Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3482beb9 by Salvatore Bonaccorso at 2019-04-30T19:03:31Z
pacemaker CVEs: reference pull requests as whole
The pull requests are for the master (1749) and for the 1.1 branches of
pacemaker (1750) respectively and contain a whole set of commits needed.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19045,7 +19045,8 @@ CVE-2019-3886 (An incorrect permissions check was
discovered in libvirt 4.8.0 an
CVE-2019-3885 (A use-after-free flaw was found in pacemaker up to and
including versi ...)
- pacemaker <unfixed> (bug #927714)
NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
- NOTE:
https://github.com/ClusterLabs/pacemaker/pull/1749/commits/970736b1c7ad5c78cc5295a4231e546104d55893
+ NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master)
+ NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1)
CVE-2019-3884
RESERVED
NOT-FOR-US: atomic-openshift
@@ -37399,11 +37400,13 @@ CVE-2018-16879 (Ansible Tower before version 3.3.3
does not set a secure channel
CVE-2018-16878 (A flaw was found in pacemaker up to and including version
2.0.1. An in ...)
- pacemaker <unfixed> (bug #927714)
NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
- NOTE:
https://github.com/ClusterLabs/pacemaker/pull/1749/commits/970736b1c7ad5c78cc5295a4231e546104d55893
+ NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master)
+ NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1)
CVE-2018-16877 (A flaw was found in the way pacemaker's client-server
authentication w ...)
- pacemaker <unfixed> (bug #927714)
NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
- NOTE:
https://github.com/ClusterLabs/pacemaker/pull/1749/commits/970736b1c7ad5c78cc5295a4231e546104d55893
+ NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master)
+ NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1)
CVE-2018-16876 (ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to
a infor ...)
{DSA-4396-1}
- ansible 2.7.6+dfsg-1 (bug #916102)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3482beb9b869e337241e25d29434b4626da205d3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3482beb9b869e337241e25d29434b4626da205d3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
