Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c4033775 by Moritz Muehlenhoff at 2019-06-25T20:45:50Z
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -245,6 +245,7 @@ CVE-2019-12856
RESERVED
CVE-2019-12855 (In words.protocols.jabber.xmlstream in Twisted through 19.2.1,
XMPP su ...)
- twisted <unfixed> (bug #930626)
+ [buster] - twisted <no-dsa> (Minor issue)
[stretch] - twisted <no-dsa> (Minor issue)
[jessie] - twisted <no-dsa> (Minor issue)
NOTE: https://github.com/twisted/twisted/pull/1147
@@ -1098,15 +1099,21 @@ CVE-2019-12485
CVE-2019-12484
RESERVED
CVE-2019-12483 (An issue was discovered in GPAC 0.7.1. There is a heap-based
buffer ov ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #931088)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1249
NOTE:
https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1
CVE-2019-12482 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer
derefer ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #931088)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1249
NOTE:
https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1
CVE-2019-12481 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer
derefer ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #931088)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1249
NOTE:
https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1
CVE-2019-12480 (BACnet Protocol Stack through 0.8.6 could allow an
unauthenticated, re ...)
@@ -1393,6 +1400,7 @@ CVE-2019-12388
RESERVED
CVE-2019-12387 (In Twisted before 19.2.1, twisted.web did not validate or
sanitize URI ...)
- twisted <unfixed> (bug #930389)
+ [buster] - twisted <no-dsa> (Minor issue)
[stretch] - twisted <no-dsa> (Minor issue)
[jessie] - twisted <no-dsa> (Minor issue)
NOTE:
https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2
@@ -23347,6 +23355,8 @@ CVE-2019-3812 (QEMU, through version 2.10 and through
version 3.1.0, is vulnerab
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=78c71af8049c40657b646d9dd722867fa15c0f1b
CVE-2019-3811 (A vulnerability was found in sssd. If a user was configured
with no ho ...)
{DLA-1635-1}
+ [buster] - sssd <no-dsa> (Minor issue)
+ [stretch] - sssd <no-dsa> (Minor issue)
- sssd <unfixed> (bug #919051)
NOTE: Upstream ticket: https://pagure.io/SSSD/sssd/issue/3901
NOTE: Pull request: https://github.com/SSSD/sssd/pull/703
@@ -41418,6 +41428,7 @@ CVE-2018-16884 (A flaw was found in the Linux kernel's
NFS41+ subsystem. NFS41+
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1660375
CVE-2018-16883 (sssd versions from 1.13.0 to before 2.0.0 did not properly
restrict ac ...)
- sssd <unfixed> (bug #916824)
+ [buster] - sssd <no-dsa> (Minor issue)
[stretch] - sssd <no-dsa> (Minor issue)
[jessie] - sssd <not-affected> (Issue got introduced with 1.13.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1659862
@@ -41687,6 +41698,8 @@ CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1 are
vulnerable to a buffer o
NOTE: Fixed by:
https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5
CVE-2018-16838 (A flaw was found in sssd Group Policy Objects implementation.
When the ...)
- sssd <unfixed>
+ [buster] - sssd <no-dsa> (Minor issue)
+ [stretch] - sssd <no-dsa> (Minor issue)
[jessie] - sssd <not-affected> (GPO based access control introduced
later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1640820
NOTE: GPO based access control introduced in
https://github.com/SSSD/sssd/commit/60cab26b12
@@ -57704,6 +57717,8 @@ CVE-2018-10853 (A flaw was found in the way Linux
kernel KVM hypervisor before 4
NOTE: Fixed by:
https://git.kernel.org/linus/3c9fa24ca7c9c47605672916491f79e8ccacb9e6
CVE-2018-10852 (The UNIX pipe which sudo uses to contact SSSD and read the
available s ...)
{DLA-1429-1}
+ [buster] - sssd <no-dsa> (Minor issue)
+ [stretch] - sssd <no-dsa> (Minor issue)
- sssd <unfixed> (bug #902860)
NOTE: https://pagure.io/SSSD/sssd/issue/3766
CVE-2018-10851 (PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding
4.1.5 and 4. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4033775c5141833ea637b88b4fb427fd1c725b8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4033775c5141833ea637b88b4fb427fd1c725b8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
