Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
23470593 by Moritz Muehlenhoff at 2019-01-17T19:27:22Z
new vbox issue
resolve some older TODOs which don't require further actions
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8159,7 +8159,7 @@ CVE-2018-20172 (An issue was discovered in Nagios XI
before 5.5.8. The rss_url .
CVE-2018-20171 (An issue was discovered in Nagios XI before 5.5.8. The url
parameter of ...)
NOT-FOR-US: Nagios XI
CVE-2018-20170 (** DISPUTED ** OpenStack Keystone through 14.0.1 has a user
enumeration ...)
- TODO: check
+ NOT-FOR-US: Disputed issue in Keystone, no need to track for
src:keystone
CVE-2018-20169 (An issue was discovered in the Linux kernel before 4.19.9. The
USB ...)
- linux 4.19.9-1
NOTE:
https://git.kernel.org/linus/704620afc70cf47abb9d6a1a57f3825d2bca49cf
@@ -28848,7 +28848,6 @@ CVE-2018-14666 [Smart class parameters allow users to
access other organizations
RESERVED
- foreman <itp> (bug #663101)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1638156
- TODO: double-check, it looks the issue is in the "Smart Class feature
of Foreman"
CVE-2018-14665 (A flaw was found in xorg-x11-server before 1.20.3. An
incorrect ...)
{DSA-4328-1}
- xorg-server 2:1.20.3-1
@@ -47320,7 +47319,6 @@ CVE-2017-18220 (The ReadOneJNGImage and ReadJNGImage
functions in coders/png.c i
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98721124e51f
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/438/
NOTE: Issue is related to CVE-2017-11403 but not the same issue.
- TODO: check, needs clarification, the issue is CloseBlob use-after-free
CVE-2017-18219 (An issue was discovered in GraphicsMagick 1.3.26. An
allocation failure ...)
{DSA-4321-1 DLA-1456-1 DLA-1322-1}
- graphicsmagick 1.3.27-1
@@ -58699,7 +58697,6 @@ CVE-2018-3847 (Multiple exploitable buffer overflow
vulnerabilities exist in ima
[stretch] - cfitsio <no-dsa> (Minor issue)
[jessie] - cfitsio <no-dsa> (Minor issue)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0530
- TODO: double-check
CVE-2018-3846 (In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42,
specially ...)
- cfitsio 3.430-1 (low; bug #892458)
[stretch] - cfitsio <no-dsa> (Minor issue)
@@ -61064,7 +61061,8 @@ CVE-2018-3311 (Vulnerability in the Oracle Retail
Xstore Payment component of Or
CVE-2018-3310
RESERVED
CVE-2018-3309 (Vulnerability in the Oracle VM VirtualBox component of Oracle
...)
- TODO: check
+ - virtualbox 5.2.22-dfsg-1
+ [jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3308
RESERVED
CVE-2018-3307
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/23470593a9936bf05cfe0224bff6ff13bc586014
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/23470593a9936bf05cfe0224bff6ff13bc586014
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
