Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
69ed454b by Salvatore Bonaccorso at 2020-03-03T21:09:27+01:00
Mark glusterfs issues as no-dsa
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -92910,12 +92910,14 @@ CVE-2018-14662 (It was found Ceph versions before
13.2.4 that authenticated ceph
CVE-2018-14661 (It was found that usage of snprintf function in feature/locks
translat ...)
{DLA-1565-1}
- glusterfs 5.1-1 (bug #912997)
+ [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point
release)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1636880
NOTE: https://review.gluster.org/#/c/glusterfs/+/21532/
NOTE:
http://git.gluster.org/cgit/glusterfs.git/commit/?id=74dbf0a9aac4b960832029ec122685b5b5009127
CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4
and 3.1.2 ...)
- glusterfs 5.1-1 (bug #912997)
+ [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point
release)
[jessie] - glusterfs <not-affected> (vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635926
@@ -92924,6 +92926,7 @@ CVE-2018-14660 (A flaw was found in glusterfs server
through versions 4.1.4 and
CVE-2018-14659 (The Gluster file system through versions 4.1.4 and 3.1.2 is
vulnerable ...)
{DLA-1565-1}
- glusterfs 5.1-1 (bug #912997)
+ [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point
release)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635929
NOTE: https://review.gluster.org/#/c/glusterfs/+/21530/
@@ -92941,6 +92944,7 @@ CVE-2018-14655 (A flaw was found in Keycloak
3.4.3.Final, 4.0.0.Beta2, 4.3.0.Fin
NOT-FOR-US: Keycloak
CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to
abuse o ...)
- glusterfs 5.1-1 (bug #912997)
+ [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point
release)
[jessie] - glusterfs <not-affected> (vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1631576
@@ -92950,6 +92954,7 @@ CVE-2018-14654 (The Gluster file system through version
4.1.4 is vulnerable to a
CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is
vulnerable ...)
{DLA-1565-1}
- glusterfs 5.1-1 (bug #912997)
+ [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point
release)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1633431
NOTE: https://review.gluster.org/#/c/glusterfs/+/21528/
@@ -92959,6 +92964,7 @@ CVE-2018-14653 (The Gluster file system through
versions 4.1.4 and 3.12 is vulne
CVE-2018-14652 (The Gluster file system through versions 3.12 and 4.1.4 is
vulnerable ...)
{DLA-1565-1}
- glusterfs 5.0-1 (bug #912997)
+ [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point
release)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632974
NOTE: https://review.gluster.org/#/c/glusterfs/+/21535/
@@ -103181,30 +103187,35 @@ CVE-2018-10931 (It was found that cobbler 2.6.x
exposed all functions from its C
CVE-2018-10930 (A flaw was found in RPC request using gfs3_rename_req in
glusterfs ser ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
+ [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point
release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612664
NOTE:
https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
NOTE: When fixing this issue make sure to be complete an not open
CVE-2018-14651
CVE-2018-10929 (A flaw was found in RPC request using gfs2_create_req in
glusterfs ser ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
+ [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point
release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612660
NOTE:
https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
NOTE: When fixing this issue make sure to be complete an not open
CVE-2018-14651
CVE-2018-10928 (A flaw was found in RPC request using gfs3_symlink_req in
glusterfs se ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
+ [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point
release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612659
NOTE:
https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
NOTE: When fixing this issue make sure to be complete an not open
CVE-2018-14651
CVE-2018-10927 (A flaw was found in RPC request using gfs3_lookup_req in
glusterfs ser ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
+ [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point
release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612658
NOTE:
https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
NOTE: When fixing this issue make sure to be complete an not open
CVE-2018-14651
CVE-2018-10926 (A flaw was found in RPC request using gfs3_mknod_req supported
by glus ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
+ [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point
release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1613143
NOTE:
https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
NOTE: When fixing this issue make sure to be complete an not open
CVE-2018-14651
@@ -103228,6 +103239,7 @@ CVE-2018-10924 (It was discovered that fsync(2)
system call in glusterfs client
CVE-2018-10923 (It was found that the "mknod" call derived from mknod(2) can
create fi ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
+ [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point
release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1610659
NOTE:
https://github.com/gluster/glusterfs/commit/4bafcc97e812acc854dfc436ade35df0308d5a3e
CVE-2018-10922 (An input validation flaw exists in ttembed. With a crafted
input file, ...)
