diff options
| author | Paul Wise <pabs@debian.org> | 2019-09-18 12:26:18 +0800 |
|---|---|---|
| committer | Paul Wise <pabs@debian.org> | 2019-09-18 12:26:18 +0800 |
| commit | e459323aefff1bcc549cca38fb34a16365b5562b (patch) | |
| tree | 68d997084e00ed35ee185b6b5cc5c96b69fc6fc8 | |
| parent | 985b8b29418c070753202bc5fcfc763a4a29bf8d (diff) | |
Switch all bugzilla.novell.com URLs to bugzilla.suse.com
The novell.com address is historical and deprecated.
Requested-by: Alexandros Toptsoglou <atoptsoglou@suse.com>
Requested-in: <a3bc5c9f-d52d-a79d-e1da-6a6484cee9ea@suse.com>
| -rwxr-xr-x | bin/tracker_service.py | 2 | ||||
| -rw-r--r-- | data/CVE/2005.list | 2 | ||||
| -rw-r--r-- | data/CVE/2008.list | 2 | ||||
| -rw-r--r-- | data/CVE/2009.list | 2 | ||||
| -rw-r--r-- | data/CVE/2011.list | 4 | ||||
| -rw-r--r-- | data/CVE/2012.list | 32 | ||||
| -rw-r--r-- | data/CVE/2013.list | 10 | ||||
| -rw-r--r-- | data/CVE/2014.list | 20 | ||||
| -rw-r--r-- | data/CVE/2015.list | 14 | ||||
| -rw-r--r-- | data/CVE/2016.list | 8 | ||||
| -rw-r--r-- | data/CVE/2017.list | 12 | ||||
| -rw-r--r-- | data/CVE/2018.list | 20 | ||||
| -rw-r--r-- | data/CVE/2019.list | 6 |
13 files changed, 67 insertions, 67 deletions
diff --git a/bin/tracker_service.py b/bin/tracker_service.py index 6484415387..9f45dab8a8 100755 --- a/bin/tracker_service.py +++ b/bin/tracker_service.py @@ -1545,7 +1545,7 @@ Debian bug number.'''), def url_gentoo_bug(self, url, name): return url.absolute("https://bugs.gentoo.org/show_bug.cgi", id=name) def url_suse_bug(self, url, name): - return url.absolute("https://bugzilla.novell.com/show_bug.cgi", + return url.absolute("https://bugzilla.suse.com/show_bug.cgi", id=name) def url_suse_cve(self, url, name): return url.absolute("https://www.suse.com/security/cve/%s/" % name) diff --git a/data/CVE/2005.list b/data/CVE/2005.list index b32c11e5c1..f47a85358c 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -318,7 +318,7 @@ CVE-2005-4779 (verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT NOT-FOR-US: NetBSD CVE-2005-4778 (The powersave daemon in SUSE Linux 10.0 before 20051007 has an unspeci ...) - powersave 0.12.7-1 - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=119628&x=18&y=11&=Find + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=119628&x=18&y=11&=Find CVE-2005-4777 (Tashcom ASPEdit 2.9 stores the administration password (aka the FTP pa ...) NOT-FOR-US: Tashcom ASPEdit CVE-2005-4776 (Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in ...) diff --git a/data/CVE/2008.list b/data/CVE/2008.list index 47e60b69f8..50ee366cc8 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -9155,7 +9155,7 @@ CVE-2008-3423 (IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers NOT-FOR-US: IBM WebSphere Portal CVE-2008-3422 (Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net cla ...) - mono 1.9.1+dfsg-4 (low; bug #494406) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=413534 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=413534 NOTE: http://n2.nabble.com/-PATCH--HTML-encode-attributes-that-might-need-encoding-td584193.html CVE-2008-3431 (The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualB ...) - virtualbox-ose <not-affected> (affects only windows host systems) diff --git a/data/CVE/2009.list b/data/CVE/2009.list index 2d1fd468fd..c270af8c60 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -310,7 +310,7 @@ CVE-2009-5029 (Integer overflow in the __tzfile_read function in glibc before 2. [squeeze] - eglibc 2.11.3-3 - glibc 2.13-24 NOTE: http://support.novell.com/security/cve/CVE-2009-5029.html - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=735850 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=735850 CVE-2009-5028 (Stack-based buffer overflow in Namazu before 2.0.20 allows remote atta ...) - namazu2 2.0.20-1.0 (low) CVE-2009-5027 diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 30c0633c5e..f416e6c51d 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -5491,9 +5491,9 @@ CVE-2011-3173 (Stack-based buffer overflow in the GetDriverSettings function in NOT-FOR-US: Novell Open Enterprise Server CVE-2011-3172 (A vulnerability in pam_modules of SUSE SUSE Linux Enterprise allows at ...) - libpam-unix2 <removed> - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=707645 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=707645 NOTE: Issue was not fixed up to the version removed from unstable. - NOTE: Proposed update form SUSE: https://bugzilla.novell.com/attachment.cgi?id=441720 + NOTE: Proposed update form SUSE: https://bugzilla.suse.com/attachment.cgi?id=441720 CVE-2011-3171 (Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly oth ...) NOT-FOR-US: pure-FTPd add-on CVE-2011-3170 (The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earl ...) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index e6a6f67e04..d0d7f1330a 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -1567,7 +1567,7 @@ CVE-2012-6098 (grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, CVE-2012-6097 (File descriptor leak in cronie 1.4.8, when running in certain environm ...) [experimental] - cronie <unfixed> (low; bug #697811) NOTE: Only present in experimental - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=786096 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=786096 CVE-2012-6096 (Multiple stack-based buffer overflows in the get_history function in h ...) {DSA-2653-1 DSA-2616-1} - icinga 1.7.1-5 (bug #697931) @@ -2938,7 +2938,7 @@ CVE-2012-5581 (Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 CVE-2012-5580 (Format string vulnerability in the print_proxies function in bin/proxy ...) - libproxy 0.3.1-4 (low) [squeeze] - libproxy <no-dsa> (Minor issue) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=791086 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=791086 NOTE: https://code.google.com/p/libproxy/source/detail?r=475 CVE-2012-5579 REJECTED @@ -7915,7 +7915,7 @@ CVE-2012-3524 (libdbus 1.5.x and earlier, when used in setuid or other privilege [squeeze] - glib2.0 <not-affected> (Vulnerable code not present) NOTE: fixed in 2.34.0-1 from experimental NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/6 - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=697105 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=697105 NOTE: http://stealth.openwall.net/null/dzug.c CVE-2012-3523 (The STARTTLS implementation in nnrpd in INN before 2.5.3 does not prop ...) - inn <not-affected> (STARTTLS was introduced in 2.3, see bug #685581) @@ -8054,7 +8054,7 @@ CVE-2012-3481 (Integer overflow in the ReadImage function in plug-ins/common/fil - gimp 2.8.2-1 (bug #685397) [squeeze] - gimp 2.6.10-1+squeeze4 NOTE: http://www.openwall.com/lists/oss-security/2012/08/20/8 - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=776572 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=776572 CVE-2012-3480 (Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, ...) {DLA-165-1} - eglibc 2.13-36 (bug #684889) @@ -8391,11 +8391,11 @@ CVE-2012-3383 (The map_meta_cap function in wp-includes/capabilities.php in Word CVE-2012-3382 (Cross-site scripting (XSS) vulnerability in the ProcessRequest functio ...) {DSA-2512-1} - mono 2.10.8.1-5 (bug #681095) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=769799 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=769799 NOTE: https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2 CVE-2012-3381 (sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRA ...) NOT-FOR-US: sblim-sfcb - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=770234 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=770234 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=838160 NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/7 NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/8 @@ -9628,7 +9628,7 @@ CVE-2012-2846 (Google Chrome before 21.0.1180.57 on Linux does not properly isol CVE-2012-2845 (Integer overflow in the jpeg_data_load_data function in jpeg-data.c in ...) - exif 0.6.20-2 (low; bug #681465) [squeeze] - exif <no-dsa> (Minor crasher) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2844 (The PDF functionality in Google Chrome before 20.0.1132.57 does not pr ...) - chromium-browser <not-affected> @@ -9641,12 +9641,12 @@ CVE-2012-2842 (Use-after-free vulnerability in Google Chrome before 20.0.1132.57 CVE-2012-2841 (Integer underflow in the exif_entry_get_value function in exif-entry.c ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2840 (Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-en ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2839 RESERVED @@ -9655,12 +9655,12 @@ CVE-2012-2838 CVE-2012-2837 (The mnote_olympus_entry_get_value function in olympus/mnote-olympus-en ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2836 (The exif_data_load_data function in exif-data.c in the EXIF Tag Parsin ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2835 RESERVED @@ -9721,17 +9721,17 @@ CVE-2012-2815 (Google Chrome before 20.0.1132.43 allows remote attackers to obta CVE-2012-2814 (Buffer overflow in the exif_entry_format_value function in exif-entry. ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2813 (The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Ta ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2812 (The exif_entry_get_value function in exif-entry.c in the EXIF Tag Pars ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2811 RESERVED @@ -10139,7 +10139,7 @@ CVE-2012-2670 (manageuser.php in Collabtive before 0.7.6 allows remote authentic CVE-2012-2669 (The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distri ...) - linux 3.2.23-1 [squeeze] - linux-2.6 <not-affected> (userspace daemon not yet present) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=761200 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=761200 CVE-2012-2668 (libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, wh ...) - openldap <not-affected> (OpenLDAP in Debian uses GNUTLS instead of Mozilla NSS) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=825875 @@ -11440,7 +11440,7 @@ CVE-2012-2133 (Use-after-free vulnerability in the Linux kernel before 3.3.6, wh - linux-2.6 3.2.19-1 CVE-2012-2132 (libsoup 2.32.2 and earlier does not validate certificates or clear the ...) - midori <unfixed> (unimportant; bug #672880) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=758431 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=758431 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=817692 CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSS ...) {DSA-2454-2} diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 50f056df50..1a0db1fe55 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -3016,7 +3016,7 @@ CVE-2013-6427 (upgrade.py in the hp-upgrade service in HP Linux Imaging and Prin {DSA-2829-1} - hplip 3.13.11-2 (bug #731480) [squeeze] - hplip <not-affected> (Vulnerable code not present) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=853405 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=853405 CVE-2013-6426 (The cloudformation-compatible API in OpenStack Orchestration API (Heat ...) - heat 2013.2.1-1 (bug #732033) NOTE: https://launchpad.net/bugs/1256049 @@ -3126,7 +3126,7 @@ CVE-2013-6403 (The admin page in ownCloud before 5.0.13 allows remote attackers CVE-2013-6402 (base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 ...) {DSA-2829-1} - hplip 3.13.11-2.1 (bug #725876) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=852368 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=852368 CVE-2013-6401 (Jansson, possibly 2.4 and earlier, does not restrict the ability to tr ...) - jansson 2.6-1 (bug #738647) [wheezy] - jansson <no-dsa> (Minor issue) @@ -8949,7 +8949,7 @@ CVE-2013-4160 (Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly - lcms2 2.2+git20110628-2.3 (bug #714529) [wheezy] - lcms2 2.2+git20110628-2.2+deb7u1 NOTE: https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9 - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=826097#c9 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=826097#c9 CVE-2013-4159 (ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary fi ...) - ctdb 2.5.1+debian0-1 (bug #749840) [wheezy] - ctdb <no-dsa> (Minor issue) @@ -17267,7 +17267,7 @@ CVE-2013-1091 (Stack-based buffer overflow in Novell iPrint Client before 5.90 a NOT-FOR-US: Novell iPrint Client CVE-2013-1090 (The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership fo ...) - php-horde <not-affected> (SuSE specific packaging flaw) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=811369 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=811369 CVE-2013-1089 RESERVED CVE-2013-1088 (Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 ...) @@ -19514,7 +19514,7 @@ CVE-2013-0263 (Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1. {DSA-2783-1} - ruby-rack 1.4.1-2.1 (bug #700226) - librack-ruby <removed> (bug #700226) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=802794 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=802794 NOTE: Patches in git, commits 0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07 and 9a81b961457805f6d1a5c275d053068440421e11 CVE-2013-0262 (rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before ...) - ruby-rack 1.4.1-2.1 (bug #700173) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 2c292eaa63..e29e102228 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -1923,7 +1923,7 @@ CVE-2014-9720 {DLA-475-1 DLA-279-1} - python-tornado 3.2.2-1 NOTE: https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308 - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=930362 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=930362 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1222816 CVE-2014-9719 RESERVED @@ -11203,7 +11203,7 @@ CVE-2014-6270 (Off-by-one error in the snmpHandleUdp function in snmp_core.cc in - squid3 3.4.8-1 (low; bug #761002) [wheezy] - squid3 <no-dsa> (Minor issue) [squeeze] - squid3 <no-dsa> (Minor issue) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=895773 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=895773 NOTE: Upstream commits: http://bazaar.launchpad.net/~squid/squid/trunk/revision/13574 NOTE: http://bazaar.launchpad.net/~squid/squid/trunk/revision/13582 NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_3.txt @@ -11214,7 +11214,7 @@ CVE-2014-7142 (The pinger in Squid 3.x before 3.4.8 allows remote attackers to o - squid3 3.4.8-1 (bug #760999) [squeeze] - squid3 <no-dsa> (Minor issue) [wheezy] - squid3 <no-dsa> (Minor issue) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=891268 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=891268 NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_4.txt CVE-2014-7141 (The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain ...) - squid 4.1-1 @@ -11223,7 +11223,7 @@ CVE-2014-7141 (The pinger in Squid 3.x before 3.4.8 allows remote attackers to o - squid3 3.4.8-1 (bug #760999) [squeeze] - squid3 <no-dsa> (Minor issue) [wheezy] - squid3 <no-dsa> (Minor issue) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=891268 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=891268 NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_4.txt CVE-2014-6268 (The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest u ...) - xen 4.4.1-3 @@ -13994,7 +13994,7 @@ CVE-2014-5044 (Multiple integer overflows in libgfortran might allow remote atta CVE-2014-5033 (KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-B ...) {DSA-3004-1 DLA-76-1} - kde4libs 4:4.13.3-2 (bug #755814) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=864716 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=864716 NOTE: http://quickgit.kde.org/?p=kdelibs.git&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23 CVE-2014-5032 (GLPI before 0.84.7 does not properly restrict access to cost informati ...) - glpi <removed> (unimportant) @@ -15001,7 +15001,7 @@ CVE-2014-4611 (Integer overflow in the LZ4 algorithm implementation, as used in [wheezy] - linux <not-affected> (LZ4 support introduced in 3.11) - linux-2.6 <not-affected> (LZ4 support introduced in 3.11) NOTE: possible fix in https://lkml.org/lkml/2014/7/4/288 - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=883949#c12 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=883949#c12 - lz4 0.0~r119-1 NOTE: Not exploitable for lz* compressed kernel images: http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html NOTE: for lz4: https://code.google.com/p/lz4/issues/detail?id=52 and https://code.google.com/p/lz4/source/detail?r=118 @@ -16311,11 +16311,11 @@ CVE-2014-4040 (snap in powerpc-utils 1.2.20 produces an archive with fstab and y NOTE: 1.3.1-2 upload removed /usr/sbin/snap from the installed binary package CVE-2014-4039 (ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does no ...) - ppc64-diag 2.7.1-5 - NOTE: SuSE Patch: https://bugzilla.novell.com/attachment.cgi?id=599147 + NOTE: SuSE Patch: https://bugzilla.suse.com/attachment.cgi?id=599147 CVE-2014-4038 (ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a ...) - ppc64-diag 2.7.1-5 NOTE: Issue partially fixed in 2.7.1-1, but not all parts fixed - NOTE: SuSE Patch: https://bugzilla.novell.com/attachment.cgi?id=599147 + NOTE: SuSE Patch: https://bugzilla.suse.com/attachment.cgi?id=599147 CVE-2014-4037 (Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerp ...) - fckeditor <removed> (low; bug #752873) [wheezy] - fckeditor <no-dsa> (Minor issue) @@ -17843,7 +17843,7 @@ CVE-2014-3535 (include/linux/netdevice.h in the Linux kernel before 2.6.36 incor - linux <not-affected> (RHEL-specific, incomplete backport) - linux-2.6 <not-affected> (RHEL-specific, incomplete backport) NOTE: Fix: https://git.kernel.org/linus/256df2f3879efdb2e9808bdb1b54b16fbb11fa38 - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=896015#c8 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=896015#c8 CVE-2014-3534 (arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s39 ...) {DSA-2992-1} - linux 3.14.13-2 (bug #728705) @@ -24352,7 +24352,7 @@ CVE-2014-1203 (The get_login_ip_config_file function in Eyou Mail System before CVE-2014-0979 (The start_authentication function in lightdm-gtk-greeter.c in LightDM ...) - lightdm-gtk-greeter 1.6.1-5 (bug #734472) NOTE: https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449 - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=857303 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=857303 [wheezy] - lightdm-gtk-greeter <not-affected> (in Wheezy, lightdm restarts when the greeter crashes, so there's no DoS) CVE-2014-0978 (Stack-based buffer overflow in the yyerror function in lib/cgraph/scan ...) {DSA-2843-1} diff --git a/data/CVE/2015.list b/data/CVE/2015.list index b92c15fc77..4aa3047264 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -5766,7 +5766,7 @@ CVE-2015-7575 (Mozilla Network Security Services (NSS) before 3.20.2, as used in [squeeze] - nss <not-affected> (only affects nss post 2012-07-26) [wheezy] - nss <not-affected> (TLS 1.2 not supported in 3.14, only 3.15.1 and above) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-150/ - NOTE: Patch in SuSE Bugzilla: https://bugzilla.novell.com/attachment.cgi?id=660286 + NOTE: Patch in SuSE Bugzilla: https://bugzilla.suse.com/attachment.cgi?id=660286 NOTE: NSS upstream fix is actually in 3.20.2: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes NOTE: NSS patch: https://hg.mozilla.org/projects/nss/raw-rev/891676aa0d85 - openssl 1.0.1f-1 @@ -5858,8 +5858,8 @@ CVE-2015-7554 (The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows [jessie] - tiff 4.0.3-12.3+deb8u4 - tiff3 <removed> NOTE: http://www.openwall.com/lists/oss-security/2015/12/26/7 - NOTE: SUSE seem to have a fix (disputed): https://bugzilla.novell.com/show_bug.cgi?id=960341 - NOTE: Reproducer file here: https://bugzilla.novell.com/attachment.cgi?id=665389 + NOTE: SUSE seem to have a fix (disputed): https://bugzilla.suse.com/show_bug.cgi?id=960341 + NOTE: Reproducer file here: https://bugzilla.suse.com/attachment.cgi?id=665389 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2564 NOTE: partially fixed by http://bugzilla.maptools.org/show_bug.cgi?id=2564#c2 NOTE: -- @@ -17104,7 +17104,7 @@ CVE-2015-3418 (The ProcPutImage function in dix/dispatch.c in X.Org Server (aka - xorg-server 2:1.16.4-1 (bug #774308) [wheezy] - xorg-server 2:1.12.4-6+deb7u6 NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=928520 (not public yet) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=928520 (not public yet) CVE-2015-3417 (Use-after-free vulnerability in the ff_h264_free_tables function in li ...) {DSA-3288-1} - ffmpeg 7:2.6.1-1 @@ -24533,7 +24533,7 @@ CVE-2015-0900 (Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishi CVE-2015-0899 (The MultiPageValidator implementation in Apache Struts 1 1.1 through 1 ...) {DSA-3536-1 DLA-292-1} - libstruts1.2-java <removed> - NOTE: Patch in SuSE Bugzilla: https://bugzilla.novell.com/attachment.cgi?id=629559 + NOTE: Patch in SuSE Bugzilla: https://bugzilla.suse.com/attachment.cgi?id=629559 NOTE: Patch appplies cleanly to the Wheezy and Squeeze versions CVE-2015-0898 (futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows al ...) NOT-FOR-US: futomi CGI Cafe MP Form Mail CGI eCommerce @@ -24964,11 +24964,11 @@ CVE-2015-0778 (osc before 0.151.0 allows remote attackers to execute arbitrary c - osc 0.149.0-2 (low; bug #780410) [wheezy] - osc 0.134.1-2+deb7u1 [squeeze] - osc <no-dsa> (Minor issue) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=901643 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=901643 CVE-2015-0777 (drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3 ...) - linux <not-affected> (Addon Xen usbback patch not present) - linux-2.6 <not-affected> (Addon Xen usbback patch not present) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=917830 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=917830 CVE-2015-0776 (telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devic ...) NOT-FOR-US: Cisco IOS CVE-2015-0775 (The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Ne ...) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index bf66e10f50..2deeb0b300 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1413,7 +1413,7 @@ CVE-2016-10396 (The racoon daemon in IPsec-Tools 0.8.2 contains a remotely explo [jessie] - ipsec-tools <no-dsa> (Will be fixed via point release) NOTE: NetBSD applied patch: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c.diff?r1=1.5&r2=1.5.36.1 NOTE: NetBSD Problem report: https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682 - NOTE: Patch disputed, cf. https://bugzilla.novell.com/show_bug.cgi?id=1047443#c1 + NOTE: Patch disputed, cf. https://bugzilla.suse.com/show_bug.cgi?id=1047443#c1 NOTE: Updated patch: https://anonscm.debian.org/cgit/pkg-ipsec-tools/pkg-ipsec-tools.git/plain/debian/patches/CVE-2016-10396.patch?id=62ac12648a4eb7c5ba5dba0f81998d1acf310d8b CVE-2016-10395 (In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running Fle ...) NOT-FOR-US: FlexNet Publisher @@ -12699,7 +12699,7 @@ CVE-2016-6662 (Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x thro NOTE: yet to which CVE; those will unlikely made public before the next Oracle CPU. NOTE: https://marc.info/?l=oss-security&m=147367658314062&w=2 NOTE: http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=998309 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=998309 NOTE: Fixed in upstream Oracle MySQL 5.5.52, 5.6.33 and 5.7.15 NOTE: MariaDB: https://jira.mariadb.org/browse/MDEV-10465 NOTE: Fixed in upstream MariaDB 5.5.51, 10.0.27, 10.1.17 @@ -22010,7 +22010,7 @@ CVE-2016-3689 (The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu [jessie] - linux 3.16.36-1 [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: Upstream fix: https://git.kernel.org/linus/a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff (v4.6-rc1) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=971628 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=971628 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1320060 CVE-2016-3682 REJECTED @@ -26050,7 +26050,7 @@ CVE-2016-2324 (Integer overflow in Git before 2.7.4 allows remote attackers to e - git 1:2.8.0~rc3-1 (bug #818318) NOTE: Removal of path_name: https://github.com/git/git/commit/9831e92bfa833ee9c0ce464bbc2f941ae6c2698d (v2.8.0-rc0) NOTE: http://www.openwall.com/lists/oss-security/2016/03/16/2 - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=971328#c4 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=971328#c4 - cgit <not-affected> (path_name function from embedded git is not called) CVE-2016-2323 RESERVED diff --git a/data/CVE/2017.list b/data/CVE/2017.list index b415d2c913..0fc5a38bed 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -2060,7 +2060,7 @@ CVE-2017-17973 (** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2769 NOTE: Details on the issue are not confirmed by the reporter after several attempts NOTE: and this does like a non-issue. More reprodicibly reports are from SUSE in - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1074318#c5 claiming this might be + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1074318#c5 claiming this might be NOTE: a duplicate of CVE-2017-9935. Unless the reporter provides more details on NOTE: upstream report go and consider this as non-issue. CVE-2017-1000447 @@ -11308,7 +11308,7 @@ CVE-2017-14804 (The build package before 20171128 did not check directory names - obs-build 20180302-1 (bug #887306) [stretch] - obs-build 20160921-1+deb9u1 [jessie] - obs-build <no-dsa> (Minor issue) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1069904 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1069904 CVE-2017-14803 (In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server w ...) NOT-FOR-US: NetIQ Access Manager CVE-2017-14802 (Novell Access Manager Admin Console and IDP servers before 4.3.3 have ...) @@ -13659,7 +13659,7 @@ CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2 - ruby2.1 <removed> - ruby1.9.1 <removed> - ruby1.8 <not-affected> (vunlerable code not present) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1058757 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1058757 NOTE: https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/ NOTE: https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b CVE-2017-14031 (An Improper Access Control issue was discovered in Trihedral VTScada 1 ...) @@ -26000,7 +26000,7 @@ CVE-2017-9670 (An uninitialized stack variable vulnerability in load_tic_series( [jessie] - gnuplot5 <not-affected> (Vulnerable code introduced later) NOTE: https://sourceforge.net/p/gnuplot/bugs/1933/ NOTE: The specific CVE is for the uninitialized stack variable fixed via set.c - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1044638#c5 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1044638#c5 NOTE: Fixed by: