[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff Mon, 27 May 2019 13:40:23 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f5e1ba48 by Moritz Muehlenhoff at 2019-05-27T20:38:54Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1964,10 +1964,12 @@ CVE-2019-11504 (Zotonic before version 0.47 has 
mod_admin XSS. ...)
        NOT-FOR-US: Zotonic
 CVE-2019-11503 (snap-confine as included in snapd before 2.39 did not guard 
against sy ...)
        - snapd <unfixed> (low; bug #928052)
+       [buster] - snapd <no-dsa> (Minor issue)
        [stretch] - snapd <no-dsa> (Minor issue)
        NOTE: https://github.com/snapcore/snapd/pull/6642
 CVE-2019-11502 (snap-confine in snapd before 2.38 incorrectly set the 
ownership of a s ...)
        - snapd <unfixed> (low; bug #928052)
+       [buster] - snapd <no-dsa> (Minor issue)
        [stretch] - snapd <no-dsa> (Minor issue)
        NOTE: 
https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1
 CVE-2017-18367 (libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs 
that OR ...)
@@ -2117,6 +2119,7 @@ CVE-2019-11461 (An issue was discovered in GNOME Nautilus 
3.30 prior to 3.30.6 a
        [stretch] - nautilus <not-affected> (Vulnerable embedded gnome-desktop 
thumbnail script introduced later)
        [jessie] - nautilus <not-affected> (Vulnerable embedded gnome-desktop 
thumbnail script introduced later)
        NOTE: https://gitlab.gnome.org/GNOME/nautilus/issues/987
+       NOTE: 
https://gitlab.gnome.org/GNOME/nautilus/commit/2ddba428ef2b13d0620bd599c3635b9c11044659
 CVE-2019-11460 (An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 
3.30 pr ...)
        - gnome-desktop3 <unfixed> (low; bug #928732)
        [buster] - gnome-desktop3 <no-dsa> (Minor issue)
@@ -3172,6 +3175,7 @@ CVE-2019-11027
        RESERVED
 CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 
has infini ...)
        - poppler <unfixed> (low; bug #926721)
+       [buster] - poppler <ignored> (Minor issue)
        [stretch] - poppler <ignored> (Minor issue)
        NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/752
        NOTE: 
https://gitlab.freedesktop.org/poppler/poppler/commit/8051f678b3b43326e5fdfd7c03f39de21059f426
@@ -33143,6 +33147,7 @@ CVE-2019-0188
        NOT-FOR-US: Apache Camel
 CVE-2019-0187 (Unauthenticated RCE is possible when JMeter is used in 
distributed mod ...)
        - jakarta-jmeter <unfixed>
+       [buster] - jakarta-jmeter <no-dsa> (Minor issue)
        [stretch] - jakarta-jmeter <no-dsa> (Minor issue)
        [jessie] - jakarta-jmeter <no-dsa> (Minor issue)
        NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62743



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5e1ba48fa337a6b5b7af130994bb8d0488d0ef8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5e1ba48fa337a6b5b7af130994bb8d0488d0ef8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster triage

Reply via email to