Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
41237a80 by Moritz Muehlenhoff at 2019-03-30T21:41:04Z
buster triage
py3.6 removed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1504,7 +1504,7 @@ CVE-2019-9948 (urllib in Python 2.x through 2.7.16
supports the local_file: sche
NOTE: https://github.com/python/cpython/pull/11842
CVE-2019-9947 (An issue was discovered in urllib2 in Python 2.x through 2.7.16
and ur ...)
- python3.7 <unfixed>
- - python3.6 <unfixed>
+ - python3.6 <removed>
- python3.5 <removed>
- python3.4 <removed>
- python2.7 <unfixed>
@@ -2790,7 +2790,7 @@ CVE-2019-9741 (An issue was discovered in net/http in Go
1.11.5. CRLF injection
NOTE:
https://github.com/golang/go/commit/f1d662f34788f4a5f087581d0951cdf4e0f6e708#diff-b97af51863ce82bf2a13003b52034aa9
CVE-2019-9740 (An issue was discovered in urllib2 in Python 2.x through 2.7.16
and ur ...)
- python3.7 <unfixed>
- - python3.6 <unfixed>
+ - python3.6 <removed>
- python3.5 <removed>
- python3.4 <removed>
- python2.7 <unfixed>
@@ -3030,7 +3030,7 @@ CVE-2019-9642
RESERVED
CVE-2019-9636 (Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected
by: Impr ...)
- python3.7 3.7.3~rc1-1 (bug #924072)
- - python3.6 <unfixed>
+ - python3.6 <removed>
- python3.5 <removed>
- python3.4 <removed>
- python2.7 <unfixed> (bug #924073)
@@ -14151,7 +14151,7 @@ CVE-2019-5010 [NULL pointer dereference using a
specially crafted X509 certifica
RESERVED
{DLA-1663-1}
- python3.7 3.7.2-2 (bug #921064)
- - python3.6 <unfixed> (bug #921063)
+ - python3.6 <removed> (bug #921063)
- python3.5 <removed>
[stretch] - python3.5 <postponed> (Minor issue, can be fixed along in a
future DSA)
- python3.4 <removed>
@@ -24444,7 +24444,8 @@ CVE-2019-1545
CVE-2019-1544
RESERVED
CVE-2019-1543 (ChaCha20-Poly1305 is an AEAD cipher, and requires a unique
nonce input ...)
- - openssl <unfixed>
+ - openssl <unfixed> (low)
+ [buster] - openssl <postponed> (Minor issue, fix along in next 1.1.x)
[stretch] - openssl <postponed> (Minor issue, fix along in future DSA)
[jessie] - openssl <postponed> (Minor issue, fix along in future DLA)
- openssl1.0 <not-affected> (Vulnerability does not impact 1.0.2 series)
@@ -26024,7 +26025,7 @@ CVE-2019-0817
RESERVED
CVE-2019-0816 [extra ssh keys added to authorized_keys]
RESERVED
- - cloud-init <unfixed>
+ - cloud-init <unfixed> (bug #926043)
[jessie] - cloud-init <not-affected> (version uses a different
mechanism to set public keys.)
NOTE:
https://code.launchpad.net/~jasonzio/cloud-init/+git/cloud-init/+merge/363445
NOTE:
https://support.microsoft.com/en-us/help/4491476/extraneous-ssh-public-keys-added-to-authorized-keys-file-on-linux-vm
@@ -28826,9 +28827,9 @@ CVE-2018-19143 (Open Ticket Request System (OTRS) 4.0.x
before 4.0.33, 5.0.x bef
NOTE:
https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/
CVE-2018-19120 (The HTML thumbnailer plugin in KDE Applications before 18.12.0
allows ...)
- kio-extras 4:18.08.3-1 (bug #913595)
- [buster] - kio-extras <no-dsa> (Minor issue)
[stretch] - kio-extras <no-dsa> (Minor issue)
- kde-runtime <unfixed> (bug #913596)
+ [buster] - kde-runtime <no-dsa> (Minor issue)
[stretch] - kde-runtime <no-dsa> (Minor issue)
[jessie] - kde-runtime <ignored> (Minor issue)
NOTE: https://www.kde.org/info/security/advisory-20181012-1.txt
@@ -77603,7 +77604,7 @@ CVE-2017-17522 (** DISPUTED ** Lib/webbrowser.py in
Python through 3.6.3 does no
- python3.2 <removed> (unimportant)
- python3.4 <removed> (unimportant)
- python3.5 <removed> (unimportant)
- - python3.6 <unfixed> (unimportant)
+ - python3.6 <removed> (unimportant)
- python3.7 <unfixed> (unimportant)
NOTE: Lib/webbrowser.py does not validate strings before launching the
program
NOTE: specified by the BROWSER environment variable.
@@ -78125,12 +78126,8 @@ CVE-2017-17448 (net/netfilter/nfnetlink_cthelper.c in
the Linux kernel through 4
CVE-2018-1280 (Pivotal Greenplum Command Center versions 2.x prior to 2.5.1
contains ...)
NOT-FOR-US: Pivotal
CVE-2018-1279 (Pivotal RabbitMQ for PCF, all versions, uses a
deterministically gener ...)
- - rabbitmq-server <unfixed> (bug #924768)
- [stretch] - rabbitmq-server <no-dsa> (Minor issue)
- [jessie] - rabbitmq-server <no-dsa> (Minor issue)
+ - rabbitmq-server <not-affected> (Specific to RabbitMQ setup in
Pivotal, see bug #924768)
NOTE: https://pivotal.io/security/cve-2018-1279
- NOTE: Underlying issue is the use of deterministically generated cookie.
- NOTE: Issue can be mitigated by restricting network access from
untrusted sources.
CVE-2018-1278 (Apps Manager included in Pivotal Application Service, versions
1.12.x ...)
NOT-FOR-US: Pivotal
CVE-2018-1277 (Cloud Foundry Garden-runC, versions prior to 1.13.0, does not
correctl ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/41237a803d39aa60422a6c94782ed2097a746556
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/41237a803d39aa60422a6c94782ed2097a746556
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
