Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9bfa5307 by Moritz Muehlenhoff at 2019-06-14T10:16:44Z
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1526,11 +1526,15 @@ CVE-2019-12211 (When FreeImage 3.18.0 reads a tiff
file, it will be handed to th
- freeimage <unfixed> (bug #929597)
NOTE:
https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
CVE-2019-12210 (In Yubico pam-u2f 1.0.7, when configured with debug and a
custom debug ...)
- - pam-u2f <unfixed> (bug #930023)
+ - pam-u2f <unfixed> (low; bug #930023)
+ [buster] - pam-u2f <no-dsa> (Minor issue)
+ [stretch] - pam-u2f <no-dsa> (Minor issue)
NOTE:
https://github.com/Yubico/pam-u2f/commit/18b1914e32b74ff52000f10e97067e841e5fff62
NOTE: https://www.openwall.com/lists/oss-security/2019/06/05/1
CVE-2019-12209 (Yubico pam-u2f 1.0.7 attempts parsing of the configured
authfile (defa ...)
- - pam-u2f <unfixed> (bug #930021)
+ - pam-u2f <unfixed> (low; bug #930021)
+ [buster] - pam-u2f <no-dsa> (Minor issue)
+ [stretch] - pam-u2f <no-dsa> (Minor issue)
NOTE:
https://github.com/Yubico/pam-u2f/commit/7db3386fcdb454e33a3ea30dcfb8e8960d4c3aa3
NOTE: https://www.openwall.com/lists/oss-security/2019/06/05/1
CVE-2019-12208 (njs through 0.3.1, used in NGINX, has a heap-based buffer
overflow in ...)
@@ -6341,6 +6345,7 @@ CVE-2019-10248 (Eclipse Vorto versions prior to 0.11
resolved Maven build artifa
CVE-2019-10247 (In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26
and older, ...)
[experimental] - jetty9 9.4.18-1
- jetty9 <unfixed> (bug #928444)
+ [buster] - jetty9 <no-dsa> (Minor issue)
[stretch] - jetty9 <no-dsa> (Minor issue)
- jetty8 <removed>
[jessie] - jetty8 <no-dsa> (Minor issue)
@@ -6365,6 +6370,7 @@ CVE-2019-10242 (In Eclipse Kura versions up to 4.0.0, the
SkinServlet did not ch
CVE-2019-10241 (In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older,
and 9.4.1 ...)
[experimental] - jetty9 9.4.18-1
- jetty9 <unfixed> (bug #928444)
+ [buster] - jetty9 <no-dsa> (Minor issue)
[stretch] - jetty9 <no-dsa> (Minor issue)
- jetty8 <removed>
[jessie] - jetty8 <no-dsa> (Minor issue)
@@ -13351,6 +13357,7 @@ CVE-2019-7734
RESERVED
CVE-2019-7733 (In Live555 0.95, there is a buffer overflow via a large integer
in a C ...)
- liblivemedia <unfixed> (low; bug #929948)
+ [buster] - liblivemedia <no-dsa> (Minor issue)
[stretch] - liblivemedia <no-dsa> (Minor issue)
[jessie] - liblivemedia <postponed> (Minor issue)
NOTE: https://github.com/rgaufman/live555/issues/21
@@ -33751,6 +33758,7 @@ CVE-2018-19505 (Remedy AR System Server in BMC Remedy
7.1 may fail to set the co
NOT-FOR-US: Remedy AR System Server in BMC Remedy
CVE-2018-19504 (An issue was discovered in Freeware Advanced Audio Decoder 2
(FAAD2) 2 ...)
- faad2 <unfixed> (low; bug #914641)
+ [buster] - faad2 <no-dsa> (Minor issue)
[stretch] - faad2 <no-dsa> (Minor issue)
[jessie] - faad2 <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/faac/bugs/240/
@@ -34445,6 +34453,7 @@ CVE-2019-0223 (While investigating bug PROTON-2014, we
discovered that under som
NOTE: the package to be vulnerable.
CVE-2019-0222 (In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT
frame ca ...)
- activemq <unfixed> (bug #925964)
+ [buster] - activemq <no-dsa> (Minor issue)
[stretch] - activemq <no-dsa> (Minor issue)
[jessie] - activemq <not-affected> (MQTT support not enabled)
NOTE:
http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt
@@ -47596,7 +47605,8 @@ CVE-2018-14405
RESERVED
CVE-2018-14404 (A NULL pointer dereference vulnerability exists in the
xpath.c:xmlXPat ...)
{DLA-1524-1}
- - libxml2 <unfixed> (bug #901817)
+ - libxml2 <unfixed> (low; bug #901817)
+ [buster] - libxml2 <no-dsa> (Minor issue)
[stretch] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/5
NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/10
@@ -95572,7 +95582,7 @@ CVE-2017-14860 (There is a heap-based buffer over-read
in the Exiv2::Jp2Image::r
CVE-2017-14859 (An Invalid memory address dereference was discovered in
Exiv2::StringV ...)
{DLA-1147-1}
- exiv2 <unfixed>
- [busters] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/74
@@ -146688,6 +146698,7 @@ CVE-2016-7152 (The HTTPS protocol does not consider
the role of the TCP congesti
NOTE: CVE assigned for the HTTP/2 protocol issue
CVE-2016-7151 (Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused
by a re ...)
- capstone <unfixed> (low; bug #930002)
+ [buster] - capstone <no-dsa> (Minor issue)
[stretch] - capstone <no-dsa> (Minor issue)
[jessie] - capstone <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/aquynh/capstone/commit/87a25bb543c8e4c09b48d4b4a6c7db31ce58df06
(4.0-alpha4)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9bfa5307c196094aa5eb8cca569f48996b696850
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9bfa5307c196094aa5eb8cca569f48996b696850
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
