Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: ef924fe2 by Moritz Muehlenhoff at 2019-07-15T11:10:36Z new vlc issue exif ignored glibc non-issues new python-libnmap issue new abcm2ps issue new potential evince issue sox duplicate NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -9,7 +9,9 @@ CVE-2019-13604 CVE-2019-13603 RESERVED CVE-2019-13602 (An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4. ...) - TODO: check + - vlc <unfixed> + NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491 + NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=b2b157076d9e94df34502dd8df0787deb940e938 CVE-2019-13601 RESERVED CVE-2019-13600 @@ -36,7 +38,7 @@ CVE-2019-13590 (An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h - sox <unfixed> (bug #932082) NOTE: https://sourceforge.net/p/sox/bugs/325/ CVE-2019-13589 (The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, incl ...) - TODO: check + NOT-FOR-US: backdoor in paranoid_2 gem, different from src:ruby-paranoia CVE-2019-13588 RESERVED CVE-2019-13587 @@ -219,9 +221,11 @@ CVE-2019-13506 (@nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mis CVE-2019-13505 (The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS vi ...) NOT-FOR-US: Appointment Hour Booking plugin for WordPress CVE-2019-13504 (There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrw ...) - - exiv2 <unfixed> + - exiv2 <unfixed> (low) + [buster] - exiv2 <ignored> (Minor issue) + [stretch] - exiv2 <ignored> (Minor issue) NOTE: https://github.com/Exiv2/exiv2/pull/943 - TODO: check + NOTE: https://github.com/Exiv2/exiv2/commit/54f0bebca032d0286a0e48f47e67dfc6141fedff CVE-2019-13503 (mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer o ...) NOT-FOR-US: Cesanta Mongoose NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 @@ -10157,19 +10161,27 @@ CVE-2019-1010030 CVE-2019-1010029 RESERVED CVE-2019-1010028 (phpscriptsmall.com School College Portal with ERP Script 2.6.1 and ear ...) - TODO: check + NOT-FOR-US: School College Portal CVE-2019-1010027 RESERVED CVE-2019-1010026 RESERVED CVE-2019-1010025 (GNU Libc current is affected by: Mitigation bypass. The impact is: Att ...) - TODO: check + - glibc <unfixed> (unimportant) + NOTE: Not treated as a security issue by upstream + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22853 CVE-2019-1010024 (GNU Libc current is affected by: Mitigation bypass. The impact is: Att ...) - TODO: check + - glibc <unfixed> (unimportant) + NOTE: Not treated as a security issue by upstream + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22852 CVE-2019-1010023 (GNU Libc current is affected by: Re-mapping current loaded libray with ...) - TODO: check + - glibc <unfixed> (unimportant) + NOTE: Not treated as a security issue by upstream + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22851 CVE-2019-1010022 (GNU Libc current is affected by: Mitigation bypass. The impact is: Att ...) - TODO: check + - glibc <unfixed> (unimportant) + NOTE: Not treated as a security issue by upstream + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22850 CVE-2019-1010021 RESERVED CVE-2019-1010020 @@ -10179,9 +10191,11 @@ CVE-2019-1010019 CVE-2019-1010018 RESERVED CVE-2019-1010017 (libnmap < v0.6.3 is affected by: XML Injection. The impact is: Deni ...) - TODO: check + - python-libnmap <unfixed> (low) + [buster] - python-libnmap <no-dsa> (Minor issue) + NOTE: https://github.com/savon-noir/python-libnmap/issues/87 CVE-2019-1010016 (Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact ...) - TODO: check + - dolibarr <removed> CVE-2019-1010015 RESERVED CVE-2019-1010014 @@ -10191,21 +10205,25 @@ CVE-2019-1010013 CVE-2019-1010012 RESERVED CVE-2019-1010011 (moinejf abcm2ps 8.13.16 and after is affected by: CWE-121: Stack-based ...) - TODO: check + - abcm2ps <unfixed> (low) + NOTE: https://drive.google.com/drive/folders/1nAL-B_I5Y7SKX0AeIurGkTzNHMazoyzP + NOTE: https://drive.google.com/drive/folders/1xiVrcB1lTE_mSd_mL7akjpscH4CUahYU CVE-2019-1010010 RESERVED CVE-2019-1010009 (DGLogik Inc DGLux Server All Versions is affected by: Insecure Permiss ...) - TODO: check + NOT-FOR-US: DGLogik Inc DGLux Server CVE-2019-1010008 (OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scr ...) - TODO: check + NOT-FOR-US: OpenEnergyMonitor Project Emoncms CVE-2019-1010007 RESERVED CVE-2019-1010006 (Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Pos ...) - TODO: check + - evince <unfixed> + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=788980 + TODO: track down in depth, whether in Evince or libtiff and if fixed CVE-2019-1010005 (HexoEditor v1.1.8-beta is affected by: XSS to code execution. ...) - TODO: check + NOT-FOR-US: HexoEditor CVE-2019-1010004 (SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds ...) - TODO: check + NOT-FOR-US: Duplicate of CVE-2017-18189, should be rejected CVE-2019-1010003 (Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS ...) NOT-FOR-US: Leanote CVE-2019-1010002 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef924fe21d212859018b4f2d00626691e99e00ed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef924fe21d212859018b4f2d00626691e99e00ed You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits