[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 28 Oct 2019 13:11:53 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
eb58783f by security tracker role at 2019-10-28T20:10:27Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,513 @@
+CVE-2020-0600
+       RESERVED
+CVE-2020-0599
+       RESERVED
+CVE-2020-0598
+       RESERVED
+CVE-2020-0597
+       RESERVED
+CVE-2020-0596
+       RESERVED
+CVE-2020-0595
+       RESERVED
+CVE-2020-0594
+       RESERVED
+CVE-2020-0593
+       RESERVED
+CVE-2020-0592
+       RESERVED
+CVE-2020-0591
+       RESERVED
+CVE-2020-0590
+       RESERVED
+CVE-2020-0589
+       RESERVED
+CVE-2020-0588
+       RESERVED
+CVE-2020-0587
+       RESERVED
+CVE-2020-0586
+       RESERVED
+CVE-2020-0585
+       RESERVED
+CVE-2020-0584
+       RESERVED
+CVE-2020-0583
+       RESERVED
+CVE-2020-0582
+       RESERVED
+CVE-2020-0581
+       RESERVED
+CVE-2020-0580
+       RESERVED
+CVE-2020-0579
+       RESERVED
+CVE-2020-0578
+       RESERVED
+CVE-2020-0577
+       RESERVED
+CVE-2020-0576
+       RESERVED
+CVE-2020-0575
+       RESERVED
+CVE-2020-0574
+       RESERVED
+CVE-2020-0573
+       RESERVED
+CVE-2020-0572
+       RESERVED
+CVE-2020-0571
+       RESERVED
+CVE-2020-0570
+       RESERVED
+CVE-2020-0569
+       RESERVED
+CVE-2020-0568
+       RESERVED
+CVE-2020-0567
+       RESERVED
+CVE-2020-0566
+       RESERVED
+CVE-2020-0565
+       RESERVED
+CVE-2020-0564
+       RESERVED
+CVE-2020-0563
+       RESERVED
+CVE-2020-0562
+       RESERVED
+CVE-2020-0561
+       RESERVED
+CVE-2020-0560
+       RESERVED
+CVE-2020-0559
+       RESERVED
+CVE-2020-0558
+       RESERVED
+CVE-2020-0557
+       RESERVED
+CVE-2020-0556
+       RESERVED
+CVE-2020-0555
+       RESERVED
+CVE-2020-0554
+       RESERVED
+CVE-2020-0553
+       RESERVED
+CVE-2020-0552
+       RESERVED
+CVE-2020-0551
+       RESERVED
+CVE-2020-0550
+       RESERVED
+CVE-2020-0549
+       RESERVED
+CVE-2020-0548
+       RESERVED
+CVE-2020-0547
+       RESERVED
+CVE-2020-0546
+       RESERVED
+CVE-2020-0545
+       RESERVED
+CVE-2020-0544
+       RESERVED
+CVE-2020-0543
+       RESERVED
+CVE-2020-0542
+       RESERVED
+CVE-2020-0541
+       RESERVED
+CVE-2020-0540
+       RESERVED
+CVE-2020-0539
+       RESERVED
+CVE-2020-0538
+       RESERVED
+CVE-2020-0537
+       RESERVED
+CVE-2020-0536
+       RESERVED
+CVE-2020-0535
+       RESERVED
+CVE-2020-0534
+       RESERVED
+CVE-2020-0533
+       RESERVED
+CVE-2020-0532
+       RESERVED
+CVE-2020-0531
+       RESERVED
+CVE-2020-0530
+       RESERVED
+CVE-2020-0529
+       RESERVED
+CVE-2020-0528
+       RESERVED
+CVE-2020-0527
+       RESERVED
+CVE-2020-0526
+       RESERVED
+CVE-2020-0525
+       RESERVED
+CVE-2020-0524
+       RESERVED
+CVE-2020-0523
+       RESERVED
+CVE-2020-0522
+       RESERVED
+CVE-2020-0521
+       RESERVED
+CVE-2020-0520
+       RESERVED
+CVE-2020-0519
+       RESERVED
+CVE-2020-0518
+       RESERVED
+CVE-2020-0517
+       RESERVED
+CVE-2020-0516
+       RESERVED
+CVE-2020-0515
+       RESERVED
+CVE-2020-0514
+       RESERVED
+CVE-2020-0513
+       RESERVED
+CVE-2020-0512
+       RESERVED
+CVE-2020-0511
+       RESERVED
+CVE-2020-0510
+       RESERVED
+CVE-2020-0509
+       RESERVED
