Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: a2a7f6f3 by Moritz Muehlenhoff at 2020-02-05T12:11:34+01:00 NFUs add explicit status for older libidn2-0 src pkg name - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -22359,6 +22359,7 @@ CVE-2019-18225 (An issue was discovered in Citrix Application Delivery Controlle CVE-2019-18224 (idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a hea ...) {DSA-4613-1} - libidn2 2.2.0-1 (bug #942895) + - libidn2-0 <not-affected> (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420 NOTE: https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c CVE-2019-18223 @@ -225507,7 +225508,7 @@ CVE-2015-4088 CVE-2015-4087 RESERVED CVE-2007-6758 (Server-side request forgery (SSRF) vulnerability in feed-proxy.php in ...) - TODO: check + NOT-FOR-US: feed-proxy.php CVE-2015-4086 RESERVED CVE-2015-4084 (Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1. ...) @@ -268718,15 +268719,15 @@ CVE-2013-5118 (Cross-site scripting (XSS) vulnerability in the Good for Enterpri CVE-2013-5117 (SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in th ...) NOT-FOR-US: DotNetNuke CVE-2013-5116 (Evernote prior to 5.5.1 has insecure password change ...) - TODO: check + NOT-FOR-US: Evernote CVE-2013-5115 RESERVED CVE-2013-5114 (LastPass prior to 2.5.1 allows secure wipe bypass. ...) - TODO: check + NOT-FOR-US: LastPass CVE-2013-5113 (LastPass prior to 2.5.1 has an insecure PIN implementation. ...) - TODO: check + NOT-FOR-US: LastPass CVE-2013-5112 (Evernote before 5.5.1 has insecure PIN storage ...) - TODO: check + NOT-FOR-US: Evernote CVE-2013-5111 RESERVED CVE-2013-5110 @@ -275085,11 +275086,11 @@ CVE-2013-2680 CVE-2013-2679 RESERVED CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Includ ...) - TODO: check + NOT-FOR-US: Cisco CVE-2013-2677 RESERVED CVE-2013-2676 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...) - TODO: check + NOT-FOR-US: Brother CVE-2013-2675 RESERVED CVE-2013-2674 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...) @@ -275188,7 +275189,7 @@ CVE-2013-2632 (Google V8 before 3.17.13, as used in Google Chrome before 27.0.14 - libv8-3.14 <removed> (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2013-2631 (TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure ...) - TODO: check + NOT-FOR-US: TinyWebGallery CVE-2013-2630 (Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12 ...) NOT-FOR-US: CA Service Desk Manager CVE-2013-2629 (Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers ...) @@ -275205,7 +275206,7 @@ CVE-2013-2625 (An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1 NOTE: DSA-2733-1 NOTE: http://web.archive.org/web/20130716120019/http://www.otrs.com:80/en/open-source/community-news/security-advisories/security-advisory-2013-01/ CVE-2013-2624 (Telean before 1.3.1 contains a full path disclosure vulnerability whic ...) - TODO: check + NOT-FOR-US: Telean CVE-2013-2623 (Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attack ...) NOT-FOR-US: Uebimiau Webmail CVE-2013-2622 (Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remot ...) @@ -275316,7 +275317,7 @@ CVE-2013-2573 (A Command Injection vulnerability exists in the ap parameter to t CVE-2013-2572 (A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 313 ...) NOT-FOR-US: TP-Link CVE-2013-2571 (Iris 3.8 before build 1548, as used in Xpient point of sale (POS) syst ...) - TODO: check + NOT-FOR-US: Xpient point of sale (POS) CVE-2013-2570 (A Command Injection vulnerability exists in Zavio IP Cameras through 1 ...) NOT-FOR-US: Zavio CVE-2013-2569 (A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6 ...) @@ -275669,7 +275670,7 @@ CVE-2013-2475 (The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote a NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8274 NOTE: Versions affected: 1.8.0 to 1.8.5 CVE-2013-2474 (Directory traversal vulnerability in AWS XMS 2.5 allows remote attacke ...) - TODO: check + NOT-FOR-US: AWS XMS CVE-2013-2473 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 @@ -279233,7 +279234,7 @@ CVE-2013-1423 ((1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, {DSA-2633-1} - fusionforge 5.2.1+20130227-1 CVE-2013-1422 (webcalendar before 1.2.7 shows the reason for a failed login (e.g., "n ...) - TODO: check + - webcalendar <removed> CVE-2013-1421 (Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar ...) - webcalendar <removed> CVE-2013-1420 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS b ...) @@ -282501,7 +282502,7 @@ CVE-2013-0287 (The Simple Access Provider in System Security Services Daemon (SS - sssd <not-affected> (Introduced in 1.9.0) NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/12 CVE-2013-0286 (Pinboard 1.0.6 theme for Wordpress has XSS. ...) - TODO: check + NOT-FOR-US: Wordpress theme CVE-2013-0285 (The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before ...) NOT-FOR-US: nori Ruby gem CVE-2013-0284 (Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communic ...) @@ -283119,7 +283120,7 @@ CVE-2012-6303 (Heap-based buffer overflow in the GetWavHeader function in generi NOTE: http://secunia.com/advisories/49889/ NOTE: http://www.openwall.com/lists/oss-security/2012/12/10/2 CVE-2012-6302 (Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soap ...) - TODO: check + NOT-FOR-US: Soapbox CVE-2012-6301 (The Browser application in Android 4.0.3 allows remote attackers to ca ...) NOT-FOR-US: Android browser CVE-2012-6300 @@ -284728,7 +284729,7 @@ CVE-2012-5778 CVE-2012-5777 (Eval injection vulnerability in the ReplaceListVars function in the te ...) NOT-FOR-US: EmpireCMS CVE-2012-5776 (Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in ...) - TODO: check + NOT-FOR-US: Dokeos CVE-2012-5775 REJECTED CVE-2012-5774 @@ -284914,7 +284915,7 @@ CVE-2012-5688 (ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DN CVE-2012-5687 (Directory traversal vulnerability in the web-based management feature ...) NOT-FOR-US: TP-LINK TL-WR841N router CVE-2012-5686 (ZPanel 10.0.1 has insufficient entropy for its password reset process. ...) - TODO: check + NOT-FOR-US: ZPanel CVE-2012-5685 (SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote ...) NOT-FOR-US: ZPanel CVE-2012-5684 (Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier ...) @@ -296024,9 +296025,9 @@ CVE-2012-1497 (The default configuration of Movable Type before 4.38, 5.0x befor {DSA-2423-1} - movabletype-opensource 5.1.3+dfsg-1 CVE-2012-1496 (Local file inclusion in WebCalendar before 1.2.5. ...) - TODO: check + - webcalendar <removed> CVE-2012-1495 (install/index.php in WebCalendar before 1.2.5 allows remote attackers ...) - TODO: check + - webcalendar <removed> CVE-2012-1102 [XML::Atom Perl module XML entity expansion] RESERVED {DSA-2424-1} @@ -297318,7 +297319,7 @@ CVE-2012-0946 (The NVIDIA UNIX driver before 295.40 allows local users to access - nvidia-graphics-drivers 295.40-1 [squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze1 CVE-2012-0945 (whoopsie-daisy before 0.1.26: Root user can remove arbitrary files ...) - TODO: check + NOT-FOR-US: whoopsie-daisy CVE-2012-0944 (Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does ...) - aptdaemon 0.43+bzr790-1 [squeeze] - aptdaemon <not-affected> (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2a7f6f364f42b1e285832b142fb1973a9e1de3b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2a7f6f364f42b1e285832b142fb1973a9e1de3b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits