[Git][security-tracker-team/security-tracker][master] 14 commits: update note
/vulnerability_reports/TALOS-2019-0844 NOTE: https://hg.libsdl.org/SDL_image/rev/26061e601c81 CVE-2019-5059 (An exploitable code execution vulnerability exists in the XPM image re ...) - libsdl2-image 2.0.5+dfsg1-1 [buster] - libsdl2-image (Minor issue) [stretch] - libsdl2-image (Minor issue) + [jessie] - libsdl2-image (Minor issue) - sdl-image1.2 [buster] - sdl-image1.2 (Minor issue) [stretch] - sdl-image1.2 (Minor issue) + [jessie] - sdl-image1.2 (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0843 NOTE: https://hg.libsdl.org/SDL_image/rev/95fc7da55247 CVE-2019-5058 (An exploitable code execution vulnerability exists in the XCF image re ...) - libsdl2-image 2.0.5+dfsg1-1 (bug #932754) [buster] - libsdl2-image (Minor issue) [stretch] - libsdl2-image (Minor issue) + [jessie] - libsdl2-image (Minor issue) - sdl-image1.2 (bug #932755) [buster] - sdl-image1.2 (Minor issue) [stretch] - sdl-image1.2 (Minor issue) + [jessie] - sdl-image1.2 (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0842 NOTE: https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10 CVE-2019-5057 (An exploitable code execution vulnerability exists in the PCX image-re ...) - libsdl2-image 2.0.5+dfsg1-1 (bug #932754) [buster] - libsdl2-image (Minor issue) [stretch] - libsdl2-image (Minor issue) + [jessie] - libsdl2-image (Minor issue) - sdl-image1.2 (bug #932755) [buster] - sdl-image1.2 (Minor issue) [stretch] - sdl-image1.2 (Minor issue) + [jessie] - sdl-image1.2 (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0841 NOTE: https://hg.libsdl.org/SDL_image/rev/7453e79c8cdb CVE-2019-5056 = data/dla-needed.txt = @@ -9,6 +9,8 @@ To pick an issue, simply add your name behind it. To learn more about how this list is updated have a look at https://wiki.debian.org/LTS/Development#Triage_new_security_issues +-- +dnsmasq -- faad2 (Hugo Lefeuvre) NOTE: 20190519: I have a few patches pending for open issues. Will be PR-ed soon. @@ -87,6 +89,9 @@ proftpd-dfsg (Markus Koschany) NOTE: Stable update was released today. -- python2.7 (Thorsten Alteholz) + NOTE: 20190804: need to check fails with test suite unrelated to this patch +-- +python3.4 (Thorsten Alteholz) -- qemu NOTE: 20190528: An upload candidate is waiting for being tested on real hardware. @@ -97,6 +102,7 @@ qemu NOTE: 20190529: More testing needed. -- ruby-mini-magick (Thorsten Alteholz) + NOTE: 20190805: package does not build in Jessie -- ruby-openid NOTE: 20190628: In discussion with upstream/rubygems maintainer regarding what the issue actually *is*. (lamby) @@ -124,12 +130,16 @@ sqlite3 subversion NOTE: 20190804: For (at least) CVE-2018-11782 the svn_err_trace that is in the diff has not been added yet. (lamby) -- +tika +-- tomcat8 NOTE: 20190522: FTBFS NOTE: Test SSL certificate expired, see https://bz.apache.org/bugzilla/show_bug.cgi?id=57655 NOTE: Attempt to solve this by using certificates from latest tomcat8 package failed (Brian). NOTE: 20190701: New CVE just piled up. -- +wireshark (Thorsten Alteholz) +-- wordpress NOTE: 20190614: No upstream fix yet. (apo) -- @@ -138,3 +148,5 @@ xen -- xymon (Thorsten alteholz) -- +yara +-- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d5173322a76b1d71e305198af82c38a9dd4f60f8...00768d5e7d12aa1b678b4892545b9e8bc107a42a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d5173322a76b1d71e305198af82c38a9dd4f60f8...00768d5e7d12aa1b678b4892545b9e8bc107a42a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] gnucobol: no-dsa, bug filed, track old source package
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d5173322 by Moritz Muehlenhoff at 2019-08-04T20:42:04Z gnucobol: no-dsa, bug filed, track old source package - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -228,7 +228,10 @@ CVE-2019-14543 CVE-2019-14542 RESERVED CVE-2019-14541 (GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id ...) - - gnucobol + - gnucobol (bug #933884) + [buster] - gnucobol (Minor issue) + - opencobol + [stretch] - opencobol (Minor issue) NOTE: https://sourceforge.net/p/open-cobol/bugs/584/ CVE-2019-14540 RESERVED @@ -261,7 +264,10 @@ CVE-2019-14530 CVE-2019-14529 (OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/s ...) NOT-FOR-US: OpenEMR CVE-2019-14528 (GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/ ...) - - gnucobol + - gnucobol (bug #933884) + [buster] - gnucobol (Minor issue) + - opencobol + [stretch] - opencobol (Minor issue) NOTE: https://sourceforge.net/p/open-cobol/bugs/583/ CVE-2019-14527 RESERVED @@ -354,7 +360,10 @@ CVE-2019-14488 CVE-2019-14487 RESERVED CVE-2019-14486 (GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c ...) - - gnucobol + - gnucobol (bug #933884) + [buster] - gnucobol (Minor issue) + - opencobol + [stretch] - opencobol (Minor issue) NOTE: https://sourceforge.net/p/open-cobol/bugs/582/ CVE-2019-14485 RESERVED @@ -391,7 +400,10 @@ CVE-2019-14470 CVE-2019-14469 RESERVED CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via c ...) - - gnucobol + - gnucobol (bug #933884) + [buster] - gnucobol (Minor issue) + - opencobol + [stretch] - opencobol (Minor issue) NOTE: https://sourceforge.net/p/open-cobol/bugs/581/ CVE-2019-14467 RESERVED @@ -87639,7 +87651,7 @@ CVE-2018-2599 (Vulnerability in the Java SE, Java SE Embedded, JRockit component [wheezy] - openjdk-6 CVE-2018-2598 (Vulnerability in the MySQL Workbench component of Oracle MySQL (subcom ...) - mysql-workbench 8.0.17+dfsg-1 (bug #904112) - [stretch] - mysql-workbench (Exact details undisclosed, but marginal CVSS score) + [stretch] - mysql-workbench (Exact details undisclosed, but marginal CVSS score) [jessie] - mysql-workbench (Exact details undisclosed, but marginal CVSS score) CVE-2018-2597 (Vulnerability in the Oracle Hospitality Cruise Dining Room Management ...) NOT-FOR-US: Oracle View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5173322a76b1d71e305198af82c38a9dd4f60f8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5173322a76b1d71e305198af82c38a9dd4f60f8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status of openjdk7 and proftpd-dfsg in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: b13bed95 by Markus Koschany at 2019-08-04T20:34:18Z Update status of openjdk7 and proftpd-dfsg in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -77,10 +77,14 @@ linux (Ben Hutchings) linux-4.9 (Ben Hutchings) -- openjdk-7 (Markus Koschany) + NOTE: 20190804: The new OpenJDK 7 package needs more testing because this is + NOTE: the first package which we could not simply backport. -- otrs2 (Abhijith PA) -- proftpd-dfsg (Markus Koschany) + NOTE: 20190804: The update is ready but I waited for a maintainer reaction. + NOTE: Stable update was released today. -- python2.7 (Thorsten Alteholz) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b13bed95fdc6f7a4310a1345e369a33c4919db0f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b13bed95fdc6f7a4310a1345e369a33c4919db0f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f2d244e0 by security tracker role at 2019-08-04T20:10:18Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6013,6 +6013,7 @@ CVE-2019-12816 (Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated NOTE: Versions affected: 0.098 - 1.7.3 NOTE: https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311 CVE-2019-12815 (An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3. ...) + {DSA-4491-1} - proftpd-dfsg 1.3.6-6 (low; bug #932453) NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4372 NOTE: https://github.com/proftpd/proftpd/pull/816 @@ -25767,9 +25768,11 @@ CVE-2019-5461 [GitHub Integration SSRF] - gitlab (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5460 (Double Free in VLC versions = 3.0.6 leads to a crash. ...) + {DSA-4459-1} - vlc 3.0.7-1 NOTE: https://hackerone.com/reports/503208 CVE-2019-5459 (An Integer underflow in VLC Media Player versions 3.0.7 leads to ...) + {DSA-4459-1} - vlc 3.0.7-1 NOTE: https://hackerone.com/reports/502816 CVE-2019-5458 (Cross-site scripting (XSS) vulnerability in http-file-server (all vers ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2d244e06f0738e2fb9747e5312fe77f0b319db1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2d244e06f0738e2fb9747e5312fe77f0b319db1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: this is still ongoing
