Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
91ae8fc1 by Moritz Muehlenhoff at 2019-09-28T20:22:45Z
gcrypt, gvfs no-dsa
xpdf n/a
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35,7 +35,7 @@ CVE-2019-16930
CVE-2019-16929
RESERVED
CVE-2019-16927 (Xpdf 4.01.01 has an out-of-bounds write in the vertProfile
part of the ...)
- TODO: check
+ - xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-16926 (Flower 1.0.0 has XSS via a crafted worker name. ...)
NOT-FOR-US: Flower
CVE-2019-16925 (Flower 1.0.0 has XSS via the name parameter in an @app.task
call. ...)
@@ -12629,6 +12629,8 @@ CVE-2019-12905 (FileRun 2019.05.21 allows XSS via the
filename to the ?module=fi
NOT-FOR-US: FileRun
CVE-2019-12904 (In Libgcrypt 1.8.4, the C implementation of AES is vulnerable
to a flu ...)
- libgcrypt20 <unfixed> (bug #930885)
+ [buster] - libgcrypt20 <no-dsa> (Minor issue)
+ [stretch] - libgcrypt20 <no-dsa> (Minor issue)
[jessie] - libgcrypt20 <not-affected> (Vulnerable code introduced later
in version 1.7.0)
- libgcrypt11 <removed>
NOTE: https://dev.gnupg.org/T4541
@@ -12925,6 +12927,7 @@ CVE-2019-12796
CVE-2019-12795 (daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3,
1.40.x bef ...)
{DLA-1827-1}
- gvfs 1.38.1-5 (bug #930376)
+ [stretch] - gvfs <no-dsa> (Minor issue)
NOTE:
https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a
(master)
NOTE:
https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f
(gnome-3-32)
NOTE:
https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe
(gnome-3-30)
@@ -13802,14 +13805,17 @@ CVE-2019-12450 (file_copy_fallback in gio/gfile.c in
GNOME GLib 2.15.0 through 2
NOTE:
https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
CVE-2019-12449 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gv ...)
- gvfs 1.38.1-4 (bug #929755)
+ [stretch] - gvfs <no-dsa> (Minor issue)
[jessie] - gvfs <not-affected> (Vulnerable code introduced later)
NOTE:
https://gitlab.gnome.org/GNOME/gvfs/commit/d5dfd823c94045488aef8727c553f1e0f7666b90
CVE-2019-12448 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gv ...)
- gvfs 1.38.1-4 (bug #929755)
+ [stretch] - gvfs <no-dsa> (Minor issue)
[jessie] - gvfs <not-affected> (Vulnerable code introduced later)
NOTE:
https://gitlab.gnome.org/GNOME/gvfs/commit/5cd76d627f4d1982b6e77a0e271ef9301732d09e
CVE-2019-12447 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gv ...)
- gvfs 1.38.1-4 (bug #929755)
+ [stretch] - gvfs <no-dsa> (Minor issue)
[jessie] - gvfs <not-affected> (Vulnerable code introduced later)
NOTE:
https://gitlab.gnome.org/GNOME/gvfs/commit/daf1163aba229afcfddf0f925aef7e97047e8959
NOTE:
https://gitlab.gnome.org/GNOME/gvfs/commit/3895e09d784ebec0fbc4614d5c37068736120e1d
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/91ae8fc1fc78e63bd3484e51bf0b576499149326
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/91ae8fc1fc78e63bd3484e51bf0b576499149326
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