https://github.com/gnuplot/gnuplot/commit/4e39b1d7b274c7d4a69cbaba85ff321264f4457e NOTE: Introduced by: https://github.com/gnuplot/gnuplot/commit/cd4b777389379598740fc02decff772b0e7bcbd6 NOTE: Crash in a CLI tool, no security impact @@ -27171,7 +27171,7 @@ CVE-2017-9274 (A shell command injection in the obs-service-source_validator bef [stretch] - osc <no-dsa> (Minor issue) [jessie] - osc <no-dsa> (Minor issue) [wheezy] - osc <no-dsa> (Minor issue) - NOTE: Details in https://bugzilla.novell.com/show_bug.cgi?id=938556 + NOTE: Details in https://bugzilla.suse.com/show_bug.cgi?id=938556 NOTE: SUSE adressed the issue not only in the obs-service-source_validator NOTE: and adding a validation in 0.162.0 when using OBS 2.9, cf.: NOTE: https://github.com/openSUSE/osc/commit/f0325eb0b58c266eb0905ccf827dc7eb864378a1 @@ -31109,7 +31109,7 @@ CVE-2017-7860 (Google gRPC before 2017-02-22 has an out-of-bounds write caused b - grpc 1.2.5-1+nmu0 (bug #860316) CVE-2017-7859 (FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-b ...) - ffmpeg <not-affected> (Only affected master, not present in a release) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1034183 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1034183 NOTE: https://github.com/FFmpeg/FFmpeg/commit/70ebc05bce51215cd0857194d6cabf1e4d1440fb CVE-2017-7858 (FreeType 2 before 2017-03-07 has an out-of-bounds write related to the ...) - freetype <not-affected> (Vulnerable code introduced in 2.6.4) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 249d1637e1..d6263227d8 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -5088,7 +5088,7 @@ CVE-2018-19296 (PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an CVE-2018-19295 (Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper I ...) - singularity-container 2.6.1-1 NOTE: https://www.openwall.com/lists/oss-security/2018/12/12/2 - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1111411 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1111411 CVE-2018-19294 RESERVED CVE-2018-19293 @@ -5262,7 +5262,7 @@ CVE-2018-19216 (Netwide Assembler (NASM) before 2.13.02 has a use-after-free in [jessie] - nasm <ignored> (Minor issue) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392425 NOTE: Fix: https://repo.or.cz/nasm.git/commitdiff/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9 - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1115758#c7 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1115758#c7 CVE-2018-19215 (Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in ...) - nasm 2.14-1 (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392525 @@ -8500,7 +8500,7 @@ CVE-2018-17954 RESERVED CVE-2018-17953 (A incorrect variable in a SUSE specific patch for pam_access rule matc ...) - pam <not-affected> (Issue introduced by SUSE specific patch) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1115640 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1115640 NOTE: Issue introduced by SUSE specific patch (pam-hostnames-in-access_conf.patch) NOTE: https://build.opensuse.org/package/view_file/Linux-PAM/pam/pam-hostnames-in-access_conf.patch NOTE: And fixed with (use-correct-IP-address.patch) @@ -12000,7 +12000,7 @@ CVE-2018-16589 RESERVED CVE-2018-16588 (Privilege escalation can occur in the SUSE useradd.c code in useradd, ...) - shadow <not-affected> (SuSE-specific patch) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1106914 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1106914 NOTE: The SUSE specific patch was a first iteration of https://github.com/shadow-maint/shadow/pull/2 CVE-2018-16587 (In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before ...) {DSA-4317-1 DLA-1521-1} @@ -16965,12 +16965,12 @@ CVE-2018-14622 (A null-pointer dereference vulnerability was found in libtirpc b - libtirpc 0.2.5-1.3 (bug #907608) [stretch] - libtirpc 0.2.5-1.2+deb9u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1620293 - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=968175 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=968175 NOTE: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0 CVE-2018-14621 (An infinite loop vulnerability was found in libtirpc before version 1. ...) - libtirpc <not-affected> (Vulnerable code not in a released version) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1620290 - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=968175 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=968175 NOTE: Introduced by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=b2c9430f46c4ac848957fb8adaac176a3f6ac03f (0.3.3-rc3) NOTE: Fixed by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b CVE-2018-14620 (The OpenStack RabbitMQ container image insecurely retrieves the rabbit ...) @@ -28722,7 +28722,7 @@ CVE-2018-10195 [rzsz: sz can leak data to receiving side] [stretch] - lrzsz <no-dsa> (Minor issue) [jessie] - lrzsz <no-dsa> (Minor issue) [wheezy] - lrzsz <no-dsa> (Minor issue) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1090051 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1090051 NOTE: Fedora patch: https://src.fedoraproject.org/cgit/rpms/lrzsz.git/tree/lrzsz-0.12.20.patch CVE-2018-10194 (The set_text_distance function in devices/vector/gdevpdts.c in the pdf ...) {DLA-1363-1} @@ -29665,7 +29665,7 @@ CVE-2018-1000161 (nmap version 6.49BETA6 through 7.60, up to and including SVN r NOTE: Fixed by: https://github.com/nmap/nmap/commit/88631b50676c38824e01d30819f46258a8497b0a NOTE: Fixed by: https://github.com/nmap/nmap/commit/80e1977308e51b1b7aa038a38f8837a7e90b3849 NOTE: Introduced in https://github.com/nmap/nmap/commit/88381c2e685297a4fafe7182a06877b27da34e1e - NOTE: Script added in 6.49BETA6 (cf. https://bugzilla.novell.com/show_bug.cgi?id=1088608#c1) + NOTE: Script added in 6.49BETA6 (cf. https://bugzilla.suse.com/show_bug.cgi?id=1088608#c1) CVE-2018-1000159 (tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd08 ...) - tlslite-ng 0.7.4-1 (low; bug #895728) [stretch] - tlslite-ng 0.6.0-1+deb9u1 @@ -30673,7 +30673,7 @@ CVE-2018-9385 (In driver_override_store of bus.c, there is a possible out of bou - linux 4.16.12-1 [stretch] - linux 4.9.107-1 [jessie] - linux <not-affected> (Vulnerable code not present) - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1100491 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1100491 NOTE: Related, but not the same as CVE-2018-9415 CVE-2018-9384 RESERVED @@ -38145,7 +38145,7 @@ CVE-2018-1000035 (A heap-based buffer overflow exists in Info-Zip UnZip version [jessie] - unzip <no-dsa> (Harmless crash, builds with fortified source) [wheezy] - unzip <no-dsa> (Harmless crash, builds with fortified source) NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html - NOTE: Patch used in openSUSE:Factory/unzip: https://bugzilla.novell.com/attachment.cgi?id=759406 + NOTE: Patch used in openSUSE:Factory/unzip: https://bugzilla.suse.com/attachment.cgi?id=759406 CVE-2018-1000034 (An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that al ...) - unzip <not-affected> (Only affects 6.1c22) NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html diff --git a/data/CVE/2019.list b/data/CVE/2019.list index e2f83f4bdb..0b8b847519 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -9749,7 +9749,7 @@ CVE-2019-12360 (A stack-based buffer over-read exists in FoFiTrueType::dumpStrin NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/cdb7ad95f7c8fbf63ade040d8a07ec96467042fc (poppler-0.32.0) NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/bf4aae25a244b1033a2479b9a8f633224f7d5de5 (poppler-0.32.0) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=85243 - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1136620 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1136620 CVE-2019-12359 RESERVED CVE-2019-12358 @@ -22867,7 +22867,7 @@ CVE-2019-7637 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4497 NOTE: https://hg.libsdl.org/SDL/rev/9b0e5c555c0f NOTE: https://hg.libsdl.org/SDL/rev/32075e9e2135 - NOTE: Patch causes regressions for some applications/games: https://bugzilla.novell.com/show_bug.cgi?id=1124825 + NOTE: Patch causes regressions for some applications/games: https://bugzilla.suse.com/show_bug.cgi?id=1124825 CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) {DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) @@ -31478,7 +31478,7 @@ CVE-2019-3886 (An incorrect permissions check was discovered in libvirt 4.8.0 an [jessie] - libvirt <not-affected> (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1694880 NOTE: https://www.redhat.com/archives/libvir-list/2019-April/msg00339.html - NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1131595#c3 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1131595#c3 NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=25736a4c7ed50c101b4f87935f350f1a39a89f6e (v4.8.0-rc1) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=2a07c990bd9143d7a0fe8d1b6b7c763c52185240 NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=ae076bb40e0e150aef41361b64001138d04d6c60 |