[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff Wed, 20 Feb 2019 14:46:39 -0800

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
10c91f31 by Moritz Muehlenhoff at 2019-02-20T22:45:10Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6293,9 +6293,10 @@ CVE-2019-6240 [Arbitrary repo read in Gitlab project 
import]
        - gitlab 11.5.7+dfsg-1 (bug #919822)
        NOTE: 
https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released/
 CVE-2018-20699 (Docker Engine before 18.09 allows attackers to cause a denial 
of ...)
-       - docker.io <unfixed>
+       - docker.io <unfixed> (unimportant)
        NOTE: https://github.com/docker/engine/pull/70
        NOTE: https://github.com/moby/moby/pull/37967
+       NOTE: Negligible security impact
 CVE-2019-6239
        RESERVED
 CVE-2019-6238
@@ -38176,6 +38177,7 @@ CVE-2018-13441 (qh_help in Nagios Core version 4.4.1 
and earlier is prone to a N
        NOTE: 
https://github.com/NagiosEnterprises/nagioscore/commit/b1a92a3b52d292ccb601e77a0b29cb1e67ac9d76
 CVE-2018-13440 (The audiofile Audio File Library 0.3.6 has a NULL pointer 
dereference ...)
        - audiofile <unfixed> (low; bug #903499)
+       [buster] - audiofile <no-dsa> (Minor issue)
        [stretch] - audiofile <no-dsa> (Minor issue)
        [jessie] - audiofile <no-dsa> (Minor issue)
        NOTE: https://github.com/mpruett/audiofile/issues/49
@@ -65039,8 +65041,7 @@ CVE-2017-1000434 (Wordpress plugin Furikake version 
0.1.0 is vulnerable to an Op
        NOT-FOR-US: Wordpress plugin Furikake
 CVE-2017-1000433 (pysaml2 version 4.4.0 and older accept any password when run 
with ...)
        {DLA-1410-1}
-       [experimental] - python-pysaml2 4.5.0-1
-       - python-pysaml2 <unfixed> (bug #886423)
+       - python-pysaml2 4.5.0-2 (bug #886423)
        [stretch] - python-pysaml2 <no-dsa> (Minor issue)
        NOTE: https://github.com/rohe/pysaml2/issues/451
        NOTE: Fixed by: 
https://github.com/rohe/pysaml2/commit/6312a41e037954850867f29d329e5007df1424a5
@@ -93576,11 +93577,12 @@ CVE-2017-11574 (FontForge 20161012 is vulnerable to a 
heap-based buffer overflow
        NOTE: https://github.com/fontforge/fontforge/issues/3090
        NOTE: 
https://github.com/fontforge/fontforge/commit/62b6433a81ee7ed6e0ac2d6b09ac85b885046ac3
 CVE-2017-11573 (FontForge 20161012 is vulnerable to a buffer over-read in ...)
-       - fontforge <unfixed> (low; bug #873588)
+       - fontforge <unfixed> (unimportant; bug #873588)
        [stretch] - fontforge <no-dsa> (Minor issue)
        [jessie] - fontforge <no-dsa> (Minor issue)
        [wheezy] - fontforge <no-dsa> (Minor issue)
        NOTE: https://github.com/fontforge/fontforge/issues/3098
+       NOTE: Crash in GUI tool/related desktop libs, no security impact
 CVE-2017-11572 (FontForge 20161012 is vulnerable to a heap-based buffer 
over-read in ...)
        {DSA-3958-1 DLA-1065-1}
        - fontforge 1:20170731~dfsg-1 (bug #869614)
@@ -93591,11 +93593,9 @@ CVE-2017-11571 (FontForge 20161012 is vulnerable to a 
stack-based buffer overflo
        NOTE: https://github.com/fontforge/fontforge/issues/3087
        NOTE: 
https://github.com/fontforge/fontforge/commit/5a0c6522682b0788fc478dd159dd6168cb5fa38b
 CVE-2017-11570 (FontForge 20161012 is vulnerable to a buffer over-read in 
umodenc ...)
-       - fontforge <unfixed> (low; bug #873587)
-       [stretch] - fontforge <no-dsa> (Minor issue)
-       [jessie] - fontforge <no-dsa> (Minor issue)
-       [wheezy] - fontforge <no-dsa> (Minor issue)
+       - fontforge <unfixed> (unimportant; bug #873587)
        NOTE: https://github.com/fontforge/fontforge/issues/3097
+       NOTE: Crash in GUI tool/related desktop libs, no security impact
 CVE-2017-11569 (FontForge 20161012 is vulnerable to a heap-based buffer 
over-read in ...)
        {DSA-3958-1 DLA-1065-1}
        - fontforge 1:20170731~dfsg-1 (bug #869614)
@@ -113917,6 +113917,7 @@ CVE-2016-10125 (D-Link DGS-1100 devices with Rev.B 
firmware 1.01.018 have a hard
        NOT-FOR-US: D-Link
 CVE-2016-10127 (PySAML2 allows remote attackers to conduct XML external entity 
(XXE) ...)
        - python-pysaml2 <unfixed> (low; bug #859135)
+       [buster] - python-pysaml2 <no-dsa> (Minor issue)
        [stretch] - python-pysaml2 <no-dsa> (Minor issue)
        [jessie] - python-pysaml2 <no-dsa> (Minor issue)
        NOTE: https://github.com/rohe/pysaml2/issues/366
@@ -179723,10 +179724,7 @@ CVE-2015-1402 (Cross-site scripting (XSS) 
vulnerability in the Content Rating ..
 CVE-2015-1401 (Improper Authentication vulnerability in the &quot;LDAP / SSO 
...)
        NOT-FOR-US: typo3 extension
 CVE-2015-1554 (kgb-bot 1.33-2 allows remote attackers to cause a denial of 
service ...)
-       - kgb-bot <unfixed> (low; bug #776424)
-       [stretch] - kgb-bot <ignored> (Minor issue)
-       [jessie] - kgb-bot <ignored> (Minor issue)
-       [wheezy] - kgb-bot <ignored> (Minor issue)
+       - kgb-bot <undetermined> (low; bug #776424)
 CVE-2015-1369 (SQL injection vulnerability in Sequelize before 2.0.0-rc7 for 
Node.js ...)
        NOT-FOR-US: sequelize
 CVE-2015-1354



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/10c91f31119e0e499492249d40d3817e36e67181

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/10c91f31119e0e499492249d40d3817e36e67181
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster triage

Reply via email to