diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2019-03-20 22:43:12 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2019-03-20 22:43:12 +0100 |
commit | 4001123072286f4123a6f30005d3b9bd451a49c6 (patch) | |
tree | 58a19d5bb1516d0f64506cd2e616c27fef7cd2bf /data | |
parent | b3abf69543ae035dd5a4da42e5e2d5b5fd091b83 (diff) |
stretch triage
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2009.list | 1 | ||||
-rw-r--r-- | data/CVE/2018.list | 8 | ||||
-rw-r--r-- | data/CVE/2019.list | 64 | ||||
-rw-r--r-- | data/dsa-needed.txt | 8 |
4 files changed, 60 insertions, 21 deletions
diff --git a/data/CVE/2009.list b/data/CVE/2009.list index f4813ad620..45c1c06bfc 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -1,6 +1,7 @@ CVE-2009-5155 (In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp i ...) [experimental] - gnulib 20180621~6979c25-1 - gnulib 20140202+stable-3.2 (bug #924613) + [stretch] - gnulib <no-dsa> (Minor issue) - glibc 2.28-1 [stretch] - glibc <no-dsa> (Minor issue) [jessie] - glibc <no-dsa> (Minor issue) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 7867d70f66..c9d72b98d1 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -15,7 +15,8 @@ CVE-2018-20808 (An XSS issue has been found with rd.cgi in Pulse Secure Pulse Co CVE-2018-20807 (An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Conne ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2018-20806 (Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the ...) - - phamm <unfixed> (bug #924731) + - phamm <unfixed> (low; bug #924731) + [stretch] - phamm <no-dsa> (Minor issue) NOTE: https://github.com/lota/phamm/issues/24 CVE-2018-20805 RESERVED @@ -29,6 +30,7 @@ CVE-2018-20801 (In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the us NOT-FOR-US: Highcharts JS CVE-2018-20800 (An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 an ...) - otrs2 6.0.14-1 + [stretch] - otrs2 <no-dsa> (Non-free not supported) [jessie] - otrs2 <not-affected> (Vulnerable code not present) NOTE: https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework/ NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/8d17d58029efbb0bba25c4208e09e2d320eeb0c3 @@ -2947,7 +2949,7 @@ CVE-2018-19873 (An issue was discovered in Qt before 5.11.3. QBmpHandler has a b NOTE: https://github.com/qt/qtbase/commit/621ab8ab59901cc3f9bd98be709929c9eac997a8 CVE-2018-19872 (An issue was discovered in Qt 5.11. A malformed PPM image causes a div ...) - qtbase-opensource-src 5.11.2+dfsg-3 (low) - [stretch] - qtimageformats-opensource-src <no-dsa> (Minor issue) + [stretch] - qtbase-opensource-src <no-dsa> (Minor issue) NOTE: https://bugreports.qt.io/browse/QTBUG-69449 TODO: check if affects qt4-x11 as well CVE-2018-19871 (An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontr ...) @@ -4923,6 +4925,7 @@ CVE-2018-19121 (An issue has been found in libIEC61850 v1.3. It is a SEGV in Eth CVE-2018-19141 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before ...) {DLA-1592-1} - otrs2 6.0.1-1 + [stretch] - otrs2 <no-dsa> (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/ NOTE: Only the 4.x and 5.x series are affected (and possibly earlier versions). NOTE: Add workaround and mark first 6.x version as fixing version @@ -4934,6 +4937,7 @@ CVE-2018-19142 (Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an CVE-2018-19143 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5. ...) {DLA-1592-1} - otrs2 6.0.13-1 + [stretch] - otrs2 <no-dsa> (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/ CVE-2018-19120 (The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows ...) - kio-extras 4:18.08.3-1 (bug #913595) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 0de808c729..c98ae33fff 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -983,11 +983,13 @@ CVE-2019-9753 CVE-2019-9752 (An issue was discovered in Open Ticket Request System (OTRS) 5.x befor ...) {DLA-1721-1} - otrs2 6.0.16-1 + [stretch] - otrs2 <no-dsa> (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework/ NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/341c4096222819a108feb02256aba878943bf810 NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/d4e3dfbaa054762b29df54705aa412685dd37e15 CVE-2019-9751 (An issue was discovered in Open Ticket Request System (OTRS) 6.x befor ...) - otrs2 6.0.17-1 + [stretch] - otrs2 <no-dsa> (Non-free not supported) [jessie] - otrs2 <not-affected> (Vulnerable code not present) NOTE: https://community.otrs.com/security-advisory-2019-02-security-update-for-otrs-framework NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/1afb2b995e59551b927c2105e234e8b87efcc37a @@ -1014,7 +1016,9 @@ CVE-2019-9741 (An issue was discovered in net/http in Go 1.11.5. CRLF injection - golang-1.12 1.12-1 - golang-1.11 1.11.6-1 (bug #924630) - golang-1.8 <removed> + [stretch] - golang-1.8 <postponed> (Minor issue, can be fixed along in future DSA) - golang-1.7 <removed> + [stretch] - golang-1.7 <postponed> (Minor issue, can be fixed along in future DSA) - golang <removed> NOTE: https://github.com/golang/go/issues/30794 NOTE: https://github.com/golang/go/commit/829c5df58694b3345cb5ea41206783c8ccf5c3ca#diff-b97af51863ce82bf2a13003b52034aa9 @@ -1068,13 +1072,15 @@ CVE-2019-9722 RESERVED CVE-2019-9721 (A denial of service in the subtitle decoder in FFmpeg 4.1 allows attac ...) - ffmpeg <unfixed> + [stretch] - ffmpeg <not-affected> (Vulnerable code not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc4838dedc3932e65 CVE-2019-9720 RESERVED CVE-2019-9719 RESERVED CVE-2019-9718 (In FFmpeg 4.1, a denial of service in the subtitle decoder allows atta ...) - - ffmpeg <unfixed> + - ffmpeg <unfixed> (low) + [stretch] - ffmpeg <postponed> (Wait until fixed in 3.2.x release) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982 CVE-2019-9717 RESERVED @@ -1144,6 +1150,7 @@ CVE-2019-9688 (sftnow through 2018-12-29 allows index.php?g=Admin&m=User& NOT-FOR-US: sftnow CVE-2019-9687 (PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF ...) - libpodofo <unfixed> (bug #924430) + [stretch] - libpodofo <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/podofo/code/1969 CVE-2019-9686 (pacman before 5.1.3 allows directory traversal when installing a remot ...) NOT-FOR-US: pacman package manager for arch, different from src:pacman @@ -1214,8 +1221,9 @@ CVE-2019-9658 (Checkstyle before 8.18 loads external DTDs by default. ...) CVE-2019-9657 RESERVED CVE-2019-9656 (An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dere ...) - - libofx <unfixed> (bug #924350) + - libofx <unfixed> (unimportant; bug #924350) NOTE: https://github.com/libofx/libofx/issues/22 + NOTE: Negligible security impact CVE-2019-9655 RESERVED CVE-2019-9654 @@ -1324,6 +1332,7 @@ CVE-2019-9638 (An issue was discovered in the EXIF component in PHP before 7.1.2 CVE-2019-9633 (gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent ...) [experimental] - glib2.0 2.59.2-1 - glib2.0 <unfixed> (bug #924344) + [stretch] - glib2.0 <no-dsa> (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1649 NOTE: https://gitlab.gnome.org/GNOME/glib/commit/d553d92d6e9f53cbe5a34166fcb919ba652c6a8e (2.59.2) CVE-2019-9632 (ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability vi ...) @@ -1447,7 +1456,8 @@ CVE-2019-9580 (In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.1 CVE-2019-9579 RESERVED CVE-2019-9578 (In devs.c in Yubico libu2f-host before 1.1.8, the response to init is ...) - - libu2f-host 1.1.9-1 (bug #923874) + - libu2f-host 1.1.9-1 (low; bug #923874) + [stretch] - libu2f-host <no-dsa> (Minor issue) NOTE: https://github.com/Yubico/libu2f-host/commit/e4bb58cc8b6202a421e65f8230217d8ae6e16eb5 CVE-2019-9577 RESERVED @@ -2709,69 +2719,82 @@ CVE-2019-9040 (S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user v CVE-2019-9039 RESERVED CVE-2019-9038 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - - libmatio <unfixed> (bug #924185) + - libmatio <unfixed> (low; bug #924185) + [stretch] - libmatio <no-dsa> (Minor issue) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9037 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - - libmatio <unfixed> (bug #924185) + - libmatio <unfixed> (low; bug #924185) + [stretch] - libmatio <no-dsa> (Minor issue) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9036 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - - libmatio <unfixed> (bug #924185) + - libmatio <unfixed> (low; bug #924185) + [stretch] - libmatio <no-dsa> (Minor issue) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb NOTE: Not completely fixed with the initial two commits, cf. NOTE: https://github.com/tbeu/matio/issues/103#issuecomment-472020538 ff CVE-2019-9035 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - - libmatio <unfixed> (bug #924185) + - libmatio <unfixed> (low; bug #924185) + [stretch] - libmatio <no-dsa> (Minor issue) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9034 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - - libmatio <unfixed> (bug #924185) + - libmatio <unfixed> (low; bug #924185) + [stretch] - libmatio <no-dsa> (Minor issue) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9033 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - - libmatio <unfixed> (bug #924185) + - libmatio <unfixed> (low; bug #924185) + [stretch] - libmatio <no-dsa> (Minor issue) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9032 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - - libmatio <unfixed> (bug #924185) + - libmatio <unfixed> (low; bug #924185) + [stretch] - libmatio <no-dsa> (Minor issue) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9031 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - - libmatio <unfixed> (bug #924185) + - libmatio <unfixed> (low; bug #924185) + [stretch] - libmatio <no-dsa> (Minor issue) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9030 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - - libmatio <unfixed> (bug #924185) + - libmatio <unfixed> (low; bug #924185) + [stretch] - libmatio <no-dsa> (Minor issue) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9029 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - - libmatio <unfixed> (bug #924185) + - libmatio <unfixed> (low; bug #924185) + [stretch] - libmatio <no-dsa> (Minor issue) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9028 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - - libmatio <unfixed> (bug #924185) + - libmatio <unfixed> (low; bug #924185) + [stretch] - libmatio <no-dsa> (Minor issue) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9027 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - - libmatio <unfixed> (bug #924185) + - libmatio <unfixed> (low; bug #924185) + [stretch] - libmatio <no-dsa> (Minor issue) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9026 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - - libmatio <unfixed> (bug #924185) + - libmatio <unfixed> (low; bug #924185) + [stretch] - libmatio <no-dsa> (Minor issue) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb @@ -5504,10 +5527,12 @@ CVE-2019-7735 CVE-2019-7734 RESERVED CVE-2019-7733 (In Live555 0.95, there is a buffer overflow via a large integer in a C ...) - - liblivemedia <unfixed> + - liblivemedia <unfixed> (low) + [stretch] - liblivemedia <no-dsa> (Minor issue) NOTE: https://github.com/rgaufman/live555/issues/21 CVE-2019-7732 (In Live555 0.95, a setup packet can cause a memory leak leading to DoS ...) - - liblivemedia <unfixed> + - liblivemedia <unfixed> (low) + [stretch] - liblivemedia <no-dsa> (Minor issue) NOTE: https://github.com/rgaufman/live555/issues/20 CVE-2019-7731 (MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an ...) NOT-FOR-US: MyWebSQL @@ -5703,7 +5728,8 @@ CVE-2019-7650 RESERVED CVE-2019-7653 (The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CL ...) {DLA-1717-1} - - rdflib 4.2.2-2 (bug #921751) + - rdflib 4.2.2-2 (low; bug #921751) + [stretch] - rdflib <no-dsa> (Minor issue) NOTE: Debian specific issue as respective scripts are overwritten in Debian NOTE: packaging as wrappers invoking python -m. CVE-2019-7649 (global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies ...) diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 4d96e5245c..57b43d8edb 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -17,6 +17,8 @@ If needed, specify the release by adding a slash after the name of the source pa -- drupal7 -- +evolution +-- faad2 not yet fixed upstream -- @@ -37,6 +39,8 @@ libidn libpng1.6 wait for final patch -- +libssh2 +-- linux Wait until more issues have piled up -- @@ -52,6 +56,8 @@ openjdk-8 (jmm) -- passenger (carnil) -- +pdns +-- simplesamlphp -- smarty3 @@ -66,3 +72,5 @@ wireshark -- wordpress -- +xen +-- |