Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
116eb621 by Moritz Muehlenhoff at 2020-01-21T18:10:07+01:00
buster/stretch triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14267,8 +14267,8 @@ CVE-2019-19260 (GitLab Community Edition (CE) and
Enterprise Edition (EE) throug
[experimental] - gitlab 12.2.9-5
- gitlab <unfixed>
- gitlab-workhorse 8.8.1+debian-3
- [buster] - gitlab-workhorse <no-dsa> (Minor issue)
- [stretch] - gitlab-workhorse <no-dsa> (Minor issue)
+ [buster] - gitlab-workhorse <ignored> (Minor issue)
+ [stretch] - gitlab-workhorse <ignored> (Minor issue)
[experimental] - gitaly 1.65.2+dfsg-1
- gitaly <unfixed>
NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
@@ -62812,15 +62812,15 @@ CVE-2018-20541 (There is a heap-based buffer overflow
in libxsmm_sparse_csc_read
NOTE:
https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d
NOTE: https://github.com/hfp/libxsmm/issues/287
CVE-2018-20540 (There is memory leak at liblas::Open (liblas/liblas.hpp) in
libLAS 1.8 ...)
- - liblas 1.8.1-10 (bug #922459)
- [stretch] - liblas <no-dsa> (Minor issue)
+ - liblas 1.8.1-10 (low; bug #922459)
+ [stretch] - liblas <ignored> (Minor issue)
[jessie] - liblas <no-dsa> (Minor issue)
NOTE: https://github.com/libLAS/libLAS/issues/158
NOTE:
https://github.com/libLAS/libLAS/commit/ba7346d349fb00b18d0c12e226ac3090eac25d7b
CVE-2018-20539 (There is a Segmentation fault triggered by illegal address
access at l ...)
- liblas <removed> (low; bug #924614)
- [buster] - liblas <no-dsa> (Minor issue)
- [stretch] - liblas <no-dsa> (Minor issue)
+ [buster] - liblas <ignored> (Minor issue)
+ [stretch] - liblas <ignored> (Minor issue)
[jessie] - liblas <no-dsa> (Minor issue)
NOTE: https://github.com/libLAS/libLAS/issues/159
CVE-2018-20538 (There is a use-after-free at asm/preproc.c (function
pp_getline) in Ne ...)
@@ -62829,14 +62829,14 @@ CVE-2018-20538 (There is a use-after-free at
asm/preproc.c (function pp_getline)
NOTE: Crash in CLI tool, no security impact
CVE-2018-20537 (There is a NULL pointer dereference at
liblas::SpatialReference::GetGT ...)
- liblas <removed> (low; bug #924614)
- [buster] - liblas <no-dsa> (Minor issue)
- [stretch] - liblas <no-dsa> (Minor issue)
+ [buster] - liblas <ignored> (Minor issue)
+ [stretch] - liblas <ignored> (Minor issue)
[jessie] - liblas <no-dsa> (Minor issue)
NOTE: https://github.com/libLAS/libLAS/issues/160
CVE-2018-20536 (There is a heap-based buffer over-read at
liblas::SpatialReference::Ge ...)
- liblas <removed> (low; bug #924614)
- [buster] - liblas <no-dsa> (Minor issue)
- [stretch] - liblas <no-dsa> (Minor issue)
+ [buster] - liblas <ignored> (Minor issue)
+ [stretch] - liblas <ignored> (Minor issue)
[jessie] - liblas <no-dsa> (Minor issue)
NOTE: https://github.com/libLAS/libLAS/issues/161
CVE-2018-20535 (There is a use-after-free at asm/preproc.c (function
pp_getline) in Ne ...)
@@ -103529,8 +103529,8 @@ CVE-2017-18227 (TitanHQ WebTitan Gateway has
incorrect certificate validation fo
NOT-FOR-US: TitanHQ WebTitan Gateway
CVE-2017-18226 (The Gentoo net-im/jabberd2 package through 2.6.1 sets the
ownership of ...)
- jabberd2 <unfixed> (low; bug #902783)
- [buster] - jabberd2 <no-dsa> (Minor issue, default init system not
affected)
- [stretch] - jabberd2 <no-dsa> (Minor issue, default init system not
affected)
+ [buster] - jabberd2 <ignored> (Minor issue, default init system not
affected)
+ [stretch] - jabberd2 <ignored> (Minor issue, default init system not
affected)
NOTE: https://bugs.gentoo.org/631068
CVE-2017-18225 (The Gentoo net-im/jabberd2 package through 2.6.1 installs
jabberd, jab ...)
- jabberd2 <not-affected> (Installed with correct permissions in Debian)
@@ -109280,10 +109280,10 @@ CVE-2018-6260 (NVIDIA graphics driver contains a
vulnerability that may allow ac
- nvidia-graphics-drivers-legacy-390xx 390.116-1
[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
- [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported)
- [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not
supported)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free
not supported)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
- [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
+ [stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free
not supported)
[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4738
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4772
@@ -109305,10 +109305,10 @@ CVE-2018-6253 (NVIDIA GPU Display Driver contains a
vulnerability in the DirectX
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
- [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported, no updates provided by Nvidia for 340)
- [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not
supported, no updates provided by Nvidia for 340)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free
not supported)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
- [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
+ [stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free
not supported)
[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4649
CVE-2018-6252 (NVIDIA Windows GPU Display Driver contains a vulnerability in
the kern ...)
@@ -109323,10 +109323,10 @@ CVE-2018-6249 (NVIDIA GPU Display Driver contains a
vulnerability in kernel mode
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
- [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported, no updates provided by Nvidia for 340)
- [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not
supported, no updates provided by Nvidia for 340)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free
not supported)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
- [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
+ [stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free
not supported)
[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4649
CVE-2018-6248 (NVIDIA Windows GPU Display Driver contains a vulnerability in
the kern ...)
@@ -161317,10 +161317,10 @@ CVE-2017-6272 (NVIDIA GPU Display Driver contains a
vulnerability in the kernel
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
- [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported, no updates provided by Nvidia for 340)
- [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not
supported, no updates provided by Nvidia for 340)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free
not supported)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
- [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
+ [stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free
not supported)
[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544
CVE-2017-6271 (NVIDIA Windows GPU Display Driver contains a vulnerability in
the kern ...)
@@ -161338,10 +161338,10 @@ CVE-2017-6267 (NVIDIA GPU Display Driver contains a
vulnerability in the kernel
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
- [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported, no updates provided by Nvidia for 340)
- [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not
supported, no updates provided by Nvidia for 340)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free
not supported)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
- [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
+ [stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free
not supported)
[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544
CVE-2017-6266 (NVIDIA GPU Display Driver contains a vulnerability in the
kernel mode ...)
@@ -161351,10 +161351,10 @@ CVE-2017-6266 (NVIDIA GPU Display Driver contains a
vulnerability in the kernel
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
- [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported, no updates provided by Nvidia for 340)
- [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not
supported, no updates provided by Nvidia for 340)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free
not supported)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
- [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
+ [stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free
not supported)
[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544
CVE-2017-6265
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/116eb62167a8a57c1075eecff529e1a62d7ce15f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/116eb62167a8a57c1075eecff529e1a62d7ce15f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
