Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d1aa257f by Moritz Muehlenhoff at 2019-04-20T21:53:56Z
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1497,6 +1497,8 @@ CVE-2019-10736
RESERVED
CVE-2019-10735 (In Claws Mail 3.14.1, an attacker in possession of S/MIME or
PGP encry ...)
- claws-mail <unfixed> (low; bug #926705)
+ [buster] - claws-mail <postponed> (Revisit when fixed upstream)
+ [stretch] - claws-mail <postponed> (Revisit when fixed upstream)
NOTE:
https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4159
CVE-2019-10734 (In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP
encrypt ...)
- trojita <itp> (bug #795701)
@@ -1505,6 +1507,9 @@ CVE-2019-10733
RESERVED
CVE-2019-10732 (In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP
encrypt ...)
- kmail <unfixed> (bug #926996)
+ [buster] - kmail <postponed> (Revisit when fixed upstream)
+ - kdepim <removed>
+ [stretch] - kdepim <postponed> (Revisit when fixed upstream)
NOTE: https://bugs.kde.org/show_bug.cgi?id=404698
CVE-2019-10731
RESERVED
@@ -18630,6 +18635,7 @@ CVE-2019-3830 (A vulnerability was found in ceilometer
before version 12.0.0.0rc
[jessie] - ceilometer <not-affected> (vulnerable code is not present)
NOTE: https://bugs.launchpad.net/ceilometer/+bug/1811098/
NOTE: Introduced in
https://github.com/openstack/ceilometer/commit/50415c0d08a3199d2280f3638dd121779585f0fe
(10.0.0.0)
+ NOTE: Fixed in
https://github.com/openstack/ceilometer/commit/8881a42af169a2d7c912b1434911f978883c83f3
CVE-2019-3829 (A vulnerability was found in gnutls versions from 3.5.8 before
3.6.7. ...)
[experimental] - gnutls28 3.6.7-1
- gnutls28 3.6.7-2
@@ -19979,14 +19985,14 @@ CVE-2018-20535 (There is a use-after-free at
asm/preproc.c (function pp_getline)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392530
NOTE: Crash in CLI tool, no security impact
CVE-2018-20534 (** DISPUTED ** There is an illegal address access at
ext/testcase.c in ...)
- - libsolv <unfixed> (low; bug #923002)
- [stretch] - libsolv <ignored> (Minor issue)
- [jessie] - libsolv <ignored> (Minor issue)
+ - libsolv <unfixed> (unimportant; bug #923002)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652604
NOTE: https://github.com/openSUSE/libsolv/pull/291
NOTE:
https://github.com/openSUSE/libsolv/commit/4830af9d979d3685de538b80fbeba51ad590525e
+ NOTE: Only affects the test suite
CVE-2018-20533 (There is a NULL pointer dereference at ext/testcase.c
(function testca ...)
- libsolv <unfixed> (low; bug #923002)
+ [buster] - libsolv <no-dsa> (Minor issue)
[stretch] - libsolv <ignored> (Minor issue)
[jessie] - libsolv <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652599
@@ -19994,6 +20000,7 @@ CVE-2018-20533 (There is a NULL pointer dereference at
ext/testcase.c (function
NOTE:
https://github.com/openSUSE/libsolv/commit/4830af9d979d3685de538b80fbeba51ad590525e
CVE-2018-20532 (There is a NULL pointer dereference at ext/testcase.c
(function testca ...)
- libsolv <unfixed> (low; bug #923002)
+ [buster] - libsolv <no-dsa> (Minor issue)
[stretch] - libsolv <ignored> (Minor issue)
[jessie] - libsolv <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652605
@@ -49177,11 +49184,13 @@ CVE-2018-12184
RESERVED
CVE-2018-12183 (Stack overflow in DxeCore for EDK II may allow an
unauthenticated user ...)
- edk2 0~20181115.85588389-1
+ [buster] - edk2 <no-dsa> (Minor issue)
[stretch] - edk2 <no-dsa> (Minor issue)
[jessie] - edk2 <end-of-life> (non-free)
NOTE:
https://github.com/tianocore/edk2/commit/0a0d5296e448fc350de1594c49b9c0deff7fad60
CVE-2018-12182 (Insufficient memory write check in SMM service for EDK II may
allow an ...)
- edk2 <unfixed> (low; bug #927484)
+ [buster] - edk2 <no-dsa> (Minor issue)
[stretch] - edk2 <no-dsa> (Minor issue)
[jessie] - edk2 <end-of-life> (non-free is not supported)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1136
@@ -87759,7 +87768,7 @@ CVE-2016-10544 (uws is a WebSocket server library. By
sending a 256mb websocket
CVE-2016-10543 (call is an HTTP router that is primarily used by the hapi
framework. T ...)
NOT-FOR-US: call HTTP router
CVE-2016-10542 (ws is a "simple to use, blazing fast and thoroughly tested
websocket c ...)
- - node-ws <unfixed>
+ - node-ws <unfixed> (bug #927671)
[stretch] - node-ws <ignored> (Nodejs in stretch not covered by
security support)
NOTE: https://nodesecurity.io/advisories/120
NOTE: https://github.com/nodejs/node/issues/7388
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d1aa257f0c2e5f596ebc21d06f5f42c215d4fa8c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d1aa257f0c2e5f596ebc21d06f5f42c215d4fa8c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
