[Git][security-tracker-team/security-tracker][master] buster/stretch triage

Mon, 15 Jul 2019 08:18:52 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
df41bc15 by Moritz Muehlenhoff at 2019-07-15T15:17:47Z
buster/stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1035,7 +1035,9 @@ CVE-2019-13163
 CVE-2019-13162
        RESERVED
 CVE-2019-13161 (An issue was discovered in Asterisk Open Source through 
13.27.0, 14.x  ...)
-       - asterisk 1:16.2.1~dfsg-2 (bug #931981)
+       - asterisk 1:16.2.1~dfsg-2 (low; bug #931981)
+       [buster] - asterisk <no-dsa> (Minor issue)
+       [stretch] - asterisk <no-dsa> (Minor issue)
        NOTE: http://downloads.digium.com/pub/security/AST-2019-003.html
        NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28465
 CVE-2019-13160
@@ -1537,6 +1539,8 @@ CVE-2019-12974 (A NULL pointer dereference in the 
function ReadPANGOImage in cod
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24
 CVE-2019-12973 (In OpenJPEG 2.3.1, there is excessive iteration in the 
opj_t1_encode_c ...)
        - openjpeg2 <unfixed> (bug #931292)
+       [buster] - openjpeg2 <no-dsa> (Minor issue)
+       [stretch] - openjpeg2 <no-dsa> (Minor issue)
        [jessie] - openjpeg2 <not-affected> (vulnerable code is not present)
        NOTE: https://github.com/uclouvain/openjpeg/pull/1185
        NOTE: 
https://github.com/uclouvain/openjpeg/commit/21399f6b7d318fcdf4406d5e88723c4922202aa3
@@ -1922,6 +1926,8 @@ CVE-2019-12828 (An issue was discovered in Electronic 
Arts Origin before 10.5.39
        NOT-FOR-US: Electronic Arts Origin
 CVE-2019-12827 (Buffer overflow in res_pjsip_messaging in Digium Asterisk 
versions 13. ...)
        - asterisk 1:16.2.1~dfsg-2 (bug #931980)
+       [buster] - asterisk <no-dsa> (Minor issue)
+       [stretch] - asterisk <no-dsa> (Minor issue)
        NOTE: https://downloads.asterisk.org/pub/security/AST-2019-002.html
        NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28447
 CVE-2019-12826 (A Cross-Site-Request-Forgery (CSRF) vulnerability in 
widget_logic.php  ...)
@@ -9572,18 +9578,23 @@ CVE-2019-9888
        RESERVED
 CVE-2019-1010319 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of 
Uninitialize ...)
        - wavpack 5.1.0-7 (low; bug #932061)
+       [buster] - wavpack <no-dsa> (Minor issue)
+       [stretch] - wavpack <no-dsa> (Minor issue)
        NOTE: 
https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe
        NOTE: https://github.com/dbry/WavPack/issues/68
 CVE-2019-1010318
        REJECTED
 CVE-2019-1010317 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of 
Uninitialize ...)
        - wavpack 5.1.0-7 (low; bug #932060)
+       [buster] - wavpack <no-dsa> (Minor issue)
+       [stretch] - wavpack <no-dsa> (Minor issue)
        NOTE: 
https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b
        NOTE: https://github.com/dbry/WavPack/issues/66
 CVE-2019-1010316 (pyxtrlock 0.3 and earlier is affected by: Incorrect Access 
Control. Th ...)
        NOT-FOR-US: pyxtrlock
 CVE-2019-1010315 (WavPack 5.1 and earlier is affected by: CWE 369: Divide by 
Zero. The i ...)
        - wavpack 5.1.0-6 (low)
+       [stretch] - wavpack <no-dsa> (Minor issue)
        NOTE: 
https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc
        NOTE: https://github.com/dbry/WavPack/issues/65
 CVE-2019-1010314 (Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting 
(XSS). The imp ...)
@@ -45868,8 +45879,8 @@ CVE-2018-15912 (An issue was discovered in 
manjaro-update-system.sh in manjaro-s
        NOT-FOR-US: manjaro-update-system.sh in manjaro-system on Manjaro Linux
 CVE-2018-15919 (Remotely observable behaviour in auth-gss2.c in OpenSSH 
through 7.8 co ...)
        - openssh <unfixed> (low; bug #907503)
-       [buster] - openssh <no-dsa> (Minor issue)
-       [stretch] - openssh <no-dsa> (Minor issue)
+       [buster] - openssh <ignored> (Minor issue)
+       [stretch] - openssh <ignored> (Minor issue)
        [jessie] - openssh <no-dsa> (Minor issue)
        NOTE: http://www.openwall.com/lists/oss-security/2018/08/27/2
 CVE-2018-15911 (In Artifex Ghostscript 9.23 before 2018-08-24, attackers able 
to suppl ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/df41bc15aa0493081cb199b42ea7c2da4a2826b5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/df41bc15aa0493081cb199b42ea7c2da4a2826b5
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to