[Git][security-tracker-team/security-tracker][master] new gradle issue

Thu, 11 Apr 2019 01:03:37 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fb196813 by Moritz Muehlenhoff at 2019-04-11T08:02:09Z
new gradle issue
new spring-security issue
treat new webkit issues as relevant for buster
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,9 @@ CVE-2019-1003049
 CVE-2019-11066
        RESERVED
 CVE-2019-11065 (Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to 
download ...)
-       TODO: check
+       - gradle <unfixed>
+       [stretch] - gradle <no-dsa> (Minor issue)
+       NOTE: https://github.com/gradle/gradle/pull/8927
 CVE-2019-11071 [arbitrary code execution by any identified visitor]
        - spip 3.2.4-1 (bug #926764)
        [jessie] - spip <not-affected> (SPIP 3.0 and earlier are not affected)
@@ -10304,7 +10306,7 @@ CVE-2019-7126
        RESERVED
 CVE-2019-7125
        RESERVED
-       NOT-FOR-US: Adobe Acrobat Reader DC
+       NOT-FOR-US: Adobe
 CVE-2019-7124
        RESERVED
 CVE-2019-7123
@@ -12442,12 +12444,12 @@ CVE-2019-6253
 CVE-2019-6252
        RESERVED
 CVE-2019-6251 (embed/ephy-web-view.c in GNOME Web (aka Epiphany) through 
3.31.4 allow ...)
-       - epiphany-browser <unfixed> (unimportant)
-       - webkit2gtk 2.24.1-1 (unimportant)
+       - epiphany-browser <unfixed>
+       - webkit2gtk 2.24.1-1
+       [stretch] - webkit2gtk <ignored> (Not covered by security support in 
stretch)
        NOTE: https://gitlab.gnome.org/GNOME/epiphany/issues/532
        NOTE: https://bugs.webkit.org/show_bug.cgi?id=194131
        NOTE: https://bugs.webkit.org/show_bug.cgi?id=194208
-       NOTE: Webkit not covered by security support
 CVE-2019-6249 (An issue was discovered in HuCart v5.7.4. There is a CSRF 
vulnerabilit ...)
        NOT-FOR-US: HuCart
 CVE-2019-6250 (A pointer overflow, with code execution, was discovered in 
ZeroMQ libz ...)
@@ -17761,6 +17763,7 @@ CVE-2019-3846
        RESERVED
 CVE-2019-3845
        RESERVED
+       NOT-FOR-US: qpid dispatch router
 CVE-2019-3844
        RESERVED
 CVE-2019-3843
@@ -17970,7 +17973,7 @@ CVE-2019-3797
 CVE-2019-3796
        RESERVED
 CVE-2019-3795 (Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 
5.0.12, ...)
-       TODO: check
+       - libspring-security-2.0-java <removed>
 CVE-2019-3794
        RESERVED
 CVE-2019-3793



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb1968133fba3056d85d3ff1e7e5ccbe1c010eeb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb1968133fba3056d85d3ff1e7e5ccbe1c010eeb
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to