a denial of
service (memory ...)
- - python-scrapy <unfixed> (bug #875947)
- [stretch] - python-scrapy <no-dsa> (Minor issue)
- [jessie] - python-scrapy <no-dsa> (Minor issue)
- [wheezy] - python-scrapy <no-dsa> (Minor issue)
+ - python-scrapy <unfixed> (unimportant; bug #875947)
NOTE: http://blog.csdn.net/wangtua/article/details/75228728
NOTE: https://github.com/scrapy/scrapy/issues/482
+ NOTE: Negligable security impact
CVE-2017-14157
RESERVED
CVE-2017-14156 (The atyfb_ioctl function in
drivers/video/fbdev/aty/atyfb_base.c in the ...)
@@ -89838,11 +89835,9 @@ CVE-2017-12855 (Xen maintains the _GTF_{read,writ}ing
bits as appropriate, to in
CVE-2017-12853 (The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is
...)
NOT-FOR-US: RealTime RWR-3G-100 Router Firmware
CVE-2017-12852 (The numpy.pad function in Numpy 1.13.1 and older versions is
missing ...)
- - python-numpy <unfixed> (bug #872407)
- [stretch] - python-numpy <no-dsa> (Minor issue)
- [jessie] - python-numpy <no-dsa> (Minor issue)
- [wheezy] - python-numpy <no-dsa> (Minor issue)
+ - python-numpy <unfixed> (unimportant; bug #872407)
NOTE: https://github.com/numpy/numpy/issues/9560#issuecomment-322395292
+ NOTE: Negligible security impact
CVE-2017-12851 (An authenticated standard user could reset the password of the
admin ...)
- kanboard <itp> (bug #790814)
CVE-2017-12850 (An authenticated standard user could reset the password of
other users ...)
@@ -110163,6 +110158,7 @@ CVE-2017-6272 (NVIDIA GPU Display Driver contains a
vulnerability in the kernel
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
+ [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported, no updates provided by Nvidia for 340)
[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
@@ -110183,6 +110179,7 @@ CVE-2017-6267 (NVIDIA GPU Display Driver contains a
vulnerability in the kernel
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
+ [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported, no updates provided by Nvidia for 340)
[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
@@ -110195,6 +110192,7 @@ CVE-2017-6266 (NVIDIA GPU Display Driver contains a
vulnerability in the kernel
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
+ [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported, no updates provided by Nvidia for 340)
[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd11f797de3d208fcaf12ebfe200697228bbeadb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd11f797de3d208fcaf12ebfe200697228bbeadb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
