Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a4f9044c by Moritz Muehlenhoff at 2018-01-27T17:03:13+01:00
add mailman
- - - - -
558e793e by Moritz Muehlenhoff at 2018-01-27T17:03:49+01:00
miniupnnd no-dsa
remove some tiff issues which are pending for DSA
- - - - -
33848e11 by Moritz Muehlenhoff at 2018-01-27T17:04:11+01:00
Merge branch 'master' of
salsa.debian.org:security-tracker-team/security-tracker
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2425,6 +2425,8 @@ CVE-2018-5361 (The WPGlobus plugin 1.9.6 for WordPress
has CSRF via ...)
NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as
...)
- tiff <unfixed>
+ [stretch] - tiff <postponed> (Minor issue, revisit once fixed upstream)
+ [jessie] - tiff <postponed> (Minor issue, revisit once fixed upstream)
- tiff3 <removed>
NOTE: Issue demostrated in tiff via a vector through graphicsmagick, cf.
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/540/
@@ -3685,6 +3687,8 @@ CVE-2017-1000495 (QuickApps CMS version 2.0.0 is
vulnerable to Stored Cross-site
NOT-FOR-US: QuickApps CMS
CVE-2017-1000494 (Uninitialized stack variable vulnerability in
NameValueParserEndElt ...)
- miniupnpd <unfixed> (bug #887129)
+ [stretch] - miniupnpd <no-dsa> (Minor issue)
+ [jessie] - miniupnpd <no-dsa> (Minor issue)
- miniupnpc <unfixed> (unimportant)
NOTE: https://github.com/miniupnp/miniupnp/issues/268
NOTE:
https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a
@@ -25669,9 +25673,8 @@ CVE-2017-14051 (An integer overflow in the
qla2x00_sysfs_write_optrom_ctl functi
NOTE: https://patchwork.kernel.org/patch/9929625/
NOTE: Non issue, only "exploitable" with root access
CVE-2017-14034 (The restore_tqb_pixels function in hevc_filter.c in
libavcodec, as used ...)
- - ffmpeg <unfixed>
+ - ffmpeg <undetermined>
NOTE: Issue 3 from https://github.com/ebel34/bpg-web-encoder/issues/1
- TODO: check
CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before
2.2.8, ...)
{DSA-4031-1 DLA-1114-1}
- ruby2.3 2.3.5-1 (bug #875928)
@@ -26516,8 +26519,6 @@ CVE-2017-13727 (There is a reachable assertion abort in
the function ...)
CVE-2017-13726 (There is a reachable assertion abort in the function ...)
{DLA-1093-1}
- tiff 4.0.8-5 (bug #873880)
- [stretch] - tiff <no-dsa> (Minor issue)
- [jessie] - tiff <no-dsa> (Minor issue)
- tiff3 <removed>
[wheezy] - tiff3 <not-affected> (Vulnerable code not present)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2727
@@ -41079,7 +41080,6 @@ CVE-2017-8856 (In Veritas NetBackup 8.0 and earlier and
NetBackup Appliance 3.0
CVE-2016-10371 (The TIFFWriteDirectoryTagCheckedRational function in
tif_dirwrite.c in ...)
{DLA-969-1}
- tiff 4.0.7-7 (low; bug #862929)
- [jessie] - tiff <no-dsa> (Minor issue)
- tiff3 <removed>
[wheezy] - tiff3 <no-dsa> (tiff tools are not built, can be fixed later)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2535
=====================================
data/dsa-needed.txt
=====================================
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -35,6 +35,8 @@ libvpx/oldstable
linux
Wait until more issues have piled up
--
+mailman
+--
mercurial
--
openjdk-7/oldstable (jmm)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/d3affa533676f8a747a1a6b77386bdccfadd5982...33848e11b102edd65deba14b9c7d461d4421b2b8
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/d3affa533676f8a747a1a6b77386bdccfadd5982...33848e11b102edd65deba14b9c7d461d4421b2b8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
