diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2019-05-01 14:06:26 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2019-05-01 14:06:26 +0200 |
commit | b3790a4903c8dbd675c374601927a1ef99490bbc (patch) | |
tree | b708f6e58abd1e87f5b90c7e459eb2ee10cbc141 /data/CVE | |
parent | 0ec1670eb0d788a4fe09de9ef81e4256cae36d7c (diff) |
Mark all Apport related entries as NFU
src:apport itself was ever only in experimental and never migrated to
unstable as it needed extra services to actually function.
Maintainer recently asked for complete removal of Apport, tracked as
https://bugs.debian.org/924960 .
As it was never in unstable or any other supported suites, we can mark
it safely as NFU considering it was never in Debian.
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2009.list | 2 | ||||
-rw-r--r-- | data/CVE/2013.list | 4 | ||||
-rw-r--r-- | data/CVE/2015.list | 12 | ||||
-rw-r--r-- | data/CVE/2016.list | 18 | ||||
-rw-r--r-- | data/CVE/2017.list | 15 | ||||
-rw-r--r-- | data/CVE/2018.list | 4 |
6 files changed, 14 insertions, 41 deletions
diff --git a/data/CVE/2009.list b/data/CVE/2009.list index 7e78b54339..89a9e663fa 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -10293,7 +10293,7 @@ CVE-2009-1296 (The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on NOTE: encrypted home directories with ecryptfs, so no passphrase is stored in the NOTE: installer logs on disk CVE-2009-1295 (Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.1 ...) - [experimental] - apport <not-affected> (Fixed before initial upload into Debian) + NOT-FOR-US: Apport CVE-2009-1294 (Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home ...) NOT-FOR-US: Novell Teaming CVE-2009-1293 (The web login functionality (c/portal/login) in Novell Teaming 1.0 thr ...) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index ceb1292f86..302213b4d2 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -17309,9 +17309,7 @@ CVE-2013-1068 (The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:20 [wheezy] - cinder <not-affected> (Vulnerable code not present) NOTE: Requires includedir to be defined in /etc/sudoers file CVE-2013-1067 (Apport 2.12.5 and earlier uses weak permissions for core dump files cr ...) - [experimental] - apport 2.12.6-1 (bug #727661) - NOTE: apport only in experimental, so we cannot track this in security-tracker - NOTE: add it, as we have an explicit (bug) reference for apport + NOT-FOR-US: Apport CVE-2013-1066 (language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0. ...) NOT-FOR-US: language-selector CVE-2013-1065 (backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D- ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 8a359610da..c41dde949e 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -22937,9 +22937,7 @@ CVE-2015-1339 (Memory leak in the cuse_channel_release function in fs/fuse/cuse. NOTE: Introduced in: https://git.kernel.org/linus/cc080e9e9be16ccf26135d366d7d2b65209f1d56 (v4.2-rc1) NOTE: Fixed in: https://git.kernel.org/linus/2c5816b4beccc8ba709144539f6fdd764f8fa49c (v4.4-rc5) CVE-2015-1338 (kernel_crashdump in Apport before 2.19 allows local users to cause a d ...) - [experimental] - apport <unfixed> - NOTE: apport only in experimental, so we cannot track this in security-tracker - NOTE: add it, as we have an explicit (bug) reference for apport + NOT-FOR-US: Apport CVE-2015-1337 (Simple Streams (simplestreams) does not properly verify the GPG signat ...) NOT-FOR-US: simplestreams CVE-2015-1336 (The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in ...) @@ -22994,9 +22992,9 @@ CVE-2015-1326 (python-dbusmock before version 0.15.1 AddTemplate() D-Bus method [jessie] - python-dbusmock 0.11.4-1+deb8u1 NOTE: https://bugs.launchpad.net/python-dbusmock/+bug/1453815 CVE-2015-1325 (Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubunt ...) - [experimental] - apport 2.17.3-1 + NOT-FOR-US: Apport CVE-2015-1324 (Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2. ...) - [experimental] - apport 2.17.3-1 + NOT-FOR-US: Apport CVE-2015-1323 (The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 a ...) {DLA-261-1} - aptdaemon 1.1.1+bzr982-1 (bug #789162) @@ -23014,9 +23012,7 @@ CVE-2015-1320 (The SeaMicro provisioning of Ubuntu MAAS logs credentials, includ CVE-2015-1319 (The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 1 ...) - unity <itp> (bug #609278) CVE-2015-1318 (The crash reporting feature in Apport 2.13 through 2.17.x before 2.17. ...) - [experimental] - apport <unfixed> - NOTE: apport only in experimental, so we cannot track this in security-tracker - NOTE: add it, as we have an explicit (bug) reference for apport + NOT-FOR-US: Apport CVE-2015-1317 (Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1. ...) NOT-FOR-US: Oxide CVE-2015-1316 (Juju Core's Joyent provider before version 1.25.5 uploads the user's p ...) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 6f83fe6232..740d5e4f0f 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -2406,23 +2406,11 @@ CVE-2016-9956 (The route manager in FlightGear before 2016.4.4 allows remote att - flightgear 1:2016.4.3+dfsg-1 (bug #848114) NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/11 CVE-2016-9951 (An issue was discovered in Apport before 2.20.4. A malicious Apport cr ...) - [experimental] - apport 2.20.4-1 (bug #848213) - NOTE: apport only in experimental, so we cannot track this in security-tracker - NOTE: add it, as we have an explicit (bug) reference for apport - NOTE: https://bugs.launchpad.net/apport/+bug/1648806 - NOTE: https://donncha.is/2016/12/compromising-ubuntu-desktop/ + NOT-FOR-US: Apport CVE-2016-9950 (An issue was discovered in Apport before 2.20.4. There is a path trave ...) - [experimental] - apport 2.20.4-1 (bug #848213) - NOTE: apport only in experimental, so we cannot track this in security-tracker - NOTE: add it, as we have an explicit (bug) reference for apport - NOTE: https://bugs.launchpad.net/apport/+bug/1648806 - NOTE: https://donncha.is/2016/12/compromising-ubuntu-desktop/ + NOT-FOR-US: Apport CVE-2016-9949 (An issue was discovered in Apport before 2.20.4. In apport/ui.py, Appo ...) - [experimental] - apport 2.20.4-1 (bug #848213) - NOTE: apport only in experimental, so we cannot track this in security-tracker - NOTE: add it, as we have an explicit (bug) reference for apport - NOTE: https://bugs.launchpad.net/apport/+bug/1648806 - NOTE: https://donncha.is/2016/12/compromising-ubuntu-desktop/ + NOT-FOR-US: Apport CVE-2016-9948 RESERVED CVE-2016-9947 diff --git a/data/CVE/2017.list b/data/CVE/2017.list index a25b263877..8c7c823309 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -12559,21 +12559,15 @@ CVE-2017-14183 CVE-2017-14182 (A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5 ...) NOT-FOR-US: Fortinet CVE-2017-14180 (Apport 2.13 through 2.20.7 does not properly handle crashes originatin ...) - [experimental] - apport <unfixed> - NOTE: apport only in experimental, so we cannot track this in security-tracker - NOTE: add it, to have an explicit reference for apport if it ever enters unstable + NOT-FOR-US: Apport CVE-2017-14179 (Apport before 2.13 does not properly handle crashes originating from a ...) - [experimental] - apport <unfixed> - NOTE: apport only in experimental, so we cannot track this in security-tracker - NOTE: add it, to have an explicit reference for apport if it ever enters unstable + NOT-FOR-US: Apport CVE-2017-14178 (In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to ...) - snapd 2.30-1 [stretch] - snapd <not-affected> (Issue introduced in 2.27) NOTE: https://launchpad.net/bugs/1730255 CVE-2017-14177 (Apport through 2.20.7 does not properly handle core dumps from setuid ...) - [experimental] - apport <unfixed> - NOTE: apport only in experimental, so we cannot track this in security-tracker - NOTE: add it, to have an explicit reference for apport if it ever enters unstable + NOT-FOR-US: Apport CVE-2017-14181 (DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 ...) NOT-FOR-US: aacplusenc CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() du ...) @@ -22503,8 +22497,7 @@ CVE-2017-10710 CVE-2017-10709 (The lockscreen on Elephone P9000 devices (running Android 6.0) allows ...) NOT-FOR-US: Elephone P9000 devices CVE-2017-10708 (An issue was discovered in Apport through 2.20.x. In apport/report.py, ...) - [experimental] - apport 2.20.4-2 (bug #868831) - NOTE: apport only in experimental, so we cannot track this in security-tracker + NOT-FOR-US: Apport CVE-2017-10707 RESERVED CVE-2017-10706 (When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 5cce2e7831..d59a993fbe 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -37674,9 +37674,7 @@ CVE-2018-6553 (The CUPS AppArmor profile incorrectly confined the dnssd backend {DSA-4243-1 DLA-1426-1} - cups 2.2.8-5 (bug #903605) CVE-2018-6552 (Apport does not properly handle crashes originating from a PID namespa ...) - [experimental] - apport <unfixed> - NOTE: apport only in experimental, so we cannot track this in security-tracker - NOTE: add it, to have an explicit reference for apport if it ever enters unstable + NOT-FOR-US: Apport CVE-2018-6551 (The malloc implementation in the GNU C Library (aka glibc or libc6), f ...) [experimental] - glibc 2.26.9000+20180127.7e23a7dd-0experimental0 - glibc 2.27-1 |