Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3522a0c8 by Moritz Muehlenhoff at 2019-05-09T20:46:48Z
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -435,6 +435,7 @@ CVE-2019-11645
RESERVED
CVE-2019-11675 (The groonga-httpd package 6.1.5-1 for Debian sets the
/var/log/groonga ...)
- groonga 9.0.1-2 (bug #928304)
+ [buster] - groonga 9.0.0-1+deb10u1
[stretch] - groonga <no-dsa> (Minor issue, can be fixed via point
release)
CVE-2019-11644
RESERVED
@@ -942,7 +943,8 @@ CVE-2019-11461 (An issue was discovered in GNOME Nautilus
3.30 prior to 3.30.6 a
[jessie] - nautilus <not-affected> (Vulnerable embedded gnome-desktop
thumbnail script introduced later)
NOTE: https://gitlab.gnome.org/GNOME/nautilus/issues/987
CVE-2019-11460 (An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and
3.30 pr ...)
- - gnome-desktop3 <unfixed>
+ - gnome-desktop3 <unfixed> (low; bug #928732)
+ [buster] - gnome-desktop3 <no-dsa> (Minor issue)
[stretch] - gnome-desktop3 <not-affected> (Vulnerable embedded
gnome-desktop thumbnail script introduced later)
[jessie] - gnome-desktop3 <not-affected> (Vulnerable embedded
gnome-desktop thumbnail script introduced later)
NOTE: https://gitlab.gnome.org/GNOME/gnome-desktop/issues/112
@@ -19870,6 +19872,7 @@ CVE-2019-3845 (A lack of access control was found in
the message queues maintain
CVE-2019-3844 (It was discovered that a systemd service that uses DynamicUser
propert ...)
[experimental] - systemd 242-1
- systemd <unfixed> (bug #928102)
+ [buster] - systemd <ignored> (Minor issue; exploit vector needs control
both of the service and a helper outside)
[stretch] - systemd <ignored> (Minor issue; exploit vector needs
control both of the service and a helper outside)
[jessie] - systemd <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1684610
@@ -19879,6 +19882,7 @@ CVE-2019-3844 (It was discovered that a systemd service
that uses DynamicUser pr
CVE-2019-3843 (It was discovered that a systemd service that uses DynamicUser
propert ...)
[experimental] - systemd 242-1
- systemd <unfixed> (bug #928102)
+ [buster] - systemd <ignored> (Minor issue; exploit vector needs control
both of the service and a helper outside)
[stretch] - systemd <ignored> (Minor issue; exploit vector needs
control both of the service and a helper outside)
[jessie] - systemd <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/systemd/systemd/commit/3c27973b13724ede05a06a5d346a569794cda433
@@ -162558,6 +162562,7 @@ CVE-2016-1586 (A malicious webview could install
long-lived unload handlers that
NOT-FOR-US: Oxide
CVE-2016-1585 (In all versions of AppArmor mount rules are accidentally
widened when ...)
- apparmor <unfixed> (low)
+ [buster] - apparmor <ignored> (Minor overall security impact)
[stretch] - apparmor <ignored> (Minor overall security impact)
[jessie] - apparmor <ignored> (Minor overall security impact)
NOTE: https://bugs.launchpad.net/apparmor/+bug/1597017
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3522a0c8a2e793cec752d362ac3b63a34dae84f1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3522a0c8a2e793cec752d362ac3b63a34dae84f1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
