Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: f44cb213 by Moritz Muehlenhoff at 2019-02-27T17:47:31Z NFUs new podofo issue two exiv issues n/a - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -15,11 +15,13 @@ CVE-2019-9203 CVE-2019-9202 RESERVED CVE-2019-9201 (Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ...) - TODO: check + NOT-FOR-US: Phoenix Contact ILC CVE-2019-9200 (A heap-based buffer underwrite exists in ImageStream::getLine() located ...) TODO: check CVE-2019-9199 (PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in ...) - TODO: check + - libpodofo <unfixed> (low) + [stretch] - libpodofo <no-dsa> (Minor issue) + NOTE: https://sourceforge.net/p/podofo/tickets/40/ CVE-2019-9198 RESERVED CVE-2019-9197 @@ -33,7 +35,7 @@ CVE-2019-9194 (elFinder before 2.1.48 has a command injection vulnerability in t CVE-2019-9193 RESERVED CVE-2019-9191 (The ETSI Enterprise Transport Security (ETS, formerly known as eTLS) ...) - TODO: check + NOT-FOR-US: ETSI protocol CVE-2019-9190 RESERVED CVE-2019-9189 @@ -159,15 +161,15 @@ CVE-2019-9146 (Jamf Self Service 10.9.0 allows man-in-the-middle attackers to ob CVE-2019-9145 (An issue was discovered in Hsycms V1.1. There is an XSS vulnerability ...) NOT-FOR-US: Hsycms CVE-2019-9144 (An issue was discovered in Exiv2 0.27. There is infinite recursion at ...) - - exiv2 <undetermined> + [experimental] - exiv2 <unfixed> (low) + - exiv2 <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/Exiv2/exiv2/issues/712 - TODO: check CVE-2019-9143 (An issue was discovered in Exiv2 0.27. There is infinite recursion at ...) - - exiv2 <undetermined> + [experimental] - exiv2 <unfixed> (low) + - exiv2 <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/Exiv2/exiv2/issues/711 - TODO: check CVE-2019-9142 (An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS ...) - NOT-FOR-US: b3log Symphony (aka Sym) + NOT-FOR-US: b3log Symphony (aka Sym) CVE-2019-9141 RESERVED CVE-2019-9140 @@ -221,7 +223,7 @@ CVE-2019-9117 CVE-2019-9116 (** DISPUTED ** DLL hijacking is possible in Sublime Text 3 version ...) NOT-FOR-US: Sublime Text Windows build CVE-2019-9115 (In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file ...) - TODO: check + NOT-FOR-US: IRISnet CVE-2019-9114 (Ming (aka libming) 0.4.8 has an out of bounds write vulnerability in ...) - ming <removed> NOTE: https://github.com/libming/libming/issues/170 @@ -4116,7 +4118,7 @@ CVE-2019-7394 CVE-2019-7393 RESERVED CVE-2019-7392 (An improper authentication vulnerability in CA Privileged Access ...) - TODO: check + NOT-FOR-US: CA Privileged Access Manager CVE-2019-7391 RESERVED CVE-2019-7390 (An issue was discovered in /bin/goahead on D-Link DIR-823G devices with ...) @@ -5096,7 +5098,7 @@ CVE-2019-7008 CVE-2019-7007 RESERVED CVE-2019-7006 (Avaya one-X Communicator uses weak cryptographic algorithms in the ...) - TODO: check + NOT-FOR-US: Avaya CVE-2019-7005 RESERVED CVE-2019-7004 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f44cb213159a4bc88bac8271d3a4abaa19334845 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f44cb213159a4bc88bac8271d3a4abaa19334845 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits