[Git][security-tracker-team/security-tracker][master] Add CVE-2019-38{29,36}/gnutls28

Wed, 27 Mar 2019 15:27:24 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
784fad09 by Salvatore Bonaccorso at 2019-03-27T22:24:38Z
Add CVE-2019-38{29,36}/gnutls28

Explicitly track only the src:gnutl28 source package as the issue
affects only GnuTLS versions later than 3.5.8.

Although it needs to be checked if potentially the commit introducing
the issue was backported (but unlikely in those cases) but needs to be
further checked.

For that add a note on the respective upstream versions in the NOTEs.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15655,6 +15655,11 @@ CVE-2019-3837
        RESERVED
 CVE-2019-3836
        RESERVED
+       - gnutls28 <unfixed>
+       NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1678411
+       NOTE: https://gitlab.com/gnutls/gnutls/issues/704
+       NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27
+       NOTE: Upstream versions affected are 3.6.3 and later before 3.6.7
 CVE-2019-3835 (It was found that the superexec operator was available in the 
internal ...)
        [experimental] - ghostscript 9.27~~dc1~dfsg-1
        - ghostscript <unfixed> (bug #925256)
@@ -15679,7 +15684,11 @@ CVE-2019-3830 (A vulnerability was found in ceilometer 
before version 12.0.0.0rc
        - ceilometer <unfixed> (bug #925298)
        NOTE: https://bugs.launchpad.net/ceilometer/+bug/1811098/
 CVE-2019-3829 (A vulnerability was found in gnutls versions from 3.5.8 before 
3.6.7.  ...)
-       TODO: check
+       - gnutls28 <unfixed>
+       NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1677048
+       NOTE: https://gitlab.com/gnutls/gnutls/issues/694
+       NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27
+       NOTE: Upstream versions affected are from 3.5.8 and before 3.6.7.
 CVE-2019-3828 (Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has 
a path  ...)
        {DSA-4396-1}
        - ansible 2.7.7+dfsg-1 (bug #922537)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/784fad091ef526bc1f983117e36f953f4640c266

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/784fad091ef526bc1f983117e36f953f4640c266
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to