Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: a2d14aed by Moritz Muehlenhoff at 2019-07-04T11:09:40Z new nsd issue new spring security issue NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -35,7 +35,12 @@ CVE-2019-13209 CVE-2019-13208 (WavesSysSvc in Waves MAXX Audio allows privilege escalation because th ...) NOT-FOR-US: Waves MAXX Audio CVE-2019-13207 (nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflo ...) - TODO: check + - nsd <unfixed> (low) + [buster] - nsd <no-dsa> (Minor issue) + [stretch] - nsd <no-dsa> (Minor issue) + - nsd3 <removed> + NOTE: https://github.com/NLnetLabs/nsd/issues/20 + NOTE: https://github.com/NLnetLabs/nsd/commit/91102da24d5949ccfec8fdab5bae2d01c4cabab5 CVE-2019-13206 RESERVED CVE-2019-13205 @@ -4942,7 +4947,7 @@ CVE-2019-11274 CVE-2019-11273 RESERVED CVE-2019-11272 (Spring Security, versions 4.2.x up to 4.2.12, and older unsupported ve ...) - TODO: check + - libspring-security-2.0-java <removed> CVE-2019-11271 (Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Di ...) NOT-FOR-US: Cloud Foundry CVE-2019-11270 @@ -9297,7 +9302,7 @@ CVE-2019-9829 (Maccms 10 allows remote attackers to execute arbitrary PHP code b CVE-2019-9828 RESERVED CVE-2019-9827 (Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote att ...) - TODO: check + NOT-FOR-US: Hawtio CVE-2019-9826 (The fulltext search component in phpBB before 3.2.6 allows Denial of S ...) {DLA-1775-1} - phpbb3 <removed> @@ -24071,7 +24076,7 @@ CVE-2019-3804 (It was found that cockpit before version 184 used glib's base64 d CVE-2019-3803 (Pivotal Concourse, all versions prior to 4.2.2, puts the user access t ...) NOT-FOR-US: Pivotal Concourse CVE-2019-3802 (This affects Spring Data JPA in versions up to and including 2.1.6, 2. ...) - TODO: check + NOT-FOR-US: Pivotal Spring Data JPA CVE-2019-3801 (Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java com ...) NOT-FOR-US: Cloud Foundry CVE-2019-3800 @@ -24569,7 +24574,7 @@ CVE-2019-3569 (HHVM, when used with FastCGI, would bind by default to all availa CVE-2019-3568 (A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote ...) NOT-FOR-US: Whatsapp CVE-2019-3567 (In some configurations an attacker can inject a new executable path in ...) - TODO: check + NOT-FOR-US: osquery CVE-2019-3566 (A bug in WhatsApp for Android's messaging logic would potentially allo ...) NOT-FOR-US: WhatsApp for Android CVE-2019-3565 (Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would n ...) @@ -25848,15 +25853,20 @@ CVE-2018-20357 (A NULL pointer dereference was discovered in sbr_process_channel [stretch] - faad2 <no-dsa> (Minor issue) NOTE: https://github.com/knik0/faad2/issues/28 CVE-2018-20356 (An invalid read of 8 bytes due to a use-after-free vulnerability in th ...) - TODO: check + NOT-FOR-US: Cesanta Mongoose + NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 CVE-2018-20355 (An invalid write of 8 bytes due to a use-after-free vulnerability in t ...) - TODO: check + NOT-FOR-US: Cesanta Mongoose + NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 CVE-2018-20354 (An invalid read of 8 bytes due to a use-after-free vulnerability durin ...) - TODO: check + NOT-FOR-US: Cesanta Mongoose + NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 CVE-2018-20353 (An invalid read of 8 bytes due to a use-after-free vulnerability durin ...) - TODO: check + NOT-FOR-US: Cesanta Mongoose + NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 CVE-2018-20352 (Use-after-free vulnerability in the mg_cgi_ev_handler function in mong ...) - TODO: check + NOT-FOR-US: Cesanta Mongoose + NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 CVE-2018-20351 (The Markdown component in Evernote (Chinese) before 8.3.2 on macOS all ...) NOT-FOR-US: Evernote CVE-2018-20350 @@ -26592,7 +26602,7 @@ CVE-2018-20162 (Digi TransPort LR54 4.4.0.26 and possible earlier devices have I CVE-2018-20161 (A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.1 ...) NOT-FOR-US: BlinkForHome (aka Blink For Home) Sync Module CVE-2018-20160 (ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in ...) - TODO: check + NOT-FOR-US: ZxChat CVE-2018-20159 (i-doit open 1.11.2 allows Remote Code Execution because ZIP archives a ...) NOT-FOR-US: i-doit CVE-2018-20158 @@ -29668,7 +29678,7 @@ CVE-2019-2104 CVE-2019-2103 RESERVED CVE-2019-2102 (In the Bluetooth Low Energy (BLE) specification, there is a provided e ...) - TODO: check + NOT-FOR-US: Android CVE-2019-2101 (In uvc_parse_standard_control of uvc_driver.c, there is a possible out ...) - linux <undetermined> NOTE: https://source.android.com/security/bulletin/2019-06-01 @@ -29676,25 +29686,25 @@ CVE-2019-2101 (In uvc_parse_standard_control of uvc_driver.c, there is a possibl CVE-2019-2100 RESERVED CVE-2019-2099 (In nfa_rw_store_ndef_rx_buf of nfa_rw_act.cc, there is a possible out- ...) - TODO: check + NOT-FOR-US: Android CVE-2019-2098 (In areNotificationsEnabledForPackage of NotificationManagerService.jav ...) - TODO: check + NOT-FOR-US: Android CVE-2019-2097 (In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possibl ...) - TODO: check + NOT-FOR-US: Android CVE-2019-2096 (In EffectRelease of EffectBundle.cpp, there is a possible memory corru ...) - TODO: check + NOT-FOR-US: Android CVE-2019-2095 (In callGenIDChangeListeners and related functions of SkPixelRef.cpp, t ...) - TODO: check + NOT-FOR-US: Android CVE-2019-2094 (In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a possible out o ...) - TODO: check + NOT-FOR-US: Android CVE-2019-2093 (In huff_dec_1D of nlc_dec.cpp, there is a possible out of bounds write ...) - TODO: check + NOT-FOR-US: Android CVE-2019-2092 (In isSeparateProfileChallengeAllowed of DevicePolicyManagerService.jav ...) - TODO: check + NOT-FOR-US: Android CVE-2019-2091 (In GetPermittedAccessibilityServicesForUser of DevicePolicyManagerServ ...) - TODO: check + NOT-FOR-US: Android CVE-2019-2090 (In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there ...) - TODO: check + NOT-FOR-US: Android CVE-2019-2089 RESERVED CVE-2019-2088 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2d14aed41a289ba2e8630d4d29033268b6b58ce -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2d14aed41a289ba2e8630d4d29033268b6b58ce You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits