Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f44cb213 by Moritz Muehlenhoff at 2019-02-27T17:47:31Z
NFUs
new podofo issue
two exiv issues n/a
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,11 +15,13 @@ CVE-2019-9203
CVE-2019-9202
RESERVED
CVE-2019-9201 (Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC
151 ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact ILC
CVE-2019-9200 (A heap-based buffer underwrite exists in ImageStream::getLine()
located ...)
TODO: check
CVE-2019-9199 (PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp
in ...)
- TODO: check
+ - libpodofo <unfixed> (low)
+ [stretch] - libpodofo <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/podofo/tickets/40/
CVE-2019-9198
RESERVED
CVE-2019-9197
@@ -33,7 +35,7 @@ CVE-2019-9194 (elFinder before 2.1.48 has a command injection
vulnerability in t
CVE-2019-9193
RESERVED
CVE-2019-9191 (The ETSI Enterprise Transport Security (ETS, formerly known as
eTLS) ...)
- TODO: check
+ NOT-FOR-US: ETSI protocol
CVE-2019-9190
RESERVED
CVE-2019-9189
@@ -159,15 +161,15 @@ CVE-2019-9146 (Jamf Self Service 10.9.0 allows
man-in-the-middle attackers to ob
CVE-2019-9145 (An issue was discovered in Hsycms V1.1. There is an XSS
vulnerability ...)
NOT-FOR-US: Hsycms
CVE-2019-9144 (An issue was discovered in Exiv2 0.27. There is infinite
recursion at ...)
- - exiv2 <undetermined>
+ [experimental] - exiv2 <unfixed> (low)
+ - exiv2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/Exiv2/exiv2/issues/712
- TODO: check
CVE-2019-9143 (An issue was discovered in Exiv2 0.27. There is infinite
recursion at ...)
- - exiv2 <undetermined>
+ [experimental] - exiv2 <unfixed> (low)
+ - exiv2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/Exiv2/exiv2/issues/711
- TODO: check
CVE-2019-9142 (An issue was discovered in b3log Symphony (aka Sym) before
v3.4.7. XSS ...)
- NOT-FOR-US: b3log Symphony (aka Sym)
+ NOT-FOR-US: b3log Symphony (aka Sym)
CVE-2019-9141
RESERVED
CVE-2019-9140
@@ -221,7 +223,7 @@ CVE-2019-9117
CVE-2019-9116 (** DISPUTED ** DLL hijacking is possible in Sublime Text 3
version ...)
NOT-FOR-US: Sublime Text Windows build
CVE-2019-9115 (In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js
file ...)
- TODO: check
+ NOT-FOR-US: IRISnet
CVE-2019-9114 (Ming (aka libming) 0.4.8 has an out of bounds write
vulnerability in ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/170
@@ -4116,7 +4118,7 @@ CVE-2019-7394
CVE-2019-7393
RESERVED
CVE-2019-7392 (An improper authentication vulnerability in CA Privileged
Access ...)
- TODO: check
+ NOT-FOR-US: CA Privileged Access Manager
CVE-2019-7391
RESERVED
CVE-2019-7390 (An issue was discovered in /bin/goahead on D-Link DIR-823G
devices with ...)
@@ -5096,7 +5098,7 @@ CVE-2019-7008
CVE-2019-7007
RESERVED
CVE-2019-7006 (Avaya one-X Communicator uses weak cryptographic algorithms in
the ...)
- TODO: check
+ NOT-FOR-US: Avaya
CVE-2019-7005
RESERVED
CVE-2019-7004
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f44cb213159a4bc88bac8271d3a4abaa19334845
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f44cb213159a4bc88bac8271d3a4abaa19334845
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
