[Git][security-tracker-team/security-tracker][master] buster triage

Fri, 22 Feb 2019 14:32:00 -0800 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
93c3b8ff by Moritz Muehlenhoff at 2019-02-22T22:30:40Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12449,6 +12449,7 @@ CVE-2018-20651 (A NULL pointer dereference was 
discovered in ...)
        NOTE: 
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f
 CVE-2018-20650 (A reachable Object::dictLookup assertion in Poppler 0.72.0 
allows ...)
        - poppler <unfixed> (low; bug #917974)
+       [buster] - poppler <no-dsa> (Minor issue)
        [stretch] - poppler <no-dsa> (Minor issue)
        [jessie] - poppler <postponed> (Minor issue)
        NOTE: 
https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7
@@ -12984,19 +12985,19 @@ CVE-2018-20535 (There is a use-after-free at 
asm/preproc.c (function pp_getline)
        [jessie] - nasm <no-dsa> (Minor issue)
        NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392530
 CVE-2018-20534 (There is an illegal address access at src/pool.h (function ...)
-       - libsolv <unfixed> (low)
+       - libsolv <unfixed> (low; bug #923002)
        [stretch] - libsolv <ignored> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652604
        NOTE: https://github.com/openSUSE/libsolv/pull/291
        NOTE: 
https://github.com/openSUSE/libsolv/commit/4830af9d979d3685de538b80fbeba51ad590525e
 CVE-2018-20533 (There is a NULL pointer dereference at ext/testcase.c 
(function ...)
-       - libsolv <unfixed> (low)
+       - libsolv <unfixed> (low; bug #923002)
        [stretch] - libsolv <ignored> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652599
        NOTE: https://github.com/openSUSE/libsolv/pull/291
        NOTE: 
https://github.com/openSUSE/libsolv/commit/4830af9d979d3685de538b80fbeba51ad590525e
 CVE-2018-20532 (There is a NULL pointer dereference at ext/testcase.c 
(function ...)
-       - libsolv <unfixed> (low)
+       - libsolv <unfixed> (low; bug #923002)
        [stretch] - libsolv <ignored> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652605
        NOTE: https://github.com/openSUSE/libsolv/pull/291
@@ -23757,6 +23758,7 @@ CVE-2018-19143 (Open Ticket Request System (OTRS) 4.0.x 
before 4.0.33, 5.0.x bef
        NOTE: 
https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/
 CVE-2018-19120 (The HTML thumbnailer plugin in KDE Applications before 18.12.0 
allows ...)
        - kio-extras 4:18.08.3-1 (bug #913595)
+       [buster] - kio-extras <no-dsa> (Minor issue)
        [stretch] - kio-extras <no-dsa> (Minor issue)
        - kde-runtime <unfixed> (bug #913596)
        [stretch] - kde-runtime <no-dsa> (Minor issue)
@@ -73665,11 +73667,13 @@ CVE-2018-1100 (zsh through version 5.4.2 is 
vulnerable to a stack-based buffer .
        NOTE: https://www.zsh.org/cgi-bin/mla/redirect?WORKERNUMBER=42607
        NOTE: 
https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/
 CVE-2018-1099 (DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An 
...)
-       - etcd <unfixed> (bug #921156)
+       - etcd <unfixed> (low; bug #921156)
+       [stretch] - etcd <postponed> (Minor issue, revisit when fixed upstream 
and possibly backported to 3.2.x)
        NOTE: https://github.com/coreos/etcd/issues/9353
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552717
 CVE-2018-1098 (A cross-site request forgery flaw was found in etcd 3.3.1 and 
earlier. ...)
-       - etcd <unfixed> (bug #921156)
+       - etcd <unfixed> (low; bug #921156)
+       [stretch] - etcd <postponed> (Minor issue, revisit when fixed upstream 
and possibly backported to 3.2.x)
        NOTE: https://github.com/coreos/etcd/issues/9353
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552714
 CVE-2018-1097 (A flaw was found in foreman before 1.16.1. The issue allows 
users with ...)
@@ -150003,7 +150007,8 @@ CVE-2016-2569 (Squid 3.x before 3.5.15 and 4.x before 
4.0.7 does not properly ap
        NOTE: 
http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch
        NOTE: Upstream confirmed it does not affect squid 2.7.x
 CVE-2016-2568 (pkexec, when used with --user nonpriv, allows local users to 
escape to ...)
-       - policykit-1 <unfixed> (bug #816062; bug #812512)
+       - policykit-1 <unfixed> (low; bug #816062; bug #812512)
+       [buster] - policykit-1 <ignored> (Minor issue)
        [stretch] - policykit-1 <ignored> (Minor issue)
        [jessie] - policykit-1 <ignored> (Minor issue)
        [wheezy] - policykit-1 <ignored> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/93c3b8ff16d55dbb4955ff8781d7e1fd3abe1573

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/93c3b8ff16d55dbb4955ff8781d7e1fd3abe1573
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to