[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: new logstash issue

Sat, 31 Mar 2018 13:39:36 -0700 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8d680181 by Moritz Muehlenhoff at 2018-03-31T22:35:27+02:00
new logstash issue

- - - - -
19fcf524 by Moritz Muehlenhoff at 2018-03-31T22:38:52+02:00
new imagemagick issue
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -61,9 +61,11 @@ CVE-2018-9137
 CVE-2018-9136 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows 
attackers ...)
        NOT-FOR-US: Jungo
 CVE-2018-9135 (In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer 
over-read in ...)
-       TODO: check
+       - imagemagick <unfixed> (unimportant)
+       NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/4f7196b0b7539b113f2580b6a77aa496813d8899
+       NOTE: webp support not enabled, see #806425
 CVE-2018-9134 (file_manage_control.php in DedeCMS 5.7 has CSRF in an 
fmdo=rename ...)
-       TODO: check
+       NOT-FOR-US: DedeCMS
 CVE-2018-9133 (ImageMagick 7.0.7-26 Q16 has excessive iteration in the 
DecodeLabImage ...)
        TODO: check
 CVE-2018-9132 (libming 0.4.8 has a NULL pointer dereference in the getInt 
function of ...)
@@ -13965,7 +13967,7 @@ CVE-2018-3819 (The fix in Kibana for ESA-2017-23 was 
incomplete. With X-Pack sec
 CVE-2018-3818 (Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site 
scripting ...)
        - kibana <itp> (bug #700337)
 CVE-2018-3817 (When logging warnings regarding deprecated settings, Logstash 
before ...)
-       TODO: check
+       - logstash <itp> (bug #664841)
 CVE-2017-18017 (The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c 
in the ...)
        - linux 4.11.6-1
        [stretch] - linux 4.9.47-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/bbdb925e2ca9d81aa80cb0cf744d22b6453a0242...19fcf524572347bbed5e253bdbb37fd08a0ed6c9

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/bbdb925e2ca9d81aa80cb0cf744d22b6453a0242...19fcf524572347bbed5e253bdbb37fd08a0ed6c9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to