From f072fecb8f9d397795d39c392180b6fee57d1ba1 Mon Sep 17 00:00:00 2001 From: Markus Koschany Date: Sun, 31 Oct 2021 23:26:56 +0100 Subject: Remove no-dsa tags for upcoming glusterfs update --- data/CVE/2018.list | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 95a80e17a1..26585e7566 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -17565,14 +17565,12 @@ CVE-2018-14662 (It was found Ceph versions before 13.2.4 that authenticated ceph CVE-2018-14661 (It was found that usage of snprintf function in feature/locks translat ...) {DLA-1565-1} - glusterfs 5.1-1 (bug #912997) - [stretch] - glusterfs (Minor issue; can be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1636880 NOTE: https://review.gluster.org/#/c/glusterfs/+/21532/ NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=74dbf0a9aac4b960832029ec122685b5b5009127 CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 ...) - glusterfs 5.1-1 (bug #912997) - [stretch] - glusterfs (Minor issue; can be fixed via point release) [jessie] - glusterfs (vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635926 @@ -17581,7 +17579,6 @@ CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and CVE-2018-14659 (The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable ...) {DLA-1565-1} - glusterfs 5.1-1 (bug #912997) - [stretch] - glusterfs (Minor issue; can be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635929 NOTE: https://review.gluster.org/#/c/glusterfs/+/21530/ @@ -17599,7 +17596,6 @@ CVE-2018-14655 (A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Fin NOT-FOR-US: Keycloak CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to abuse o ...) - glusterfs 5.1-1 (bug #912997) - [stretch] - glusterfs (Minor issue; can be fixed via point release) [jessie] - glusterfs (vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1631576 @@ -17609,7 +17605,6 @@ CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to a CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulnerable ...) {DLA-1565-1} - glusterfs 5.1-1 (bug #912997) - [stretch] - glusterfs (Minor issue; can be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1633431 NOTE: https://review.gluster.org/#/c/glusterfs/+/21528/ @@ -17619,7 +17614,6 @@ CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulne CVE-2018-14652 (The Gluster file system through versions 3.12 and 4.1.4 is vulnerable ...) {DLA-1565-1} - glusterfs 5.0-1 (bug #912997) - [stretch] - glusterfs (Minor issue; can be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632974 NOTE: https://review.gluster.org/#/c/glusterfs/+/21535/ @@ -27579,35 +27573,30 @@ CVE-2018-10931 (It was found that cobbler 2.6.x exposed all functions from its C CVE-2018-10930 (A flaw was found in RPC request using gfs3_rename_req in glusterfs ser ...) {DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612664 NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651 CVE-2018-10929 (A flaw was found in RPC request using gfs2_create_req in glusterfs ser ...) {DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612660 NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651 CVE-2018-10928 (A flaw was found in RPC request using gfs3_symlink_req in glusterfs se ...) {DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612659 NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651 CVE-2018-10927 (A flaw was found in RPC request using gfs3_lookup_req in glusterfs ser ...) {DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612658 NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651 CVE-2018-10926 (A flaw was found in RPC request using gfs3_mknod_req supported by glus ...) {DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1613143 NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651 @@ -27630,7 +27619,6 @@ CVE-2018-10924 (It was discovered that fsync(2) system call in glusterfs client CVE-2018-10923 (It was found that the "mknod" call derived from mknod(2) can create fi ...) {DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1610659 NOTE: https://github.com/gluster/glusterfs/commit/4bafcc97e812acc854dfc436ade35df0308d5a3e CVE-2018-10922 (An input validation flaw exists in ttembed. With a crafted input file, ...) @@ -27671,13 +27659,11 @@ CVE-2018-10915 (A vulnerability was found in libpq, the default PostgreSQL clien CVE-2018-10914 (It was found that an attacker could issue a xattr request via glusterf ...) {DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607617 NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad CVE-2018-10913 (An information disclosure vulnerability was discovered in glusterfs se ...) {DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607618 NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad CVE-2018-10912 (keycloak before version 4.0.0.final is vulnerable to a infinite loop i ...) @@ -27685,7 +27671,6 @@ CVE-2018-10912 (keycloak before version 4.0.0.final is vulnerable to a infinite CVE-2018-10911 (A flaw was found in the way dic_unserialize function of glusterfs does ...) {DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601657 NOTE: https://github.com/gluster/glusterfs/commit/cc3271ebf3aacdbbc77fdd527375af78ab12ea8d CVE-2018-10910 (A bug in Bluez may allow for the Bluetooth Discoverable state being se ...) @@ -27705,7 +27690,6 @@ CVE-2018-10908 (It was found that vdsm before version 4.20.37 invokes qemu-img o CVE-2018-10907 (It was found that glusterfs server is vulnerable to multiple stack bas ...) {DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601642 NOTE: https://github.com/gluster/glusterfs/commit/35f86ce46240c4f9c216bbc29164ce441cfca1e7 CVE-2018-10906 (In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vuln ...) @@ -27719,7 +27703,6 @@ CVE-2018-10905 (CloudForms Management Engine (cfme) is vulnerable to an improper CVE-2018-10904 (It was found that glusterfs server does not properly sanitize file pat ...) {DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601298 NOTE: https://github.com/gluster/glusterfs/commit/9716ce88b3a1faf135a6badc02d94249898059dd CVE-2018-10903 (A flaw was found in python-cryptography versions between >=1.9.0 an ...) @@ -28023,7 +28006,6 @@ CVE-2018-10842 REJECTED CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster server node ...) - glusterfs 4.1.2-1 (bug #901968) - [stretch] - glusterfs (Minor issue; can be fixed via point release) [jessie] - glusterfs (vulnerable code not present) NOTE: https://review.gluster.org/#/c/20328/ NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e8d928e34680079e42be6947ffacc4ddd7defca2 @@ -52852,7 +52834,6 @@ CVE-2018-1089 (389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not pr NOTE: https://www.openwall.com/lists/oss-security/2018/05/07/2 CVE-2018-1088 (A privilege escalation flaw was found in gluster 3.x snapshot schedule ...) - glusterfs 4.0.2-1 (bug #896128) - [stretch] - glusterfs (Minor issue; can be fixed via point release) [jessie] - glusterfs (vulnerable code not present) [wheezy] - glusterfs (vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1558721 -- cgit v1.2.3