Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7e87f3a0 by Moritz Muehlenhoff at 2018-06-29T23:15:01+02:00
bugs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -941,7 +941,7 @@ CVE-2018-1000541
CVE-2018-1000540 (LoboEvolution version <
9b75694cedfa4825d4a2330abf2719d470c654cd ...)
NOT-FOR-US: LoboEvolution
CVE-2018-1000539 (Nov json-jwt version >= 0.5.0 && < 1.9.4
contains a CWE-347: Improper ...)
- - ruby-json-jwt <unfixed>
+ - ruby-json-jwt <unfixed> (bug #902721)
NOTE: https://github.com/nov/json-jwt/pull/62
NOTE:
https://github.com/nov/json-jwt/commit/3393f394f271c87bd42ec23c300727b4437d1638
CVE-2018-1000538 (Minio Inc. Minio S3 server version prior to ...)
@@ -957,7 +957,7 @@ CVE-2018-1000534 (Joplin version prior to 1.0.90 contains a
XSS evolving into co
CVE-2018-1000533 (klaussilveira GitList version <= 0.6 contains a Passing
incorrectly ...)
NOT-FOR-US: klaussilveira GitList
CVE-2018-1000532 (beep version 1.3 and up contains a External Control of File
Name or ...)
- - beep <unfixed>
+ - beep <unfixed> (bug #902722)
CVE-2018-1000531 (inversoft prime-jwt version prior to commit ...)
NOT-FOR-US: prime-jwt
CVE-2018-1000530
@@ -965,7 +965,7 @@ CVE-2018-1000530
CVE-2018-1000529 (Grails Fields plugin version 2.2.7 contains a Cross Site
Scripting ...)
NOT-FOR-US: Grails Fields plugin
CVE-2018-1000528 (GONICUS GOsa version before commit ...)
- - gosa <unfixed> (low)
+ - gosa <unfixed> (low; bug #902723)
NOTE:
https://github.com/gosa-project/gosa-core/commit/56070d6289d47ba3f5918885954dcceb75606001
NOTE: https://github.com/gosa-project/gosa-core/issues/14
CVE-2018-1000527 (Froxlor version <= 0.9.39.5 contains a PHP Object
Injection ...)
@@ -991,7 +991,7 @@ CVE-2018-1000519 (aio-libs aiohttp-session contains a
Session Fixation vulnerabi
CVE-2018-1000518 (aaugustin websockets version 4 contains a CWE-409: Improper
Handling ...)
NOT-FOR-US: aaugustin websockets
CVE-2018-1000517 (BusyBox project BusyBox wget version prior to commit ...)
- - busybox <unfixed> (low)
+ - busybox <unfixed> (low; bug #902724)
NOTE:
https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e
CVE-2018-1000516 (The Galaxy Project Galaxy version v14.10 contains a CWE-79:
Improper ...)
NOT-FOR-US: Galaxy Project Galaxy
@@ -1076,7 +1076,7 @@ CVE-2018-12619
CVE-2018-12618
RESERVED
CVE-2018-12617 (qmp_guest_file_read in qga/commands-posix.c and
qga/commands-win32.c in ...)
- - qemu <unfixed>
+ - qemu <unfixed> (low; bug #902725)
[stretch] - qemu <postponed> (Minor issue, wait until more severe
issues are around)
NOTE:
https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e87f3a071bcd52be3b703829e7c570cdf9eaef4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e87f3a071bcd52be3b703829e7c570cdf9eaef4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
