[Git][security-tracker-team/security-tracker][master] new runc issue

Wed, 25 Sep 2019 13:55:09 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a7496e0b by Moritz Muehlenhoff at 2019-09-25T20:54:29Z
new runc issue
new gradle issues
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,8 @@ CVE-2019-16886
 CVE-2019-16885
        RESERVED
 CVE-2019-16884 (runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce 
and other ...)
-       TODO: check
+       - runc <unfixed>
+       NOTE: https://github.com/opencontainers/runc/issues/2128
 CVE-2019-16883
        RESERVED
 CVE-2019-16882 (An issue was discovered in the string-interner crate before 
0.7.1 for  ...)
@@ -1305,7 +1306,8 @@ CVE-2019-16372
 CVE-2019-16371 (LogMeIn LastPass before 4.33.0 allows attackers to construct a 
crafted ...)
        NOT-FOR-US: LogMeIn LastPass
 CVE-2019-16370 (The PGP signing plugin in Gradle before 6.0 relies on the 
SHA-1 algori ...)
-       TODO: check
+       - gradle <unfixed> (low)
+       NOTE: 
https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f
 CVE-2019-16369
        RESERVED
 CVE-2019-16368
@@ -4803,7 +4805,7 @@ CVE-2019-15140 (coders/mat.c in ImageMagick 7.0.8-43 Q16 
allows remote attackers
 CVE-2019-15139 (The XWD image (X Window System window dumping file) parsing 
component  ...)
        TODO: check
 CVE-2019-15138 (The html-pdf package 2.2.0 for Node.js has an arbitrary file 
read vuln ...)
-       TODO: check
+       NOT-FOR-US: node html-pdf
 CVE-2019-15137 (The Access Control plugin in eProsima Fast RTPS through 1.9.0 
allows f ...)
        NOT-FOR-US: eProsima Fast RTPS
 CVE-2019-15136 (The Access Control plugin in eProsima Fast RTPS through 1.9.0 
does not ...)
@@ -5137,7 +5139,10 @@ CVE-2019-15054
 CVE-2019-15053 (The "HTML Include and replace macro" plugin before 1.5.0 for 
Confluenc ...)
        NOT-FOR-US: "HTML Include and replace macro" plugin for Confluence 
Server
 CVE-2019-15052 (The HTTP client in Gradle before 5.6 sends authentication 
credentials  ...)
-       TODO: check
+       - gradle <unfixed> (low)
+       NOTE: https://github.com/gradle/gradle/issues/10278
+       NOTE: https://github.com/gradle/gradle/pull/10176
+       NOTE: 
https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95
 CVE-2019-15051
        RESERVED
 CVE-2019-15050 (An issue was discovered in Bento4 1.5.1.0. There is a 
heap-based buffe ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a7496e0b55d58e1ddeca888d66ec4942e667ae18

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a7496e0b55d58e1ddeca888d66ec4942e667ae18
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to