[Git][security-tracker-team/security-tracker][master] buster triage

Sat, 20 Apr 2019 15:37:48 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f4dfa4fa by Moritz Muehlenhoff at 2019-04-20T22:36:57Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,11 +9,11 @@ CVE-2019-11375 (Msvod v10 has a CSRF vulnerability to change 
user information vi
 CVE-2019-11374 (74CMS v5.0.1 has a CSRF vulnerability to add a new admin user 
via the  ...)
        NOT-FOR-US: 74CMS
 CVE-2019-11373 (An out-of-bounds read in File__Analyze::Get_L8 in 
File__Analyze_Buffer ...)
-       - libmediainfo <unfixed> (low)
+       - libmediainfo <unfixed> (low; bug #927672)
        NOTE: https://github.com/MediaArea/MediaInfoLib/pull/1111
        NOTE: https://sourceforge.net/p/mediainfo/bugs/1101/
 CVE-2019-11372 (An out-of-bounds read in 
MediaInfoLib::File__Tags_Helper::Synched_Test ...)
-       - libmediainfo <unfixed> (low)
+       - libmediainfo <unfixed> (low; bug #927672)
        NOTE: https://github.com/MediaArea/MediaInfoLib/pull/1111
        NOTE: https://sourceforge.net/p/mediainfo/bugs/1101/
 CVE-2019-11371 (BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer 
Overflow vi ...)
@@ -698,6 +698,7 @@ CVE-2019-11066
        RESERVED
 CVE-2019-11065 (Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to 
download ...)
        - gradle <unfixed> (bug #926923)
+       [buster] - gradle <no-dsa> (Minor issue)
        [stretch] - gradle <no-dsa> (Minor issue)
        NOTE: https://github.com/gradle/gradle/pull/8927
 CVE-2019-11071 (SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows 
authenticated visit ...)
@@ -16140,7 +16141,8 @@ CVE-2018-20671 (load_specific_debug_section in 
objdump.c in GNU Binutils through
 CVE-2018-20670
        RESERVED
 CVE-2019-5008 (hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL 
pointer dere ...)
-       - qemu <unfixed> (bug #927439)
+       - qemu <unfixed> (low; bug #927439)
+       [stretch] - qemu <ignored> (Minor issue)
        - qemu-kvm <removed>
        NOTE: https://fakhrizulkifli.github.io/posts/2019/01/03/CVE-2019-5008/
        NOTE: 
https://git.qemu.org/?p=qemu.git;a=commit;h=ad280559c68360c9f1cd7be063857853759e6a73
 (4.0.0-rc0)  
@@ -18367,7 +18369,7 @@ CVE-2019-3903
        RESERVED
 CVE-2019-3902 [path-checking logic bypass vie symlinks and subrepositories]
        RESERVED
-       - mercurial 4.9-1
+       - mercurial 4.9-1 (bug #927674)
        NOTE: 
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29
 CVE-2019-3901 [perf_event_open() and execve() race in setuid programs allows a 
data leak]
        RESERVED
@@ -36461,6 +36463,7 @@ CVE-2018-17020 (ASUS GT-AC5300 devices with firmware 
through 3.0.0.4.384_32738 a
        NOT-FOR-US: ASUS GT-AC5300 devices
 CVE-2018-17019 (In Bro through 2.5.5, there is a DoS in IRC protocol names 
command par ...)
        - bro <unfixed> (bug #908779)
+       [buster] - bro <no-dsa> (Minor issue)
        [stretch] - bro <no-dsa> (Minor issue)
        NOTE: 
https://github.com/bro/bro/commit/c2b18849f8bb833253538f5dfedb4ed1dc176a30
 CVE-2018-17018 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and 
TL-WR886N 7 ...)
@@ -37150,6 +37153,7 @@ CVE-2018-16808 (An issue was discovered in Dolibarr 
through 7.0.0. There is Stor
        NOTE: https://github.com/Dolibarr/dolibarr/issues/9449
 CVE-2018-16807 (In Bro through 2.5.5, there is a memory leak potentially 
leading to Do ...)
        - bro <unfixed> (low; bug #908614)
+       [buster] - bro <no-dsa> (Minor issue)
        [stretch] - bro <no-dsa> (Minor issue)
        NOTE: 
https://github.com/bro/bro/commit/34d0cf886ca16c665f673a299e295b2a2bc14533
 CVE-2018-16806 (A Pektron Passive Keyless Entry and Start (PKES) system, as 
used on th ...)
@@ -72777,7 +72781,7 @@ CVE-2017-18010 (The E-goi Smart Marketing SMS and 
Newsletters Forms plugin befor
        NOT-FOR-US: E-goi Smart Marketing SMS and Newsletters Forms plugin for 
WordPress
 CVE-2017-18009 (In OpenCV 3.3.1, a heap-based buffer over-read exists in the 
function  ...)
        [experimental] - opencv 3.4.4+dfsg-1~exp1
-       - opencv <unfixed> (bug #924884)
+       - opencv 3.2.0+dfsg-6 (bug #924884)
        [stretch] - opencv <not-affected> (Vulnerable code introduced later)
        [jessie] - opencv <not-affected> (Vulnerable code introduced later)
        [wheezy] - opencv <not-affected> (Vulnerable code introduced later)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f4dfa4fa27cbee96cb03f5f1020387398d4f2cfa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f4dfa4fa27cbee96cb03f5f1020387398d4f2cfa
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to