[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff Mon, 25 Feb 2019 11:18:35 -0800

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b4d72d25 by Moritz Muehlenhoff at 2019-02-25T19:17:43Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25830,7 +25830,8 @@ CVE-2018-18444 (makeMultiView.cpp in exrmultiview in 
OpenEXR 2.3.0 has an out-of
        - openexr <unfixed> (unimportant)
        NOTE: Issue in exrmultiview which is not installed in the binary 
package.
 CVE-2018-18443 (OpenEXR 2.3.0 has a memory leak in ThreadPool in ...)
-       - openexr <unfixed>
+       - openexr <unfixed> (low)
+       [buster] - openexr <no-dsa> (Minor issue)
        [stretch] - openexr <no-dsa> (Minor issue)
        [jessie] - openexr <no-dsa> (Minor issue)
        NOTE: https://github.com/openexr/openexr/issues/350
@@ -26934,7 +26935,8 @@ CVE-2018-18065 (_set_key in 
agent/helpers/table_container.c in Net-SNMP before 5
        NOTE: https://dumpco.re/blog/net-snmp-5.7.3-remote-dos
        NOTE: 
https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/
 CVE-2018-18064 (cairo through 1.15.14 has an out-of-bounds stack-memory write 
during ...)
-       - cairo <unfixed> (bug #916083)
+       - cairo <unfixed> (low; bug #916083)
+       [buster] - cairo <no-dsa> (Minor issue)
        [stretch] - cairo <no-dsa> (Minor issue)
        NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/341
 CVE-2018-18063
@@ -29375,10 +29377,9 @@ CVE-2018-17078
 CVE-2018-17077 (An issue was discovered in yiqicms through 2016-11-20. There 
is stored ...)
        NOT-FOR-US: yiqicms
 CVE-2018-17076 (GPP through 2.25 will try to use more memory space than is 
available on ...)
-       - gpp <unfixed> (bug #908939)
-       [stretch] - gpp <no-dsa> (Minor issue)
-       [jessie] - gpp <no-dsa> (Minor issue)
+       - gpp <unfixed> (unimportant; bug #908939)
        NOTE: https://github.com/logological/gpp/issues/26
+       NOTE: Crash in CLI tool, no security impact
 CVE-2018-17075 (The html package (aka x/net/html) before 2018-07-13 in Go 
mishandles ...)
        - golang-golang-x-net-dev <not-affected> (Vulnerable code introduced 
later)
        - golang-go.net-dev <not-affected> (Vulnerable code introduced later)
@@ -73201,6 +73202,7 @@ CVE-2018-1298 (A Denial of Service vulnerability was 
found in Apache Qpid Broker
        NOTE: 
https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=4b9fb37
 CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x 
and ...)
        - jakarta-jmeter <unfixed> (low; bug #897259)
+       [buster] - jakarta-jmeter <ignored> (Minor issue, too intrusive to 
backport)
        [stretch] - jakarta-jmeter <ignored> (Minor issue, too intrusive to 
backport)
        [jessie] - jakarta-jmeter <ignored> (Minor issue, too intrusive to 
backport)
        [wheezy] - jakarta-jmeter <no-dsa> (Minor issue)
@@ -73228,6 +73230,7 @@ CVE-2018-1288 (In Apache Kafka 0.9.0.0 to 0.9.0.1, 
0.10.0.0 to 0.10.2.1, 0.11.0.
        - kafka <itp> (bug #786460)
 CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only 
(RMI ...)
        - jakarta-jmeter <unfixed> (low)
+       [buster] - jakarta-jmeter <no-dsa> (Minor issue)
        [stretch] - jakarta-jmeter <no-dsa> (Minor issue)
        [jessie] - jakarta-jmeter <no-dsa> (Minor issue)
        [wheezy] - jakarta-jmeter <no-dsa> (Minor issue)
@@ -97588,6 +97591,7 @@ CVE-2017-9815 (In LibTIFF 4.0.7, the 
TIFFReadDirEntryLong8Array function in ...)
        NOTE: The issue is addressed with the same commit as for CVE-2017-9403
 CVE-2017-9814 (cairo-truetype-subset.c in cairo 1.15.6 and earlier allows 
remote ...)
        - cairo <unfixed> (low; bug #868580)
+       [buster] - cairo <no-dsa> (Minor issue)
        [stretch] - cairo <no-dsa> (Minor issue)
        [jessie] - cairo <no-dsa> (Minor issue)
        [wheezy] - cairo <no-dsa> (Minor issue)
@@ -106900,6 +106904,7 @@ CVE-2017-7476 (Gnulib before 2017-04-26 has a 
heap-based buffer overflow with th
        NOTE: Introduced with 4bc76593 and 4e6e16b3f.
 CVE-2017-7475 (Cairo version 1.15.4 is vulnerable to a NULL pointer 
dereference ...)
        - cairo <unfixed> (low; bug #870264)
+       [buster] - cairo <no-dsa> (Minor issue)
        [stretch] - cairo <no-dsa> (Minor issue)
        [jessie] - cairo <no-dsa> (Minor issue)
        [wheezy] - cairo <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4d72d25b2ce11a0db70fe537dc7a8d905ed1c27

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4d72d25b2ce11a0db70fe537dc7a8d905ed1c27
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster triage

Reply via email to