@@ -103268,11 +103280,13 @@ CVE-2018-10915 (A vulnerability was found in libpq,
the default PostgreSQL clien
CVE-2018-10914 (It was found that an attacker could issue a xattr request via
glusterf ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
+ [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point
release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607617
NOTE:
https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad
CVE-2018-10913 (An information disclosure vulnerability was discovered in
glusterfs se ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
+ [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point
release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607618
NOTE:
https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad
CVE-2018-10912 (keycloak before version 4.0.0.final is vulnerable to a
infinite loop i ...)
@@ -103280,6 +103294,7 @@ CVE-2018-10912 (keycloak before version 4.0.0.final
is vulnerable to a infinite
CVE-2018-10911 (A flaw was found in the way dic_unserialize function of
glusterfs does ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
+ [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point
release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601657
NOTE:
https://github.com/gluster/glusterfs/commit/cc3271ebf3aacdbbc77fdd527375af78ab12ea8d
CVE-2018-10910 (A bug in Bluez may allow for the Bluetooth Discoverable state
being se ...)
@@ -103299,6 +103314,7 @@ CVE-2018-10908 (It was found that vdsm before version
4.20.37 invokes qemu-img o
CVE-2018-10907 (It was found that glusterfs server is vulnerable to multiple
stack bas ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
+ [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point
release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601642
NOTE:
https://github.com/gluster/glusterfs/commit/35f86ce46240c4f9c216bbc29164ce441cfca1e7
CVE-2018-10906 (In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount
is vuln ...)
@@ -103312,6 +103328,7 @@ CVE-2018-10905 (CloudForms Management Engine (cfme)
is vulnerable to an improper
CVE-2018-10904 (It was found that glusterfs server does not properly sanitize
file pat ...)
{DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
+ [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point
release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601298
NOTE:
https://github.com/gluster/glusterfs/commit/9716ce88b3a1faf135a6badc02d94249898059dd
CVE-2018-10903 (A flaw was found in python-cryptography versions between
>=1.9.0 an ...)
@@ -103616,6 +103633,7 @@ CVE-2018-10842
REJECTED
CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster
server node ...)
- glusterfs 4.1.2-1 (bug #901968)
+ [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point
release)
[jessie] - glusterfs <not-affected> (vulnerable code not present)
NOTE: https://review.gluster.org/#/c/20328/
NOTE:
http://git.gluster.org/cgit/glusterfs.git/commit/?id=e8d928e34680079e42be6947ffacc4ddd7defca2
@@ -131626,6 +131644,7 @@ CVE-2018-1089 (389-ds-base before versions 1.4.0.9,
1.3.8.1, 1.3.6.15 did not pr
NOTE: http://www.openwall.com/lists/oss-security/2018/05/07/2
CVE-2018-1088 (A privilege escalation flaw was found in gluster 3.x snapshot
schedule ...)
- glusterfs 4.0.2-1 (bug #896128)
+ [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point
release)
[jessie] - glusterfs <not-affected> (vulnerable code not present)
[wheezy] - glusterfs <not-affected> (vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1558721
=====================================
data/dsa-needed.txt
=====================================
@@ -20,8 +20,6 @@ amd64-microcode
--
chromium/stable
--
-glusterfs/oldstable
---
graphicsmagick
--
jruby/oldstable
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69ed454bb968cc4d9be683b6c8585f906bdc2242
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69ed454bb968cc4d9be683b6c8585f906bdc2242
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
