Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 62dc2699 by Salvatore Bonaccorso at 2019-05-01T12:06:26Z Mark all Apport related entries as NFU src:apport itself was ever only in experimental and never migrated to unstable as it needed extra services to actually function. Maintainer recently asked for complete removal of Apport, tracked as https://bugs.debian.org/924960 . As it was never in unstable or any other supported suites, we can mark it safely as NFU considering it was never in Debian. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -65564,9 +65564,7 @@ CVE-2018-6553 (The CUPS AppArmor profile incorrectly confined the dnssd backend {DSA-4243-1 DLA-1426-1} - cups 2.2.8-5 (bug #903605) CVE-2018-6552 (Apport does not properly handle crashes originating from a PID namespa ...) - [experimental] - apport <unfixed> - NOTE: apport only in experimental, so we cannot track this in security-tracker - NOTE: add it, to have an explicit reference for apport if it ever enters unstable + NOT-FOR-US: Apport CVE-2018-6551 (The malloc implementation in the GNU C Library (aka glibc or libc6), f ...) [experimental] - glibc 2.26.9000+20180127.7e23a7dd-0experimental0 - glibc 2.27-1 @@ -93998,21 +93996,15 @@ CVE-2017-14183 CVE-2017-14182 (A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5 ...) NOT-FOR-US: Fortinet CVE-2017-14180 (Apport 2.13 through 2.20.7 does not properly handle crashes originatin ...) - [experimental] - apport <unfixed> - NOTE: apport only in experimental, so we cannot track this in security-tracker - NOTE: add it, to have an explicit reference for apport if it ever enters unstable + NOT-FOR-US: Apport CVE-2017-14179 (Apport before 2.13 does not properly handle crashes originating from a ...) - [experimental] - apport <unfixed> - NOTE: apport only in experimental, so we cannot track this in security-tracker - NOTE: add it, to have an explicit reference for apport if it ever enters unstable + NOT-FOR-US: Apport CVE-2017-14178 (In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to ...) - snapd 2.30-1 [stretch] - snapd <not-affected> (Issue introduced in 2.27) NOTE: https://launchpad.net/bugs/1730255 CVE-2017-14177 (Apport through 2.20.7 does not properly handle core dumps from setuid ...) - [experimental] - apport <unfixed> - NOTE: apport only in experimental, so we cannot track this in security-tracker - NOTE: add it, to have an explicit reference for apport if it ever enters unstable + NOT-FOR-US: Apport CVE-2017-14181 (DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 ...) NOT-FOR-US: aacplusenc CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() du ...) @@ -104525,8 +104517,7 @@ CVE-2017-10710 CVE-2017-10709 (The lockscreen on Elephone P9000 devices (running Android 6.0) allows ...) NOT-FOR-US: Elephone P9000 devices CVE-2017-10708 (An issue was discovered in Apport through 2.20.x. In apport/report.py, ...) - [experimental] - apport 2.20.4-2 (bug #868831) - NOTE: apport only in experimental, so we cannot track this in security-tracker + NOT-FOR-US: Apport CVE-2017-10707 RESERVED CVE-2017-10706 (When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP ...) @@ -126233,23 +126224,11 @@ CVE-2016-9956 (The route manager in FlightGear before 2016.4.4 allows remote att - flightgear 1:2016.4.3+dfsg-1 (bug #848114) NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/11 CVE-2016-9951 (An issue was discovered in Apport before 2.20.4. A malicious Apport cr ...) - [experimental] - apport 2.20.4-1 (bug #848213) - NOTE: apport only in experimental, so we cannot track this in security-tracker - NOTE: add it, as we have an explicit (bug) reference for apport - NOTE: https://bugs.launchpad.net/apport/+bug/1648806 - NOTE: https://donncha.is/2016/12/compromising-ubuntu-desktop/ + NOT-FOR-US: Apport CVE-2016-9950 (An issue was discovered in Apport before 2.20.4. There is a path trave ...) - [experimental] - apport 2.20.4-1 (bug #848213) - NOTE: apport only in experimental, so we cannot track this in security-tracker - NOTE: add it, as we have an explicit (bug) reference for apport - NOTE: https://bugs.launchpad.net/apport/+bug/1648806 - NOTE: https://donncha.is/2016/12/compromising-ubuntu-desktop/ + NOT-FOR-US: Apport CVE-2016-9949 (An issue was discovered in Apport before 2.20.4. In apport/ui.py, Appo ...) - [experimental] - apport 2.20.4-1 (bug #848213) - NOTE: apport only in experimental, so we cannot track this in security-tracker - NOTE: add it, as we have an explicit (bug) reference for apport - NOTE: https://bugs.launchpad.net/apport/+bug/1648806 - NOTE: https://donncha.is/2016/12/compromising-ubuntu-desktop/ + NOT-FOR-US: Apport CVE-2016-9948 RESERVED CVE-2016-9947 @@ -188077,9 +188056,7 @@ CVE-2015-1339 (Memory leak in the cuse_channel_release function in fs/fuse/cuse. NOTE: Introduced in: https://git.kernel.org/linus/cc080e9e9be16ccf26135d366d7d2b65209f1d56 (v4.2-rc1) NOTE: Fixed in: https://git.kernel.org/linus/2c5816b4beccc8ba709144539f6fdd764f8fa49c (v4.4-rc5) CVE-2015-1338 (kernel_crashdump in Apport before 2.19 allows local users to cause a d ...) - [experimental] - apport <unfixed> - NOTE: apport only in experimental, so we cannot track this in security-tracker - NOTE: add it, as we have an explicit (bug) reference for apport + NOT-FOR-US: Apport CVE-2015-1337 (Simple Streams (simplestreams) does not properly verify the GPG signat ...) NOT-FOR-US: simplestreams CVE-2015-1336 (The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in ...) @@ -188134,9 +188111,9 @@ CVE-2015-1326 (python-dbusmock before version 0.15.1 AddTemplate() D-Bus method [jessie] - python-dbusmock 0.11.4-1+deb8u1 NOTE: https://bugs.launchpad.net/python-dbusmock/+bug/1453815 CVE-2015-1325 (Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubunt ...) - [experimental] - apport 2.17.3-1 + NOT-FOR-US: Apport CVE-2015-1324 (Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2. ...) - [experimental] - apport 2.17.3-1 + NOT-FOR-US: Apport CVE-2015-1323 (The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 a ...) {DLA-261-1} - aptdaemon 1.1.1+bzr982-1 (bug #789162) @@ -188154,9 +188131,7 @@ CVE-2015-1320 (The SeaMicro provisioning of Ubuntu MAAS logs credentials, includ CVE-2015-1319 (The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 1 ...) - unity <itp> (bug #609278) CVE-2015-1318 (The crash reporting feature in Apport 2.13 through 2.17.x before 2.17. ...) - [experimental] - apport <unfixed> - NOTE: apport only in experimental, so we cannot track this in security-tracker - NOTE: add it, as we have an explicit (bug) reference for apport + NOT-FOR-US: Apport CVE-2015-1317 (Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1. ...) NOT-FOR-US: Oxide CVE-2015-1316 (Juju Core's Joyent provider before version 1.25.5 uploads the user's p ...) @@ -234410,9 +234385,7 @@ CVE-2013-1068 (The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:20 [wheezy] - cinder <not-affected> (Vulnerable code not present) NOTE: Requires includedir to be defined in /etc/sudoers file CVE-2013-1067 (Apport 2.12.5 and earlier uses weak permissions for core dump files cr ...) - [experimental] - apport 2.12.6-1 (bug #727661) - NOTE: apport only in experimental, so we cannot track this in security-tracker - NOTE: add it, as we have an explicit (bug) reference for apport + NOT-FOR-US: Apport CVE-2013-1066 (language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0. ...) NOT-FOR-US: language-selector CVE-2013-1065 (backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D- ...) @@ -293025,7 +292998,7 @@ CVE-2009-1296 (The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on NOTE: encrypted home directories with ecryptfs, so no passphrase is stored in the NOTE: installer logs on disk CVE-2009-1295 (Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.1 ...) - [experimental] - apport <not-affected> (Fixed before initial upload into Debian) + NOT-FOR-US: Apport CVE-2009-1294 (Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home ...) NOT-FOR-US: Novell Teaming CVE-2009-1293 (The web login functionality (c/portal/login) in Novell Teaming 1.0 thr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62dc2699ca7224c9cee5a90bc25f8ea86a2fb4e7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62dc2699ca7224c9cee5a90bc25f8ea86a2fb4e7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
