Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a2a7f6f3 by Moritz Muehlenhoff at 2020-02-05T12:11:34+01:00
NFUs
add explicit status for older libidn2-0 src pkg name
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -22359,6 +22359,7 @@ CVE-2019-18225 (An issue was discovered in Citrix
Application Delivery Controlle
CVE-2019-18224 (idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1
has a hea ...)
{DSA-4613-1}
- libidn2 2.2.0-1 (bug #942895)
+ - libidn2-0 <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420
NOTE:
https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c
CVE-2019-18223
@@ -225507,7 +225508,7 @@ CVE-2015-4088
CVE-2015-4087
RESERVED
CVE-2007-6758 (Server-side request forgery (SSRF) vulnerability in
feed-proxy.php in ...)
- TODO: check
+ NOT-FOR-US: feed-proxy.php
CVE-2015-4086
RESERVED
CVE-2015-4084 (Cross-site scripting (XSS) vulnerability in the Free Counter
plugin 1. ...)
@@ -268718,15 +268719,15 @@ CVE-2013-5118 (Cross-site scripting (XSS)
vulnerability in the Good for Enterpri
CVE-2013-5117 (SQL injection vulnerability in the RSS page
(DNNArticleRSS.aspx) in th ...)
NOT-FOR-US: DotNetNuke
CVE-2013-5116 (Evernote prior to 5.5.1 has insecure password change ...)
- TODO: check
+ NOT-FOR-US: Evernote
CVE-2013-5115
RESERVED
CVE-2013-5114 (LastPass prior to 2.5.1 allows secure wipe bypass. ...)
- TODO: check
+ NOT-FOR-US: LastPass
CVE-2013-5113 (LastPass prior to 2.5.1 has an insecure PIN implementation. ...)
- TODO: check
+ NOT-FOR-US: LastPass
CVE-2013-5112 (Evernote before 5.5.1 has insecure PIN storage ...)
- TODO: check
+ NOT-FOR-US: Evernote
CVE-2013-5111
RESERVED
CVE-2013-5110
@@ -275085,11 +275086,11 @@ CVE-2013-2680
CVE-2013-2679
RESERVED
CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File
Includ ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-2677
RESERVED
CVE-2013-2676 (Brother MFC-9970CDW 1.10 firmware L devices contain an
information dis ...)
- TODO: check
+ NOT-FOR-US: Brother
CVE-2013-2675
RESERVED
CVE-2013-2674 (Brother MFC-9970CDW 1.10 firmware L devices contain an
information dis ...)
@@ -275188,7 +275189,7 @@ CVE-2013-2632 (Google V8 before 3.17.13, as used in
Google Chrome before 27.0.14
- libv8-3.14 <removed> (unimportant; bug #773671)
NOTE: libv8 not covered by security support
CVE-2013-2631 (TinyWebGallery (TWG) 1.8.9 and earlier contains a full path
disclosure ...)
- TODO: check
+ NOT-FOR-US: TinyWebGallery
CVE-2013-2630 (Cross-site scripting (XSS) vulnerability in CA Service Desk
Manager 12 ...)
NOT-FOR-US: CA Service Desk Manager
CVE-2013-2629 (Leed (Light Feed), possibly before 1.5 Stable, allows remote
attackers ...)
@@ -275205,7 +275206,7 @@ CVE-2013-2625 (An Access Bypass issue exists in OTRS
Help Desk before 3.2.4, 3.1
NOTE: DSA-2733-1
NOTE:
http://web.archive.org/web/20130716120019/http://www.otrs.com:80/en/open-source/community-news/security-advisories/security-advisory-2013-01/
CVE-2013-2624 (Telean before 1.3.1 contains a full path disclosure
vulnerability whic ...)
- TODO: check
+ NOT-FOR-US: Telean
CVE-2013-2623 (Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote
attack ...)
NOT-FOR-US: Uebimiau Webmail
CVE-2013-2622 (Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier
allows remot ...)
@@ -275316,7 +275317,7 @@ CVE-2013-2573 (A Command Injection vulnerability
exists in the ap parameter to t
CVE-2013-2572 (A Security Bypass vulnerability exists in TP-LINK IP Cameras
TL-SC 313 ...)
NOT-FOR-US: TP-Link
CVE-2013-2571 (Iris 3.8 before build 1548, as used in Xpient point of sale
(POS) syst ...)
- TODO: check
+ NOT-FOR-US: Xpient point of sale (POS)
CVE-2013-2570 (A Command Injection vulnerability exists in Zavio IP Cameras
through 1 ...)
NOT-FOR-US: Zavio
CVE-2013-2569 (A Security Bypass vulnerability exists in Zavio IP Cameras
through 1.6 ...)
@@ -275669,7 +275670,7 @@ CVE-2013-2475 (The TCP dissector in Wireshark 1.8.x
before 1.8.6 allows remote a
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8274
NOTE: Versions affected: 1.8.0 to 1.8.5
CVE-2013-2474 (Directory traversal vulnerability in AWS XMS 2.5 allows remote
attacke ...)
- TODO: check
+ NOT-FOR-US: AWS XMS
CVE-2013-2473 (Unspecified vulnerability in the Java Runtime Environment (JRE)
compon ...)
{DSA-2727-1 DSA-2722-1}
- openjdk-6 6b27-1.12.6-1
@@ -279233,7 +279234,7 @@ CVE-2013-1423 ((1) contrib/gforge-3.0-cronjobs.patch,
(2) cronjobs/homedirs.php,
{DSA-2633-1}
- fusionforge 5.2.1+20130227-1
CVE-2013-1422 (webcalendar before 1.2.7 shows the reason for a failed login
(e.g., "n ...)
- TODO: check
+ - webcalendar <removed>
CVE-2013-1421 (Cross-site scripting (XSS) vulnerability in Craig Knudsen
WebCalendar ...)
- webcalendar <removed>
CVE-2013-1420 (Multiple cross-site scripting (XSS) vulnerabilities in
GetSimple CMS b ...)
@@ -282501,7 +282502,7 @@ CVE-2013-0287 (The Simple Access Provider in System
Security Services Daemon (SS
- sssd <not-affected> (Introduced in 1.9.0)
NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/12
CVE-2013-0286 (Pinboard 1.0.6 theme for Wordpress has XSS. ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2013-0285 (The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x
before ...)
NOT-FOR-US: nori Ruby gem
CVE-2013-0284 (Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when
communic ...)
@@ -283119,7 +283120,7 @@ CVE-2012-6303 (Heap-based buffer overflow in the
GetWavHeader function in generi
NOTE: http://secunia.com/advisories/49889/
NOTE: http://www.openwall.com/lists/oss-security/2012/12/10/2
CVE-2012-6302 (Soapbox through 0.3.1: Sandbox bypass - runs a second instance
of Soap ...)
- TODO: check
+ NOT-FOR-US: Soapbox
CVE-2012-6301 (The Browser application in Android 4.0.3 allows remote
attackers to ca ...)
NOT-FOR-US: Android browser
CVE-2012-6300
@@ -284728,7 +284729,7 @@ CVE-2012-5778
CVE-2012-5777 (Eval injection vulnerability in the ReplaceListVars function in
the te ...)
NOT-FOR-US: EmpireCMS
CVE-2012-5776 (Dokeos 2.1.1 has multiple XSS issues involving "extra_"
parameters in ...)
- TODO: check
+ NOT-FOR-US: Dokeos
CVE-2012-5775
REJECTED
CVE-2012-5774
@@ -284914,7 +284915,7 @@ CVE-2012-5688 (ISC BIND 9.8.x before 9.8.4-P1 and
9.9.x before 9.9.2-P1, when DN
CVE-2012-5687 (Directory traversal vulnerability in the web-based management
feature ...)
NOT-FOR-US: TP-LINK TL-WR841N router
CVE-2012-5686 (ZPanel 10.0.1 has insufficient entropy for its password reset
process. ...)
- TODO: check
+ NOT-FOR-US: ZPanel
CVE-2012-5685 (SQL injection vulnerability in ZPanel 10.0.1 and earlier allows
remote ...)
NOT-FOR-US: ZPanel
CVE-2012-5684 (Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and
earlier ...)
@@ -296024,9 +296025,9 @@ CVE-2012-1497 (The default configuration of Movable
Type before 4.38, 5.0x befor
{DSA-2423-1}
- movabletype-opensource 5.1.3+dfsg-1
CVE-2012-1496 (Local file inclusion in WebCalendar before 1.2.5. ...)
- TODO: check
+ - webcalendar <removed>
CVE-2012-1495 (install/index.php in WebCalendar before 1.2.5 allows remote
attackers ...)
- TODO: check
+ - webcalendar <removed>
CVE-2012-1102 [XML::Atom Perl module XML entity expansion]
RESERVED
{DSA-2424-1}
@@ -297318,7 +297319,7 @@ CVE-2012-0946 (The NVIDIA UNIX driver before 295.40
allows local users to access
- nvidia-graphics-drivers 295.40-1
[squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze1
CVE-2012-0945 (whoopsie-daisy before 0.1.26: Root user can remove arbitrary
files ...)
- TODO: check
+ NOT-FOR-US: whoopsie-daisy
CVE-2012-0944 (Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04
LTS does ...)
- aptdaemon 0.43+bzr790-1
[squeeze] - aptdaemon <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2a7f6f364f42b1e285832b142fb1973a9e1de3b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2a7f6f364f42b1e285832b142fb1973a9e1de3b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
