[Git][security-tracker-team/security-tracker][master] 2 commits: Update information on CVE-2019-20159

Salvatore Bonaccorso Thu, 16 Jan 2020 13:47:49 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e96ff8bb by Salvatore Bonaccorso at 2020-01-16T22:22:33+01:00
Update information on CVE-2019-20159

experimental version of gpac would be affected, but as unstable is not
we do not explicitly track it now as the next upload to experimental
will be rebased likely including the fix (so unstable will never be
affected).

Reference introducing commit for CVE-2019-20159.

- - - - -
9c250d16 by Salvatore Bonaccorso at 2020-01-16T22:46:31+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4804,12 +4804,10 @@ CVE-2019-20160 (An issue was discovered in GPAC version 
0.8.0 and 0.9.0-developm
        NOTE: https://github.com/gpac/gpac/issues/1334
        NOTE: 
https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e
 CVE-2019-20159 (An issue was discovered in GPAC version 0.8.0 and 
0.9.0-development-20 ...)
-       - gpac <unfixed>
-       [buster] - gpac <not-affected> (vulnerable code introduced in 0.7.0)
-       [stretch] - gpac <not-affected> (vulnerable code introduced in 0.7.0)
-       [jessie] - gpac <not-affected> (vulnerable code introduced in 0.7.0)
+       - gpac <not-affected> (Vulnerable code introduced in 0.7.0)
        NOTE: https://github.com/gpac/gpac/issues/1321
-       NOTE: 
https://github.com/gpac/gpac/commit/e4c1f09ab9618b6af3bec6b94b8b349f2d01dbf8
+       NOTE: Introduced in: 
https://github.com/gpac/gpac/commit/261fab7f51479ae8b1732350d9d4cc456c4919af 
(v0.7.0)
+       NOTE: Fixed by: 
https://github.com/gpac/gpac/commit/e4c1f09ab9618b6af3bec6b94b8b349f2d01dbf8
 CVE-2019-20158
        RESERVED
 CVE-2019-20157
@@ -7331,7 +7329,7 @@ CVE-2019-20099
 CVE-2019-20098
        RESERVED
 CVE-2019-20097 (Bitbucket Server and Bitbucket Data Center versions starting 
from 1.0. ...)
-       TODO: check
+       NOT-FOR-US: Bitbucket Server and Bitbucket Data Center
 CVE-2019-20096 (In the Linux kernel before 5.1, there is a memory leak in 
__feat_regis ...)
        - linux 5.2.6-1
        [jessie] - linux 3.16.72-1
@@ -14024,7 +14022,7 @@ CVE-2019-19280
 CVE-2019-19279
        RESERVED
 CVE-2019-19278 (A vulnerability has been identified in SINAMICS PERFECT 
HARMONY GH180  ...)
-       TODO: check
+       NOT-FOR-US: SINAMICS
 CVE-2019-19277
        RESERVED
 CVE-2019-19276
@@ -28996,11 +28994,11 @@ CVE-2019-15014 (A command injection vulnerability 
exists in the Zingbox Inspecto
 CVE-2019-15013 (The WorkflowResource class removeStatus method in Jira before 
version  ...)
        NOT-FOR-US: Atlassian
 CVE-2019-15012 (Bitbucket Server and Bitbucket Data Center from version 4.13. 
before 5 ...)
-       TODO: check
+       NOT-FOR-US: Bitbucket Server and Bitbucket Data Center
 CVE-2019-15011 (The ListEntityLinksServlet resource in Application Links 
before versio ...)
        NOT-FOR-US: Application Links
 CVE-2019-15010 (Bitbucket Server and Bitbucket Data Center versions starting 
from vers ...)
-       TODO: check
+       NOT-FOR-US: Bitbucket Server and Bitbucket Data Center
 CVE-2019-15009 (The /json/profile/removeStarAjax.do resource in Atlassian 
Fisheye and  ...)
        NOT-FOR-US: Atlassian Fisheye and Crucible
 CVE-2019-15008 (The /plugins/servlet/branchreview resource in Atlassian 
Fisheye and Cr ...)
@@ -38924,9 +38922,9 @@ CVE-2019-12000
 CVE-2019-11999
        RESERVED
 CVE-2019-11998 (HPE Superdome Flex Server is vulnerable to multiple remote 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: HPE Superdome Flex Server
 CVE-2019-11997 (A potential security vulnerability has been identified in HPE 
enhanced ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2019-11996 (Potential security vulnerabilities have been identified with 
HPE Nimbl ...)
        NOT-FOR-US: HPE
 CVE-2019-11995 (Security vulnerabilities in HPE UIoT version 1.2.4.2 could 
allow unaut ...)
@@ -47053,7 +47051,7 @@ CVE-2019-9511 (Some HTTP/2 implementations are 
vulnerable to window size manipul
        NOTE: 
https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
        NOTE: https://github.com/nghttp2/nghttp2/releases/tag/v1.39.2
 CVE-2019-9510 (A vulnerability in Microsoft Windows 10 1803 and Windows Server 
2019 a ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-9509
        RESERVED
 CVE-2019-9508



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/b967ad692175d6a5dc5b8a4958e50abe1976a221...9c250d16845c6840822fb2e5b7346f57f371466f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/b967ad692175d6a5dc5b8a4958e50abe1976a221...9c250d16845c6840822fb2e5b7346f57f371466f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Update information on CVE-2019-20159

Reply via email to