Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
865e985e by Moritz Muehlenhoff at 2018-12-21T15:24:19Z
autopsy n/a
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -92,11 +92,11 @@ CVE-2018-1000876 (binutils version 2.32 and earlier
contains a Integer Overflow
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23994
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f
CVE-2018-1000875 (Berkeley Open Infrastructure for Network Computing BOINC
Server and ...)
- TODO: check
+ NOT-FOR-US: BOINC server (src:boinc only covers the client)
CVE-2018-1000874 (PHP Markdown version 1.2.0 and earlier contains a Cross Site
Scripting ...)
- TODO: check
+ NOT-FOR-US: cebe markdown parser (different from src:php-markdown)
CVE-2018-1000873 (Fasterxml Jackson version Before 2.9.8 contains a CWE-20:
Improper ...)
- TODO: check
+ TODO: check, could affect any of the src-jackson* packages
CVE-2018-1000872 (OpenKMIP PyKMIP version All versions before 0.8.0 contains a
CWE 399: ...)
- python-pykmip <unfixed> (low)
[stretch] - python-pykmip <no-dsa> (Minor issue)
@@ -153,17 +153,17 @@ CVE-2018-1000845 (Avahi version 0.7 contains a Incorrect
Access Control vulnerab
CVE-2018-1000844 (Square Open Source Retrofit version Prior to commit ...)
NOT-FOR-US: Square Retrofit
CVE-2018-1000843 (Luigi version prior to version 2.8.0; after commit ...)
- TODO: check
+ NOT-FOR-US: Luigi
CVE-2018-1000842 (FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1,
>=0.16.0 <=0.16.3, ...)
NOT-FOR-US: FatFreeCRM
CVE-2018-1000841 (Zend.To version Prior to 5.15-1 contains a Cross Site
Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Zend.To
CVE-2018-1000840 (Processing Foundation Processing version 3.4 and earlier
contains a ...)
- TODO: check
+ NOT-FOR-US: Processing Foundation Processing
CVE-2018-1000839 (LH-EHR version REL-2_0_0 contains a Arbitrary File Upload
...)
- TODO: check
+ NOT-FOR-US: LH-EHR
CVE-2018-1000838 (autopsy version <= 4.9.0 contains a XML External Entity
(XXE) ...)
- TODO: check
+ - autopsy <not-affected> (The ancient version in Debian predates the
Java rewrite)
CVE-2018-1000837 (UML Designer version <= 8.0.0 contains a XML External
Entity (XXE) ...)
TODO: check
CVE-2018-1000836 (bw-calendar-engine version <= bw-calendar-engine-3.12.0
contains a XML ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/865e985ec7f17bae68e054cf725bace4aa7f0793
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/865e985ec7f17bae68e054cf725bace4aa7f0793
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
