Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6fe2824f by Moritz Muehlenhoff at 2019-07-16T10:10:55Z
libxslt no-dsa
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -713,6 +713,7 @@ CVE-2014-10201
RESERVED
CVE-2014-10200
RESERVED
+ NOT-FOR-US: OpenShift
CVE-2014-1020
RESERVED
CVE-2014-10199
@@ -2140,12 +2141,16 @@ CVE-2019-13120
CVE-2019-13119
RESERVED
CVE-2019-13118 (In numbers.c in libxslt 1.1.33, a type holding grouping
characters of ...)
- - libxslt <unfixed> (bug #931320)
+ - libxslt <unfixed> (low; bug #931320)
+ [buster] - libxslt <no-dsa> (Minor issue)
+ [stretch] - libxslt <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
NOTE:
https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
NOTE: https://oss-fuzz.com/testcase-detail/5197371471822848
CVE-2019-13117 (In numbers.c in libxslt 1.1.33, an xsl:number with certain
format stri ...)
- - libxslt <unfixed> (bug #931321)
+ - libxslt <unfixed> (low; bug #931321)
+ [buster] - libxslt <no-dsa> (Minor issue)
+ [stretch] - libxslt <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
NOTE:
https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
NOTE: https://oss-fuzz.com/testcase-detail/5631739747106816
@@ -136965,8 +136970,7 @@ CVE-2017-2479 (An issue was discovered in certain
Apple products. iOS before 10.
CVE-2017-2478 (An issue was discovered in certain Apple products. iOS before
10.3 is ...)
NOT-FOR-US: Apple involving Kernel component
CVE-2017-2477 (An issue was discovered in certain Apple products. macOS before
10.12. ...)
- - libxslt <undetermined>
- NOTE: contacted Apple for more information, but no reply for quite a
while
+ NOT-FOR-US: Potentially src:libxslt, but Apple doesn't play by the rules
CVE-2017-2476 (An issue was discovered in certain Apple products. iOS before
10.3 is ...)
- webkit2gtk 2.14.6-1 (unimportant)
NOTE: Not covered by security support
@@ -159021,7 +159025,7 @@ CVE-2016-4608 (libxslt in Apple iOS before 9.3.3, OS
X before 10.11.6, iTunes be
- libxslt 1.1.29-1
NOTE:
https://gitlab.gnome.org/GNOME/libxslt/commit/5d0c6565bab5b9b7efceb33b626916d22b4101a7
(v1.1.29-rc1)
CVE-2016-4607 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes
before ...)
- - libxslt <undetermined>
+ NOT-FOR-US: Potentially src:libxslt, but Apple doesn't play by the rules
NOTE: contacted Apple for more information, but no reply for quite a
while.
NOTE: Apple still does not provide information on this CVE, although it
is
NOTE: possible that it's fixed in 1.1.29 upstream.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fe2824f42cde559937d72eb4bd5d305935b7d57
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fe2824f42cde559937d72eb4bd5d305935b7d57
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