+CVE-2020-0508
+       RESERVED
+CVE-2020-0507
+       RESERVED
+CVE-2020-0506
+       RESERVED
+CVE-2020-0505
+       RESERVED
+CVE-2020-0504
+       RESERVED
+CVE-2020-0503
+       RESERVED
+CVE-2020-0502
+       RESERVED
+CVE-2020-0501
+       RESERVED
+CVE-2019-18570
+       RESERVED
+CVE-2019-18569
+       RESERVED
+CVE-2019-18568
+       RESERVED
+CVE-2019-18567
+       RESERVED
+CVE-2019-18566
+       REJECTED
+       TODO: check
+CVE-2019-18565
+       REJECTED
+       TODO: check
+CVE-2019-18564
+       REJECTED
+       TODO: check
+CVE-2019-18563
+       REJECTED
+       TODO: check
+CVE-2019-18562
+       REJECTED
+       TODO: check
+CVE-2019-18561
+       REJECTED
+       TODO: check
+CVE-2019-18560
+       REJECTED
+       TODO: check
+CVE-2019-18559
+       REJECTED
+       TODO: check
+CVE-2019-18558
+       REJECTED
+       TODO: check
+CVE-2019-18557
+       REJECTED
+       TODO: check
+CVE-2019-18556
+       REJECTED
+       TODO: check
+CVE-2019-18555
+       REJECTED
+       TODO: check
+CVE-2019-18554
+       REJECTED
+       TODO: check
+CVE-2019-18553
+       REJECTED
+       TODO: check
+CVE-2019-18552
+       REJECTED
+       TODO: check
+CVE-2019-18551
+       REJECTED
+       TODO: check
+CVE-2019-18550
+       REJECTED
+       TODO: check
+CVE-2019-18549
+       REJECTED
+       TODO: check
+CVE-2019-18548
+       REJECTED
+       TODO: check
+CVE-2019-18547
+       REJECTED
+       TODO: check
+CVE-2019-18546
+       REJECTED
+       TODO: check
+CVE-2019-18545
+       REJECTED
+       TODO: check
+CVE-2019-18544
+       REJECTED
+       TODO: check
+CVE-2019-18543
+       REJECTED
+       TODO: check
+CVE-2019-18542
+       REJECTED
+       TODO: check
+CVE-2019-18541
+       REJECTED
+       TODO: check
+CVE-2019-18540
+       REJECTED
+       TODO: check
+CVE-2019-18539
+       REJECTED
+       TODO: check
+CVE-2019-18538
+       REJECTED
+       TODO: check
+CVE-2019-18537
+       REJECTED
+       TODO: check
+CVE-2019-18536
+       REJECTED
+       TODO: check
+CVE-2019-18535
+       REJECTED
+       TODO: check
+CVE-2019-18534
+       REJECTED
+       TODO: check
+CVE-2019-18533
+       REJECTED
+       TODO: check
+CVE-2019-18532
+       REJECTED
+       TODO: check
+CVE-2019-18531
+       REJECTED
+       TODO: check
+CVE-2019-18530
+       REJECTED
+       TODO: check
+CVE-2019-18529
+       REJECTED
+       TODO: check
+CVE-2019-18528
+       REJECTED
+       TODO: check
+CVE-2019-18527
+       REJECTED
+       TODO: check
+CVE-2019-18526
+       REJECTED
+       TODO: check
+CVE-2019-18525
+       REJECTED
+       TODO: check
+CVE-2019-18524
+       REJECTED
+       TODO: check
+CVE-2019-18523
+       REJECTED
+       TODO: check
+CVE-2019-18522
+       REJECTED
+       TODO: check
+CVE-2019-18521
+       REJECTED
+       TODO: check
+CVE-2019-18520
+       REJECTED
+       TODO: check
+CVE-2019-18519
+       REJECTED
+       TODO: check
+CVE-2019-18518
+       REJECTED
+       TODO: check
+CVE-2019-18517
+       REJECTED
+       TODO: check
+CVE-2019-18516
+       REJECTED
+       TODO: check
+CVE-2019-18515
+       REJECTED
+       TODO: check
+CVE-2019-18514
+       REJECTED
+       TODO: check
+CVE-2019-18513
+       REJECTED
+       TODO: check
+CVE-2019-18512
+       REJECTED
+       TODO: check
+CVE-2019-18511
+       REJECTED
+       TODO: check
+CVE-2019-18510
+       REJECTED
+       TODO: check
+CVE-2019-18509
+       REJECTED
+       TODO: check
+CVE-2019-18508
+       REJECTED
+       TODO: check
+CVE-2019-18507
+       REJECTED
+       TODO: check
+CVE-2019-18506
+       REJECTED
+       TODO: check
+CVE-2019-18505
+       REJECTED
+       TODO: check
+CVE-2019-18504
+       REJECTED
+       TODO: check
+CVE-2019-18503
+       REJECTED
+       TODO: check
+CVE-2019-18502
+       REJECTED
+       TODO: check
+CVE-2019-18501
+       REJECTED
+       TODO: check
+CVE-2019-18500
+       REJECTED
+       TODO: check
+CVE-2019-18499
+       REJECTED
+       TODO: check
+CVE-2019-18498
+       REJECTED
+       TODO: check
+CVE-2019-18497
+       REJECTED
+       TODO: check
+CVE-2019-18496
+       REJECTED
+       TODO: check
+CVE-2019-18495
+       REJECTED
+       TODO: check
+CVE-2019-18494
+       REJECTED
+       TODO: check
+CVE-2019-18493
+       REJECTED
+       TODO: check
+CVE-2019-18492
+       REJECTED
+       TODO: check
+CVE-2019-18491
+       REJECTED
+       TODO: check
+CVE-2019-18490
+       REJECTED
+       TODO: check
+CVE-2019-18489
+       REJECTED
+       TODO: check
+CVE-2019-18488
+       REJECTED
+       TODO: check
+CVE-2019-18487
+       REJECTED
+       TODO: check
+CVE-2019-18486
+       REJECTED
+       TODO: check
+CVE-2019-18485
+       REJECTED
+       TODO: check
+CVE-2019-18484
+       REJECTED
+       TODO: check
+CVE-2019-18483
+       REJECTED
+       TODO: check
+CVE-2019-18482
+       REJECTED
+       TODO: check
+CVE-2019-18481
+       REJECTED
+       TODO: check
+CVE-2019-18480
+       REJECTED
+       TODO: check
+CVE-2019-18479
+       REJECTED
+       TODO: check
+CVE-2019-18478
+       REJECTED
+       TODO: check
+CVE-2019-18477
+       REJECTED
+       TODO: check
+CVE-2019-18476
+       REJECTED
+       TODO: check
+CVE-2019-18475
+       REJECTED
+       TODO: check
+CVE-2019-18474
+       REJECTED
+       TODO: check
+CVE-2019-18473
+       REJECTED
+       TODO: check
+CVE-2019-18472
+       REJECTED
+       TODO: check
+CVE-2019-18471
+       REJECTED
+       TODO: check
+CVE-2019-18470
+       REJECTED
+       TODO: check
+CVE-2019-18469
+       REJECTED
+       TODO: check
+CVE-2019-18468
+       REJECTED
+       TODO: check
+CVE-2019-18467
+       REJECTED
+       TODO: check
+CVE-2019-18466 (An issue was discovered in Podman in libpod before 1.6.0. It 
resolves  ...)
+       TODO: check
 CVE-2019-XXXX [database server crash from unserialized data access]
        - openafs 1.8.5-1 (bug #943587)
        NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-003.txt
@@ -584,8 +1094,8 @@ CVE-2019-18198 (In the Linux kernel before 5.3.4, a 
reference count usage error
        - linux <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://git.kernel.org/linus/ca7a03c4175366a92cee0ccc4fec0038c3266e26
        NOTE: https://launchpad.net/bugs/1847478
-CVE-2019-18195
-       RESERVED
+CVE-2019-18195 (An issue was discovered on TerraMaster FS-210 4.0.19 devices. 
Normal u ...)
+       TODO: check
 CVE-2019-18194
        RESERVED
 CVE-2019-18193
@@ -3860,8 +4370,8 @@ CVE-2019-17226 (CMS Made Simple (CMSMS) 2.2.11 allows XSS 
via the Site Admin &gt
        NOT-FOR-US: CMS Made Simple
 CVE-2019-17225 (Subrion 4.2.1 allows XSS via the panel/members/ Username, Full 
Name, o ...)
        NOT-FOR-US: Subrion CMS
-CVE-2019-17224
-       RESERVED
+CVE-2019-17224 (The web interface of the Compal Broadband CH7465LG modem 
(version CH74 ...)
+       TODO: check
 CVE-2019-17223 (There is HTML Injection in the Note field in Dolibarr ERP/CRM 
10.0.2 v ...)
        - dolibarr <removed>
 CVE-2019-17222
@@ -3948,8 +4458,8 @@ CVE-2019-17183 (Foxit Reader before 9.7 allows an Access 
Violation and crash if
        NOT-FOR-US: Foxit Reader
 CVE-2019-17182
        RESERVED
-CVE-2019-17181
-       RESERVED
+CVE-2019-17181 (A remote SEH buffer overflow has been discovered in IntraSrv 
1.0 (2007 ...)
+       TODO: check
 CVE-2019-17180 (Valve Steam Client before 2019-09-12 allows placing or 
appending parti ...)
        NOT-FOR-US: Steam on Windows
 CVE-2019-17179 (4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 
4.2.2, 5 ...)
@@ -4624,8 +5134,8 @@ CVE-2019-16899 (In Advantech WebAccess/HMI Designer 
2.1.9.31, Data from a Faulti
        NOT-FOR-US: Advantech
 CVE-2019-16898
        RESERVED
-CVE-2019-16897
-       RESERVED
+CVE-2019-16897 (In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total 
Security  ...)
+       TODO: check
 CVE-2019-16896
        RESERVED
 CVE-2019-16895
@@ -5249,10 +5759,10 @@ CVE-2019-16665 (An issue was discovered in ThinkSAAS 
2.91. There is XSS via the
        NOT-FOR-US: ThinkSAAS
 CVE-2019-16664 (An issue was discovered in ThinkSAAS 2.91. There is XSS via 
the index. ...)
        NOT-FOR-US: ThinkSAAS
-CVE-2019-16663
-       RESERVED
-CVE-2019-16662
-       RESERVED
+CVE-2019-16663 (An issue was discovered in rConfig 3.9.2. An attacker can 
directly exe ...)
+       TODO: check
+CVE-2019-16662 (An issue was discovered in rConfig 3.9.2. An attacker can 
directly exe ...)
+       TODO: check
 CVE-2019-16661 (Ogma CMS 0.5 has XSS via creation of a new blog. ...)
        NOT-FOR-US: Ogma CMS
 CVE-2019-16660 (joyplus-cms 1.6.0 has 
admin_ajax.php?action=savexml&amp;tab=vodplay CS ...)
@@ -6306,7 +6816,7 @@ CVE-2019-16267
        RESERVED
 CVE-2019-16266
        RESERVED
-CVE-2019-16265 (3S-Smart CODESYS V2.3 ENI server V3.2.2.23 has a Buffer 
Overflow. ...)
+CVE-2019-16265 (CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow. 
...)
        NOT-FOR-US: 3S-Smart CODESYS
 CVE-2019-16264 (In Escuela de Gestion Publica Plurinacional (EGPP) Sistema 
Integrado d ...)
        NOT-FOR-US: Escuela de Gestion Publica Plurinacional (EGPP) Sistema 
Integrado de Gestion Academica (GESAC)
@@ -10416,20 +10926,20 @@ CVE-2013-7475 (The contact-form-plugin plugin before 
3.52 for WordPress has XSS.
        NOT-FOR-US: contact-form-plugin plugin for WordPress
 CVE-2012-6713 (The job-manager plugin before 0.7.19 for WordPress has multiple 
XSS is ...)
        NOT-FOR-US: job-manager plugin for WordPress
-CVE-2019-14931
-       RESERVED
-CVE-2019-14930
-       RESERVED
-CVE-2019-14929
-       RESERVED
-CVE-2019-14928
-       RESERVED
-CVE-2019-14927
-       RESERVED
-CVE-2019-14926
-       RESERVED
-CVE-2019-14925
-       RESERVED
+CVE-2019-14931 (An issue was discovered on Mitsubishi Electric ME-RTU devices 
through  ...)
+       TODO: check
+CVE-2019-14930 (An issue was discovered on Mitsubishi Electric ME-RTU devices 
through  ...)
+       TODO: check
+CVE-2019-14929 (An issue was discovered on Mitsubishi Electric ME-RTU devices 
through  ...)
+       TODO: check
+CVE-2019-14928 (An issue was discovered on Mitsubishi Electric ME-RTU devices 
through  ...)
+       TODO: check
+CVE-2019-14927 (An issue was discovered on Mitsubishi Electric ME-RTU devices 
through  ...)
+       TODO: check
+CVE-2019-14926 (An issue was discovered on Mitsubishi Electric ME-RTU devices 
through  ...)
+       TODO: check
+CVE-2019-14925 (An issue was discovered on Mitsubishi Electric ME-RTU devices 
through  ...)
+       TODO: check
 CVE-2019-14924 (An issue was discovered in GCDWebServer before 3.5.3. The 
method moveI ...)
        NOT-FOR-US: GCDWebServer
 CVE-2019-14923 (EyesOfNetwork 5.1 allows Remote Command Execution via shell 
metacharac ...)
@@ -12338,8 +12848,8 @@ CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a 
directory traversal, allo
        NOTE: 
https://github.com/Sigil-Ebook/Sigil/commit/369eebe936e4a8c83cc54662a3412ce8bef189e4
 CVE-2019-14451 (RepetierServer.exe in Repetier-Server 0.8 through 0.91 does 
not proper ...)
        NOT-FOR-US: Repetier-Server
-CVE-2019-14450
-       RESERVED
+CVE-2019-14450 (A directory traversal vulnerability was discovered in 
RepetierServer.e ...)
+       TODO: check
 CVE-2019-14449
        RESERVED
 CVE-2019-14448
@@ -22476,8 +22986,7 @@ CVE-2019-11045
        RESERVED
 CVE-2019-11044
        RESERVED
-CVE-2019-11043
-       RESERVED
+CVE-2019-11043 (In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 
7.3.x below ...)
        {DLA-1970-1}
        - php7.3 <unfixed>
        - php7.0 <removed>
@@ -25157,6 +25666,7 @@ CVE-2019-10081 (HTTP/2 (2.4.20 through 2.4.39) very 
early pushes, for example co
 CVE-2019-10080
        RESERVED
 CVE-2019-10079 (Apache Traffic Server is vulnerable to HTTP/2 setting flood 
attacks. E ...)
+       {DSA-4520-1}
        - trafficserver 8.0.5+ds-1
        NOTE: 
https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E
 CVE-2019-10078 (A carefully crafted plugin link invocation could trigger an 
XSS vulner ...)
@@ -38007,12 +38517,12 @@ CVE-2019-5540
        RESERVED
 CVE-2019-5539
        RESERVED
-CVE-2019-5538
-       RESERVED
-CVE-2019-5537
-       RESERVED
-CVE-2019-5536
-       RESERVED
+CVE-2019-5538 (Sensitive information disclosure vulnerability resulting from a 
lack o ...)
+       TODO: check
+CVE-2019-5537 (Sensitive information disclosure vulnerability resulting from a 
lack o ...)
+       TODO: check
+CVE-2019-5536 (VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before 
ESXi650-20 ...)
+       TODO: check
 CVE-2019-5535 (VMware Workstation and Fusion contain a network 
denial-of-service vuln ...)
        NOT-FOR-US: VMware
 CVE-2019-5534 (VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 
U3 and  ...)
@@ -42300,8 +42810,8 @@ CVE-2019-3638 (Reflected Cross Site Scripting 
vulnerability in Administrators we
        NOT-FOR-US: McAfee
 CVE-2019-3637 (Privilege Escalation vulnerability in McAfee FRP 5.x prior to 
5.1.0.20 ...)
        NOT-FOR-US: McAfee
-CVE-2019-3636
-       RESERVED
+CVE-2019-3636 (A File Masquerade vulnerability in McAfee Total Protection 
(MTP) versi ...)
+       TODO: check
 CVE-2019-3635 (Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior 
to 7.8. ...)
        NOT-FOR-US: McAfee
 CVE-2019-3634 (Buffer overflow in McAfee Data Loss Prevention (DLPe) for 
Windows 11.x ...)
@@ -96903,7 +97413,7 @@ CVE-2018-3632 (Memory corruption in Intel Active 
Management Technology in Intel
 CVE-2018-3631
        RESERVED
 CVE-2018-3630 [Logic error in FV parsing in 
MdeModulePkg\Core\Pei\FwVol\FwVol.c]
-       RESERVED
+       REJECTED
        - edk2 <unfixed> (unimportant)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1683653
        NOTE: Non issue, no security impact
@@ -112068,8 +112578,8 @@ CVE-2017-15727 (In phpMyFAQ before 2.9.9, there is 
Stored Cross-site Scripting (
        NOT-FOR-US: phpMyFAQ
 CVE-2017-15726
        RESERVED
-CVE-2017-15725
-       RESERVED
+CVE-2017-15725 (An XML External Entity Injection vulnerability exists in Dzone 
AnswerH ...)
+       TODO: check
 CVE-2017-15724
        RESERVED
 CVE-2017-15723 (In Irssi before 1.0.5, overlong nicks or targets may result in 
a NULL  ...)
@@ -142883,27 +143393,27 @@ CVE-2017-5737
 CVE-2017-5736 (An elevation of privilege in Intel Software Guard Extensions 
Platform  ...)
        NOT-FOR-US: Intel
 CVE-2017-5735
-       RESERVED
+       REJECTED
        NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686
        NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
        NOTE: 
https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
 CVE-2017-5734
-       RESERVED
+       REJECTED
        NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686
        NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
        NOTE: 
https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
 CVE-2017-5733
-       RESERVED
+       REJECTED
        NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686
        NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
        NOTE: 
https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
 CVE-2017-5732
-       RESERVED
+       REJECTED
        NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686
        NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
        NOTE: 
https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
 CVE-2017-5731
-       RESERVED
+       REJECTED
        NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686
        NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
        NOTE: 
https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
@@ -143181,7 +143691,7 @@ CVE-2017-5851 (The free_options function in 
options_manager.c in mp3splt 2.6.2 a
 CVE-2017-5679
        RESERVED
 CVE-2017-5678
-       RESERVED
+       REJECTED
 CVE-2017-5677 (PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection 
Vulnerab ...)
        NOT-FOR-US: PEAR HTML_AJAX
        NOTE: http://karmainsecurity.com/KIS-2017-01
@@ -262579,8 +263089,7 @@ CVE-2012-5578 [Python keyring insecure permissions on 
new databases]
        - python-keyring 0.9.2-1.1 (bug #696736)
        [wheezy] - python-keyring 0.7.1-1+deb7u1
        [squeeze] - python-keyring <no-dsa> (Minor issue)
-CVE-2012-5577 [Python keyring insecure permissions on migrated files]
-       RESERVED
+CVE-2012-5577 (Python keyring lib before 0.10 created keyring files with 
world-readab ...)
        - python-keyring 0.9.2-1.1 (bug #696736)
        [wheezy] - python-keyring 0.7.1-1+deb7u1
        [squeeze] - python-keyring <no-dsa> (Minor issue)
@@ -276452,8 +276961,7 @@ CVE-2003-1599 (PHP remote file inclusion 
vulnerability in wp-links/links.all.php
        NOT-FOR-US: WordPress plugin wp-links
 CVE-2003-1598 (SQL injection vulnerability in log.header.php in WordPress 0.7 
and ear ...)
        - wordpress 1.0.1-1
-CVE-2002-2444 [snoopy: Security hole in exec cURL]
-       RESERVED
+CVE-2002-2444 (Snoopy 2.0.0-1 has a security hole in exec cURL ...)
        - libphp-snoopy <not-affected> (affected version never was in the repo)
        NOTE: http://www.openwall.com/lists/oss-security/2014/07/18/2
        NOTE: http://sourceforge.net/p/snoopy/bugs/13/
@@ -293359,8 +293867,7 @@ CVE-2010-4247 (The do_block_io_op function in (1) 
drivers/xen/blkback/blkback.c
        - linux-2.6 <not-affected> (changes included since introduction of dom0 
support)
 CVE-2010-4246 (Multiple cross-site scripting (XSS) vulnerabilities in 
graph.php in pf ...)
        NOT-FOR-US: pfSense
-CVE-2010-4245
-       RESERVED
+CVE-2010-4245 (pootle 2.0.5-0.2 has XSS via 'match_names' parameter ...)
        - pootle 2.0.5-0.3 (low; bug #604060)
        [lenny] - pootle <not-affected> (Vulnerable code not present)
 CVE-2010-4244
@@ -293371,14 +293878,11 @@ CVE-2010-4243 (fs/exec.c in the Linux kernel before 
2.6.37 does not enable the O
 CVE-2010-4242 (The hci_uart_tty_open function in the HCI UART driver 
(drivers/bluetoo ...)
        {DSA-2153-1}
        - linux-2.6 2.6.32-28
-CVE-2010-4241
-       RESERVED
+CVE-2010-4241 (Tiki Wiki CMS Groupware 5.2 has CSRF ...)
        - tikiwiki <removed>
-CVE-2010-4240
-       RESERVED
+CVE-2010-4240 (Tiki Wiki CMS Groupware 5.2 has XSS ...)
        - tikiwiki <removed>
-CVE-2010-4239
-       RESERVED
+CVE-2010-4239 (Tiki Wiki CMS Groupware 5.2 has Local File Inclusion ...)
        - tikiwiki <removed>
 CVE-2010-4238 (The vbd_create function in Xen 3.1.2, when the Linux kernel 
2.6.18 on  ...)
        - linux-2.6 <not-affected> (RedHat-specific issue, does not affect 
Xen-upstream/Debian)
@@ -295974,8 +296478,7 @@ CVE-2010-3294 (Cross-site scripting (XSS) 
vulnerability in apc.php in the Altern
        - php-apc <unfixed> (unimportant)
        NOTE: vulnerable script is, mainly, for debugging purposes
        NOTE: and is distributed gzip-compressed
-CVE-2010-3293 [mailscanner virus updates DoS]
-       RESERVED
+CVE-2010-3293 (mailscanner can allow local users to prevent virus signatures 
from bei ...)
        - mailscanner <removed> (bug #596397; unimportant)
        NOTE: or even unimportant, the script is not used by default
 CVE-2010-3292 [mailscanner may use spoofed data]
@@ -298741,12 +299244,10 @@ CVE-2010-2295 (page/EventHandler.cpp in WebCore in 
WebKit in Google Chrome befor
        [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe 
apps)
        - chromium-browser 5.0.375.55~r47796-1
        NOTE: http://trac.webkit.org/changeset/58829
-CVE-2009-4900 [pixelpost XSS]
-       RESERVED
+CVE-2009-4900 (pixelpost 1.7.1-5 has XSS ...)
        - pixelpost <removed> (bug #597224)
        NOTE: 
http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
-CVE-2009-4899 [pixelpost SQL injection]
-       RESERVED
+CVE-2009-4899 (pixelpost 1.7.1-5 has SQL injection ...)
        - pixelpost <removed> (bug #597224)
        NOTE: 
http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
 CVE-2009-4898 (Cross-site request forgery (CSRF) vulnerability in TWiki before 
4.3.2  ...)
@@ -378662,8 +379163,7 @@ CVE-2005-1841 (The control for Adobe Reader 5.0.9 and 
5.0.10 on Linux, Solaris,
 CVE-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used 
memory f ...)
        {DSA-744-1}
        - fuse 2.3.0-1
-CVE-2005-2349 [Directory traversal in zoo]
-       RESERVED
+CVE-2005-2349 (Zoo 2.10-27 has Directory traversal ...)
        - zoo 2.10-4 (low; bug #309594)
 CVE-2005-2350 [Cross Site Scripting in websieve]
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/eb58783f55fbad627a6824ac9d9aaf280fd26c22

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/eb58783f55fbad627a6824ac9d9aaf280fd26c22
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to