Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6d60ccf9 by Moritz Muehlenhoff at 2019-06-03T20:20:16Z
stretch triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -318,6 +318,7 @@ CVE-2019-12451
RESERVED
CVE-2019-12450 (file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through
2.61.1 ...)
- glib2.0 <unfixed> (bug #929753)
+ [stretch] - glib2.0 <no-dsa> (Minor issue)
NOTE:
https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
CVE-2019-12449 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gv ...)
- gvfs <unfixed> (bug #929755)
@@ -889,8 +890,10 @@ CVE-2019-12219 (An issue was discovered in libSDL2.a in
Simple DirectMedia Layer
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4625
CVE-2019-12218 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
- libsdl2-image <unfixed>
+ [stretch] - libsdl2-image <no-dsa> (Minor issue)
[jessie] - libsdl2-image <no-dsa> (Minor issue)
- sdl-image1.2 <unfixed>
+ [stretch] - sdl-image1.2 <no-dsa> (Minor issue)
[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4620
TODO: check details and correct vulnerability location
@@ -904,8 +907,10 @@ CVE-2019-12217 (An issue was discovered in libSDL2.a in
Simple DirectMedia Layer
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4626
CVE-2019-12216 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
- libsdl2-image <unfixed>
+ [stretch] - libsdl2-image <no-dsa> (Minor issue)
[jessie] - libsdl2-image <no-dsa> (Minor issue)
- sdl-image1.2 <unfixed>
+ [stretch] - sdl-image1.2 <no-dsa> (Minor issue)
[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4619
TODO: check details and correct vulnerability location
@@ -3752,7 +3757,8 @@ CVE-2019-11039 [Out-of-bounds read in
iconv.c:_php_iconv_mime_decode() due to in
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78069
CVE-2019-11038 [Uninitialized read in gdImageCreateFromXbm]
RESERVED
- - libgd2 <unfixed> (bug #929821)
+ - libgd2 <unfixed> (low; bug #929821)
+ [stretch] - libgd2 <no-dsa> (Minor issue)
- php7.3 7.3.6-1 (unimportant)
- php7.0 <removed> (unimportant)
- php5 <removed> (unimportant)
@@ -11369,6 +11375,7 @@ CVE-2019-8340
RESERVED
CVE-2019-8339 (An issue was discovered in Falco through 0.14.0. A missing
indicator f ...)
- sysdig <unfixed>
+ [stretch] - sysdig <no-dsa> (Minor issue)
CVE-2019-8338 (The signature verification routine in the Airmail GPG-PGP
Plugin, vers ...)
NOT-FOR-US: Airmail
CVE-2019-8336 (HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3
allows a c ...)
@@ -29849,12 +29856,14 @@ CVE-2018-19666 (The agent in OSSEC through 3.1.0 on
Windows allows local users t
- ossec-hids <itp> (bug #361954)
CVE-2018-19665 (The Bluetooth subsystem in QEMU mishandles negative values for
length ...)
- qemu 1:3.1+dfsg-2 (low; bug #916278)
- [stretch] - qemu <postponed> (Revisit when final upstream patch is out)
+ [stretch] - qemu <ignored> (Minor issue)
[jessie] - qemu <postponed> (Revisit when final upstream patch is out)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html
NOTE: note that previously mentioned patch will never be merged by
upstream, see
NOTE: https://lists.debian.org/debian-lts/2019/01/msg00073.html
+ NOTE: 3.1 marked bluetooth subsystem as unused/deprecated, will most
likely be removed:
+ NOTE: https://github.com/qemu/qemu/commit/c0188e69d
CVE-2018-19664 (libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the
put_pixel ...)
- libjpeg-turbo <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305
@@ -145880,7 +145889,8 @@ CVE-2016-7153 (The HTTP/2 protocol does not consider
the role of the TCP congest
CVE-2016-7152 (The HTTPS protocol does not consider the role of the TCP
congestion wi ...)
NOTE: CVE assigned for the HTTP/2 protocol issue
CVE-2016-7151 (Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused
by a re ...)
- - capstone <unfixed>
+ - capstone <unfixed> (low)
+ [stretch] - capstone <no-dsa> (Minor issue)
[jessie] - capstone <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/aquynh/capstone/commit/87a25bb543c8e4c09b48d4b4a6c7db31ce58df06
(4.0-alpha4)
NOTE: https://github.com/aquynh/capstone/pull/725
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d60ccf93e51597dbb0a7d56689aa0d2801c241d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d60ccf93e51597dbb0a7d56689aa0d2801c241d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
