Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8ca855fe by Moritz Muehlenhoff at 2018-06-07T22:59:58+02:00 various no-dsa add and take imagemagick - - - - - af278a87 by Moritz Muehlenhoff at 2018-06-07T23:04:00+02:00 Merge branch 'master' of https://salsa.debian.org/security-tracker-team/security-tracker - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -648,6 +648,8 @@ CVE-2018-11744 RESERVED CVE-2018-11743 (The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy ...) - mruby <unfixed> (bug #900845) + [stretch] - mruby <no-dsa> (Minor issue) + [jessie] - mruby <no-dsa> (Minor issue) NOTE: https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d NOTE: https://github.com/mruby/mruby/issues/4027 CVE-2018-11742 @@ -655,16 +657,24 @@ CVE-2018-11742 CVE-2018-11741 RESERVED CVE-2018-11740 (An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from ...) - - sleuthkit <unfixed> + - sleuthkit <unfixed> (low) + [stretch] - sleuthkit <no-dsa> (Minor issue) + [jessie] - sleuthkit <no-dsa> (Minor issue) NOTE: https://github.com/sleuthkit/sleuthkit/issues/1264 CVE-2018-11739 (An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from ...) - - sleuthkit <unfixed> + - sleuthkit <unfixed> (low) + [stretch] - sleuthkit <no-dsa> (Minor issue) + [jessie] - sleuthkit <no-dsa> (Minor issue) NOTE: https://github.com/sleuthkit/sleuthkit/issues/1267 CVE-2018-11738 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from ...) - - sleuthkit <unfixed> + - sleuthkit <unfixed> (low) + [stretch] - sleuthkit <no-dsa> (Minor issue) + [jessie] - sleuthkit <no-dsa> (Minor issue) NOTE: https://github.com/sleuthkit/sleuthkit/issues/1265 CVE-2018-11737 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from ...) - - sleuthkit <unfixed> + - sleuthkit <unfixed> (low) + [stretch] - sleuthkit <no-dsa> (Minor issue) + [jessie] - sleuthkit <no-dsa> (Minor issue) NOTE: https://github.com/sleuthkit/sleuthkit/issues/1266 CVE-2018-1000201 RESERVED @@ -742,6 +752,7 @@ CVE-2018-11711 (A remote attacker can bypass the System Manager Mode on the Cano NOT-FOR-US: Canon MF210 and MF220 web interface CVE-2018-11710 (soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers ...) - libopenmpt 0.3.9-1 + [stretch] - libopenmpt <no-dsa> (Minor issue) NOTE: https://lib.openmpt.org/libopenmpt/2018/04/29/security-updates-0.3.9-0.2-beta32-0.2.7561-beta20.5-p9-0.2.7386-beta20.3-p12/ NOTE: https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10149&peg=10150 CVE-2018-11709 (wpforo_get_request_uri in wpf-includes/functions.php in the wpForo ...) @@ -7431,6 +7442,8 @@ CVE-2017-18249 (The add_free_nid function in fs/f2fs/node.c in the Linux kernel CVE-2017-18248 (The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when ...) {DLA-1387-1} - cups 2.2.6-1 + [stretch] - cups <no-dsa> (Minor issue) + [jessie] - cups <no-dsa> (Minor issue) NOTE: https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3 NOTE: https://github.com/apple/cups/issues/5143 CVE-2018-9020 (The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via ...) @@ -134635,6 +134648,7 @@ CVE-2015-1833 (XML external entity (XXE) vulnerability in Apache Jackrabbit befo NOTE: https://issues.apache.org/jira/browse/JCR-3883 CVE-2015-1832 (XML external entity (XXE) vulnerability in the SqlXmlUtil code in ...) - derby 10.13.1.1-1 + [jessie] - derby <no-dsa> (Minor issue) NOTE: https://issues.apache.org/jira/browse/DERBY-6807 NOTE: https://svn.apache.org/viewvc?view=revision&revision=1691461 NOTE: Fixed in 10.12.1.1 ===================================== data/dsa-needed.txt ===================================== --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -30,6 +30,8 @@ glusterfs -- graphicsmagick -- +imagemagick (jmm) +-- intel-microcode or possibly via spu, depends on timing of release and other factors -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e7b69c12a052afae08dba1d6d2167a68609067c0...af278a87604ded42a912c7b5df4d20151eba0068 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e7b69c12a052afae08dba1d6d2167a68609067c0...af278a87604ded42a912c7b5df4d20151eba0068 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
