[Git][security-tracker-team/security-tracker][master] new nsd issue

Thu, 04 Jul 2019 04:10:37 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a2d14aed by Moritz Muehlenhoff at 2019-07-04T11:09:40Z
new nsd issue
new spring security issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,7 +35,12 @@ CVE-2019-13209
 CVE-2019-13208 (WavesSysSvc in Waves MAXX Audio allows privilege escalation 
because th ...)
        NOT-FOR-US: Waves MAXX Audio
 CVE-2019-13207 (nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer 
Overflo ...)
-       TODO: check
+       - nsd <unfixed> (low)
+       [buster] - nsd <no-dsa> (Minor issue)
+       [stretch] - nsd <no-dsa> (Minor issue)
+       - nsd3 <removed>
+       NOTE: https://github.com/NLnetLabs/nsd/issues/20
+       NOTE: 
https://github.com/NLnetLabs/nsd/commit/91102da24d5949ccfec8fdab5bae2d01c4cabab5
 CVE-2019-13206
        RESERVED
 CVE-2019-13205
@@ -4942,7 +4947,7 @@ CVE-2019-11274
 CVE-2019-11273
        RESERVED
 CVE-2019-11272 (Spring Security, versions 4.2.x up to 4.2.12, and older 
unsupported ve ...)
-       TODO: check
+       - libspring-security-2.0-java <removed>
 CVE-2019-11271 (Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a 
BOSH Di ...)
        NOT-FOR-US: Cloud Foundry
 CVE-2019-11270
@@ -9297,7 +9302,7 @@ CVE-2019-9829 (Maccms 10 allows remote attackers to 
execute arbitrary PHP code b
 CVE-2019-9828
        RESERVED
 CVE-2019-9827 (Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a 
remote att ...)
-       TODO: check
+       NOT-FOR-US: Hawtio
 CVE-2019-9826 (The fulltext search component in phpBB before 3.2.6 allows 
Denial of S ...)
        {DLA-1775-1}
        - phpbb3 <removed>
@@ -24071,7 +24076,7 @@ CVE-2019-3804 (It was found that cockpit before version 
184 used glib's base64 d
 CVE-2019-3803 (Pivotal Concourse, all versions prior to 4.2.2, puts the user 
access t ...)
        NOT-FOR-US: Pivotal Concourse
 CVE-2019-3802 (This affects Spring Data JPA in versions up to and including 
2.1.6, 2. ...)
-       TODO: check
+       NOT-FOR-US: Pivotal Spring Data JPA
 CVE-2019-3801 (Cloud Foundry cf-deployment, versions prior to 7.9.0, contain 
java com ...)
        NOT-FOR-US: Cloud Foundry
 CVE-2019-3800
@@ -24569,7 +24574,7 @@ CVE-2019-3569 (HHVM, when used with FastCGI, would bind 
by default to all availa
 CVE-2019-3568 (A buffer overflow vulnerability in WhatsApp VOIP stack allowed 
remote  ...)
        NOT-FOR-US: Whatsapp
 CVE-2019-3567 (In some configurations an attacker can inject a new executable 
path in ...)
-       TODO: check
+       NOT-FOR-US: osquery
 CVE-2019-3566 (A bug in WhatsApp for Android's messaging logic would 
potentially allo ...)
        NOT-FOR-US: WhatsApp for Android
 CVE-2019-3565 (Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) 
would n ...)
@@ -25848,15 +25853,20 @@ CVE-2018-20357 (A NULL pointer dereference was 
discovered in sbr_process_channel
        [stretch] - faad2 <no-dsa> (Minor issue)
        NOTE: https://github.com/knik0/faad2/issues/28
 CVE-2018-20356 (An invalid read of 8 bytes due to a use-after-free 
vulnerability in th ...)
-       TODO: check
+       NOT-FOR-US: Cesanta Mongoose
+       NOTE: smplayer embeds a copy, which is unused in any released version 
and disabled since 18.5.0~ds1-1
 CVE-2018-20355 (An invalid write of 8 bytes due to a use-after-free 
vulnerability in t ...)
-       TODO: check
+       NOT-FOR-US: Cesanta Mongoose
+       NOTE: smplayer embeds a copy, which is unused in any released version 
and disabled since 18.5.0~ds1-1
 CVE-2018-20354 (An invalid read of 8 bytes due to a use-after-free 
vulnerability durin ...)
-       TODO: check
+       NOT-FOR-US: Cesanta Mongoose
+       NOTE: smplayer embeds a copy, which is unused in any released version 
and disabled since 18.5.0~ds1-1
 CVE-2018-20353 (An invalid read of 8 bytes due to a use-after-free 
vulnerability durin ...)
-       TODO: check
+       NOT-FOR-US: Cesanta Mongoose
+       NOTE: smplayer embeds a copy, which is unused in any released version 
and disabled since 18.5.0~ds1-1
 CVE-2018-20352 (Use-after-free vulnerability in the mg_cgi_ev_handler function 
in mong ...)
-       TODO: check
+       NOT-FOR-US: Cesanta Mongoose
+       NOTE: smplayer embeds a copy, which is unused in any released version 
and disabled since 18.5.0~ds1-1
 CVE-2018-20351 (The Markdown component in Evernote (Chinese) before 8.3.2 on 
macOS all ...)
        NOT-FOR-US: Evernote
 CVE-2018-20350
@@ -26592,7 +26602,7 @@ CVE-2018-20162 (Digi TransPort LR54 4.4.0.26 and 
possible earlier devices have I
 CVE-2018-20161 (A design flaw in the BlinkForHome (aka Blink For Home) Sync 
Module 2.1 ...)
        NOT-FOR-US: BlinkForHome (aka Blink For Home) Sync Module
 CVE-2018-20160 (ZxChat (aka ZeXtras Chat), as used for zimbra-chat and 
zimbra-talk in  ...)
-       TODO: check
+       NOT-FOR-US: ZxChat
 CVE-2018-20159 (i-doit open 1.11.2 allows Remote Code Execution because ZIP 
archives a ...)
        NOT-FOR-US: i-doit
 CVE-2018-20158
@@ -29668,7 +29678,7 @@ CVE-2019-2104
 CVE-2019-2103
        RESERVED
 CVE-2019-2102 (In the Bluetooth Low Energy (BLE) specification, there is a 
provided e ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2019-2101 (In uvc_parse_standard_control of uvc_driver.c, there is a 
possible out ...)
        - linux <undetermined>
        NOTE: https://source.android.com/security/bulletin/2019-06-01
@@ -29676,25 +29686,25 @@ CVE-2019-2101 (In uvc_parse_standard_control of 
uvc_driver.c, there is a possibl
 CVE-2019-2100
        RESERVED
 CVE-2019-2099 (In nfa_rw_store_ndef_rx_buf of nfa_rw_act.cc, there is a 
possible out- ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2019-2098 (In areNotificationsEnabledForPackage of 
NotificationManagerService.jav ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2019-2097 (In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is 
possibl ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2019-2096 (In EffectRelease of EffectBundle.cpp, there is a possible 
memory corru ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2019-2095 (In callGenIDChangeListeners and related functions of 
SkPixelRef.cpp, t ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2019-2094 (In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a 
possible out o ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2019-2093 (In huff_dec_1D of nlc_dec.cpp, there is a possible out of 
bounds write ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2019-2092 (In isSeparateProfileChallengeAllowed of 
DevicePolicyManagerService.jav ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2019-2091 (In GetPermittedAccessibilityServicesForUser of 
DevicePolicyManagerServ ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2019-2090 (In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, 
there  ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2019-2089
        RESERVED
 CVE-2019-2088



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2d14aed41a289ba2e8630d4d29033268b6b58ce

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2d14aed41a289ba2e8630d4d29033268b6b58ce
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to