Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: c6171032 by Moritz Muehlenhoff at 2019-07-04T13:34:23Z new go.crypto issue NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -3338,7 +3338,7 @@ CVE-2019-11881 (A vulnerability exists in Rancher 2.1.4 in the login component, CVE-2019-11880 (CommSy through 8.6.5 has SQL Injection via the cid parameter. This is ...) NOT-FOR-US: CommSy CVE-2019-11879 (** DISPUTED ** The WEBrick gem 1.4.2 for Ruby allows directory travers ...) - TODO: check + NOT-FOR-US: Non issue in webrick gem CVE-2019-11878 (An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.1 ...) NOT-FOR-US: XiongMai Besder IP20H1 cameras CVE-2019-11877 (XSS on the PIX-Link Repeater/Router LV-WR09 with firmware v28K.MiniRou ...) @@ -3414,7 +3414,8 @@ CVE-2019-11844 (An HTML Injection vulnerability has been discovered on the RICOH CVE-2019-11843 RESERVED CVE-2019-11841 (A message-forgery issue was discovered in crypto/openpgp/clearsign/cle ...) - TODO: check + - golang-go.crypto <unfixed> + NOTE: https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442 CVE-2019-11840 (An issue was discovered in supplementary Go cryptography libraries, ak ...) {DLA-1840-1} - golang-go.crypto <unfixed> @@ -29993,9 +29994,9 @@ CVE-2018-20016 CVE-2018-20015 (YzmCMS v5.2 has admin/role/add.html CSRF. ...) NOT-FOR-US: YzmCMS CVE-2018-20014 (In UrBackup 2.2.6, an attacker can send a malformed request to the cli ...) - TODO: check + NOT-FOR-US: UrBackup CVE-2018-20013 (In UrBackup 2.2.6, an attacker can send a malformed request to the cli ...) - TODO: check + NOT-FOR-US: UrBackup CVE-2018-20012 (PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=memb ...) NOT-FOR-US: PHPCMF CVE-2018-20011 (DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Nam ...) @@ -35852,7 +35853,7 @@ CVE-2019-0159 CVE-2019-0158 (Insufficient path checking in the installation package for Intel(R) Gr ...) NOT-FOR-US: Intel CVE-2019-0157 (Insufficient input validation in the Intel(R) SGX driver for Linux may ...) - TODO: check + NOT-FOR-US: Intel CVE-2019-0156 RESERVED CVE-2019-0155 @@ -35894,7 +35895,7 @@ CVE-2019-0138 (Improper directory permissions in Intel(R) ACU Wizard version 12. CVE-2019-0137 RESERVED CVE-2019-0136 (Insufficient access control in the Intel(R) PROSet/Wireless WiFi Softw ...) - TODO: check + NOT-FOR-US: Intel CVE-2019-0135 (Improper permissions in the installer for Intel(R) Accelerated Storage ...) NOT-FOR-US: Intel CVE-2019-0134 @@ -38179,7 +38180,7 @@ CVE-2018-18427 (s-cms 3.0 allows SQL Injection via the member/post.php 0_id para CVE-2018-18426 (s-cms 3.0 allows remote attackers to execute arbitrary PHP code by pla ...) NOT-FOR-US: s-cms CVE-2018-18425 (The doAirdrop function of a smart contract implementation for Primeo ( ...) - TODO: check + NOT-FOR-US: Primeo CVE-2018-18424 RESERVED CVE-2018-18423 @@ -38228,7 +38229,7 @@ CVE-2018-18407 (A heap-based buffer over-read was discovered in the tcpreplay-ed NOTE: https://github.com/appneta/tcpreplay/issues/488 NOTE: https://github.com/appneta/tcpreplay/commit/1d7561a4d542842a1aeabf55bfd4aaf88b3a1071 CVE-2018-18406 (An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 bu ...) - TODO: check + NOT-FOR-US: Tufin SecureTrack CVE-2018-18405 RESERVED CVE-2018-18404 @@ -41705,7 +41706,7 @@ CVE-2018-17081 (e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&act CVE-2018-17080 RESERVED CVE-2018-17079 (An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerab ...) - TODO: check + NOT-FOR-US: ZRLOG CVE-2018-17078 RESERVED CVE-2018-17077 (An issue was discovered in yiqicms through 2016-11-20. There is stored ...) @@ -42772,11 +42773,11 @@ CVE-2018-16720 CVE-2018-16719 RESERVED CVE-2018-16718 (An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 ...) - TODO: check + NOT-FOR-US: NCBI ToolBox CVE-2018-16717 (A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 th ...) - TODO: check + NOT-FOR-US: NCBI ToolBox CVE-2018-16716 (A path traversal vulnerability exists in viewcgi.c in the 2.0.7 throug ...) - TODO: check + NOT-FOR-US: NCBI ToolBox CVE-2018-16715 (An issue was discovered in Absolute Software CTES Windows Agent throug ...) NOT-FOR-US: Absolute Software CTES Windows Agent CVE-2018-16714 @@ -44761,7 +44762,7 @@ CVE-2018-15915 CVE-2018-15914 RESERVED CVE-2018-15913 (An issue was discovered in Cloudera Manager 5.x through 5.15.0. One ty ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2018-15912 (An issue was discovered in manjaro-update-system.sh in manjaro-system ...) NOT-FOR-US: manjaro-update-system.sh in manjaro-system on Manjaro Linux CVE-2018-15919 (Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 co ...) @@ -44830,7 +44831,7 @@ CVE-2018-15892 (FreePBX 13 and 14 has SQL Injection in the DISA module via the h CVE-2018-15891 (An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, ...) NOT-FOR-US: FreePBX CVE-2018-15890 (An issue was discovered in EthereumJ 1.8.2. There is Unsafe Deserializ ...) - TODO: check + NOT-FOR-US: EthereumJ CVE-2018-15889 (In podofo 0.9.6, the function PoDoFo::PdfParser::ReadObjects() in base ...) - libpodofo <unfixed> (low; bug #916167) [buster] - libpodofo <no-dsa> (Minor issue) @@ -45269,7 +45270,7 @@ CVE-2018-15749 (The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 ha CVE-2018-15748 (On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engi ...) NOT-FOR-US: Dell 2335dn printers CVE-2018-15747 (The default configuration of glot-www through 2018-05-19 allows remote ...) - TODO: check + NOT-FOR-US: glot-www CVE-2018-15746 (qemu-seccomp.c in QEMU might allow local OS guest users to cause a den ...) - qemu 1:3.1+dfsg-1 (low; bug #907500) [stretch] - qemu <ignored> (Minor issue, too risky to backport, not enabled by default) @@ -45475,7 +45476,7 @@ CVE-2018-15667 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It r CVE-2018-15666 RESERVED CVE-2018-15665 (An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2. ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2018-15664 (In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker ...) - docker.io 18.09.1+dfsg1-7.1 (bug #929662) NOTE: https://www.openwall.com/lists/oss-security/2019/05/28/1 @@ -45940,7 +45941,7 @@ CVE-2018-15508 (Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control al CVE-2018-15507 RESERVED CVE-2018-15506 (In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP func ...) - TODO: check + NOT-FOR-US: BubbleUPnP CVE-2018-15505 (An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb b ...) NOT-FOR-US: Embedthis GoAhead CVE-2018-15504 (An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb b ...) @@ -47347,7 +47348,7 @@ CVE-2018-14868 (Incorrect access control in the Password Encryption module in Od CVE-2018-14867 (Incorrect access control in the portal messaging system in Odoo Commun ...) NOT-FOR-US: Odoo CVE-2018-14866 (Incorrect access control in the TransientModel framework in Odoo Commu ...) - TODO: check + NOT-FOR-US: Odoo CVE-2018-14865 (Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo ...) NOT-FOR-US: Odoo CVE-2018-14864 (Incorrect access control in asset bundles in Odoo Community 9.0 throug ...) @@ -53415,7 +53416,7 @@ CVE-2018-12558 (The parse() method in the Email::Address module through 1.909 fo CVE-2018-12557 (An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offl ...) - zuul <itp> (bug #705844) CVE-2018-12556 (The signature verification routine in install.sh in yarnpkg/website th ...) - TODO: check + NOT-FOR-US: yarnpkg CVE-2018-12555 REJECTED CVE-2018-12554 @@ -56020,7 +56021,7 @@ CVE-2018-11688 (Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-sit CVE-2018-11687 (An integer overflow in the distributeBTR function of a smart contract ...) NOT-FOR-US: smart contract implementation for Bitcoin Red (BTCR) CVE-2018-11686 (The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allow ...) - TODO: check + NOT-FOR-US: FlexPaper (later renamed FlowPaper) CVE-2018-11685 (Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compi ...) - liblouis 3.5.0-3 [stretch] - liblouis 3.0.0-3+deb9u4 @@ -57346,7 +57347,7 @@ CVE-2018-11217 CVE-2018-11216 RESERVED CVE-2018-11215 (Remote code execution is possible in Cloudera Data Science Workbench v ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2018-11214 (An issue was discovered in libjpeg 9a. The get_text_rgb_row function i ...) {DLA-1638-1} - libjpeg9 1:9c-1 (low; bug #902176) @@ -57890,7 +57891,7 @@ CVE-2018-10988 (An issue was discovered on Diqee Diqee360 devices. A firmware up CVE-2018-10987 (An issue was discovered on Dongguan Diqee Diqee360 devices. The affect ...) NOT-FOR-US: Diqee CVE-2018-10986 (OX Guard 2.8.0 has CSRF. ...) - TODO: check + NOT-FOR-US: Open-Xchange OX Guard CVE-2018-10985 RESERVED CVE-2018-10984 @@ -264652,7 +264653,7 @@ CVE-2011-3152 (DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1: - update-manager <not-affected> (ubuntu-specific issue) NOTE: see bug #650307 CVE-2011-3151 (The Ubuntu SELinux initscript before version 1:0.10 used touch to crea ...) - TODO: check + NOT-FOR-US: Historic Ubuntu init script issue CVE-2011-3150 (Software Center in Ubuntu 11.10, 11.04 10.10 does not properly validat ...) - software-center <not-affected> (ubuntu-specific issue) NOTE: debian package does not contain the vulnerable purchaseview.py code, and probably won't ever as that's part of their commercial interface code View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c617103226b8b2af7a2c4e51530b1611b67e6d59 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c617103226b8b2af7a2c4e51530b1611b67e6d59 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits