Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6e0dfe0b by Moritz Muehlenhoff at 2019-11-13T17:31:58Z NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -116,7 +116,7 @@ CVE-2019-18874 (psutil (aka python-psutil) through 5.6.5 can have a double free. - python-psutil <unfixed> (bug #944605) NOTE: https://github.com/giampaolo/psutil/pull/1616 CVE-2019-18873 (FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP hea ...) - TODO: check + NOT-FOR-US: FUDForum CVE-2019-18872 RESERVED CVE-2019-18871 @@ -2797,7 +2797,7 @@ CVE-2019-18660 CVE-2019-18659 (The Wireless Emergency Alerts (WEA) protocol allows remote attackers t ...) NOT-FOR-US: Wireless Emergency Alerts (WEA) protocol CVE-2019-18658 (In Helm 2.x before 2.15.2, commands that deal with loading a chart as ...) - TODO: check + - helm-kubernetes <itp> (bug #910799) CVE-2019-18657 (ClickHouse before 19.13.5.44 allows HTTP header injection via the url ...) NOT-FOR-US: ClickHouse CVE-2019-18656 (Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBu ...) @@ -16153,7 +16153,7 @@ CVE-2019-14368 (Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafI NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/bd0afe0390439b2c424d881c8c6eb0c5624e31d9 NOTE: Introduced by: https://github.com/Exiv2/exiv2/commit/c72d16f4c402a8acc2dfe06fe3d58bf6cf99069e CVE-2019-14367 (Slack-Chat through 1.5.5 leaks a Slack Access Token in source code. An ...) - TODO: check + NOT-FOR-US: Slack-Chat CVE-2019-14366 (WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access T ...) NOT-FOR-US: WP SlackSync plugin for WordPress CVE-2019-14365 (The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access T ...) @@ -41553,7 +41553,7 @@ CVE-2019-5697 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerabilit CVE-2019-5696 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2019-5695 (NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Dr ...) - TODO: check + NOT-FOR-US: NVIDIA CVE-2019-5694 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2019-5693 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) @@ -54672,7 +54672,7 @@ CVE-2019-1236 (A remote code execution vulnerability exists in the way that the CVE-2019-1235 (An elevation of privilege vulnerability exists in Windows Text Service ...) NOT-FOR-US: Microsoft CVE-2019-1234 (A spoofing vulnerability exists when Azure Stack fails to validate cer ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1233 (A denial of service vulnerability exists in Microsoft Exchange Server ...) NOT-FOR-US: Microsoft CVE-2019-1232 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) @@ -289261,9 +289261,9 @@ CVE-2011-2337 (A wrong type is used for a return value from strlen in WebKit in CVE-2011-2336 (An issue exists in WebKit in Google Chrome before Blink M12. when clea ...) NOTE: Historic webkit/Chromium issues CVE-2011-2335 (A double-free vulnerability exists in WebKit in Google Chrome before B ...) - TODO: check + NOTE: Historic webkit/Chromium issues CVE-2011-2334 (Use after free vulnerability exists in WebKit in Google Chrome before ...) - TODO: check + NOTE: Historic webkit/Chromium issues CVE-2011-2333 RESERVED CVE-2011-2329 (The rampart_timestamp_token_validate function in util/rampart_timestam ...) @@ -290660,9 +290660,9 @@ CVE-2011-1804 (rendering/RenderBox.cpp in WebCore in WebKit before r86862, as us [squeeze] - chromium-browser <not-affected> NOTE: http://trac.webkit.org/changeset/86448 CVE-2011-1803 (An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVG ...) - TODO: check + NOTE: Historic webkit/Chromium issues CVE-2011-1802 (WebKit in Google Chrome before Blink M11 and M12 does not properly han ...) - TODO: check + NOTE: Historic webkit/Chromium issues CVE-2011-1801 (Unspecified vulnerability in Google Chrome before 11.0.696.71 allows r ...) - chromium-browser 11.0.696.71~r86024-1 (unimportant) NOTE: http://trac.webkit.org/changeset/85977 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e0dfe0bbf38448e5750dbbaffeed218d3bff222 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e0dfe0bbf38448e5750dbbaffeed218d3bff222 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits