diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2020-05-28 19:02:51 +0200 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-05-28 19:02:51 +0200 |
| commit | c39d1a5463ac7d451a8b4cc349ca60dcf387ed9f (patch) | |
| tree | 72e1eda23685b2083c25ebe68c9fbfaa02cc7d43 | |
| parent | 602bc04285a5d3b4f0b326c13d416da7b1b7fb46 (diff) | |
new ntp issue
NFUs
add and take ffmpeg
| -rw-r--r-- | data/CVE/list | 14 | ||||
| -rw-r--r-- | data/dsa-needed.txt | 2 |
2 files changed, 12 insertions, 4 deletions
diff --git a/data/CVE/list b/data/CVE/list index 1e65be60e4..269ebc2d17 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -119642,7 +119642,13 @@ CVE-2018-8958 CVE-2018-8957 (CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related ...) NOT-FOR-US: CoverCMS CVE-2018-8956 (ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote att ...) - TODO: check + - ntp <unfixed> (low) + [buster] - ntp <no-dsa> (Minor issue) + [stretch] - ntp <no-dsa> (Minor issue) + NOTE: MISC:https://arxiv.org/abs/2005.01783 + NOTE: MISC:https://nikhiltripathi.in/NTP_attack.pdf + NOTE: MISC:https://tools.ietf.org/html/rfc5905 + TODO: check ntpsec CVE-2018-8955 (The installer for BitDefender GravityZone relies on an encoded string ...) NOT-FOR-US: BitDefender GravityZone CVE-2018-8954 (CA Workload Control Center before r11.4 SP6 allows remote attackers to ...) @@ -229757,7 +229763,7 @@ CVE-2015-7948 CVE-2015-7947 REJECTED CVE-2015-7946 (Information Exposure vulnerability in Unity8 as used on the Ubuntu pho ...) - TODO: check + NOT-FOR-US: Unity8 (predates Lomiri) CVE-2015-7945 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti befo ...) {DSA-3431-1} - ganeti 2.15.2-1 (bug #809538) @@ -274934,7 +274940,7 @@ CVE-2014-1424 (apparmor_parser in the apparmor package before 2.8.95~2430-0ubunt NOTE: affected one that we ever had in Debian (2.8.96~2652) did not NOTE: include the faulty patch. CVE-2014-1423 (signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch ...) - TODO: check + NOT-FOR-US: signond from Ubuntu Touch CVE-2014-1422 RESERVED CVE-2014-1421 (mountall 1.54, as used in Ubuntu 14.10, does not properly handle the u ...) @@ -292528,7 +292534,7 @@ CVE-2013-1868 (Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and CVE-2013-1867 (Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerabi ...) NOT-FOR-US: Gemalto Tokend CVE-2013-1866 (OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerab ...) - TODO: check + NOT-FOR-US: OpenSC.tokend (different from src:opensc) CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform revocatio ...) - keystone <not-affected> (only affects folsom) NOTE: fixed in experimental with keystone/2012.2.3-2 diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 52afda406a..0966921790 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa -- chromium -- +ffmpeg (jmm) +-- jruby/oldstable -- libopenmpt |