[Git][security-tracker-team/security-tracker][master] 2 commits: Reserve DSA-4427-1 for samba (CVE-2019-3880)

Mon, 08 Apr 2019 01:26:18 -0700 


Sebastien Delafond pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3803387f by Sébastien Delafond at 2019-04-08T08:24:40Z
Reserve DSA-4427-1 for samba (CVE-2019-3880)

- - - - -
52c62481 by Sébastien Delafond at 2019-04-08T08:24:41Z
Add recent samba issues (CVE-2019-3870, CVE-2019-3880)

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17197,8 +17197,10 @@ CVE-2019-3882 [DoS through vfio/type1 DMA mappings]
        NOTE: Fixed by: 
https://git.kernel.org/linus/492855939bdb59c6f947b0b5b44af9ad82b7e38c
 CVE-2019-3881
        RESERVED
-CVE-2019-3880
-       RESERVED
+CVE-2019-3880 (Save registry file outside share as unprivileged user)
+       {DSA-4427-1}
+        - samba <unfixed>
+        NOTE: https://www.samba.org/samba/security/CVE-2019-3880.html        
 CVE-2019-3879 (It was discovered that in the ovirt's REST API before version 
4.3.2.1, ...)
        NOT-FOR-US: ovirt-engine
 CVE-2019-3878 (A vulnerability was found in mod_auth_mellon before v0.14.2. If 
Apache ...)
@@ -17230,8 +17232,10 @@ CVE-2019-3871 (A vulnerability was found in PowerDNS 
Authoritative Server before
        NOTE: https://github.com/PowerDNS/pdns/issues/7573
        NOTE: 
https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html
        NOTE: Patches: https://downloads.powerdns.com/patches/2019-03/
-CVE-2019-3870
-       RESERVED
+CVE-2019-3870 (During the provision of a new Active Directory DC, some files 
in the ...)
+       - samba <unfixed>
+       [stretch] - samba <not-affected> (Vulnerable code not present)
+        NOTE: https://www.samba.org/samba/security/CVE-2019-3870.html
 CVE-2019-3869 (When running Tower before 3.4.3 on OpenShift or Kubernetes, 
applicatio ...)
        NOT-FOR-US: Ansible Tower
 CVE-2019-3868


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[08 Apr 2019] DSA-4427-1 samba - security update
+       {CVE-2019-3880}
+       [stretch] - samba 2:4.5.16+dfsg-1+deb9u1
 [07 Apr 2019] DSA-4426-1 tryton-server - security update
        {CVE-2019-10868}
        [stretch] - tryton-server 4.2.1-2+deb9u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/2fbda38d41060ffa23305d54346659eb64ff197e...52c62481cdec2b24711122ab32f97940b1ef1822

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/2fbda38d41060ffa23305d54346659eb64ff197e...52c62481cdec2b24711122ab32f97940b1ef1822
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to