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: 7cd140e8 by Adrian Bunk at 2019-08-04T19:42:00Z dla: this is still ongoing - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -55,7 +55,7 @@ libmatio (Adrian Bunk) NOTE: 20190428: is likely vulnerable NOTE: 20190428: some CVE testcases still fail after applying the fix, NOTE: 20190428: older changes seem to also be required for them - NOTE: 20190722: work is ongoing + NOTE: 20190804: work is ongoing -- libqb NOTE: 20190616: Upstream patch does not apply at all, but it appears that View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7cd140e8ecee821bf5cdae7b5c19a3c70a5ba53a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7cd140e8ecee821bf5cdae7b5c19a3c70a5ba53a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-5060/SDL_image
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 88e47313 by Salvatore Bonaccorso at 2019-08-04T19:18:50Z Add CVE-2019-5060/SDL_image - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26601,7 +26601,14 @@ CVE-2019-5062 CVE-2019-5061 RESERVED CVE-2019-5060 (An exploitable code execution vulnerability exists in the XPM image re ...) - TODO: check + - libsdl2-image 2.0.5+dfsg1-1 + [buster] - libsdl2-image (Minor issue) + [stretch] - libsdl2-image (Minor issue) + - sdl-image1.2 + [buster] - sdl-image1.2 (Minor issue) + [stretch] - sdl-image1.2 (Minor issue) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0844 + NOTE: https://hg.libsdl.org/SDL_image/rev/26061e601c81 CVE-2019-5059 (An exploitable code execution vulnerability exists in the XPM image re ...) - libsdl2-image 2.0.5+dfsg1-1 [buster] - libsdl2-image (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88e473132426fccd943393ee819cf0b3abcb7e11 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88e473132426fccd943393ee819cf0b3abcb7e11 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-5059/SDL_image
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fa353660 by Salvatore Bonaccorso at 2019-08-04T19:16:52Z Add CVE-2019-5059/SDL_image Note this one does not seem to be covered in the buster- and stretch-pu proposed updates. Thus not tracking in the next-*-update.txt files. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26603,7 +26603,14 @@ CVE-2019-5061 CVE-2019-5060 (An exploitable code execution vulnerability exists in the XPM image re ...) TODO: check CVE-2019-5059 (An exploitable code execution vulnerability exists in the XPM image re ...) - TODO: check + - libsdl2-image 2.0.5+dfsg1-1 + [buster] - libsdl2-image (Minor issue) + [stretch] - libsdl2-image (Minor issue) + - sdl-image1.2 + [buster] - sdl-image1.2 (Minor issue) + [stretch] - sdl-image1.2 (Minor issue) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0843 + NOTE: https://hg.libsdl.org/SDL_image/rev/95fc7da55247 CVE-2019-5058 (An exploitable code execution vulnerability exists in the XCF image re ...) - libsdl2-image 2.0.5+dfsg1-1 (bug #932754) [buster] - libsdl2-image (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa3536608358f6fa68fa8d374ad6bcd1e86d90b1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa3536608358f6fa68fa8d374ad6bcd1e86d90b1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-5058/SDL_image
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cf9e828b by Salvatore Bonaccorso at 2019-08-04T19:13:11Z Add CVE-2019-5058/SDL_image - - - - - 2 changed files: - data/CVE/list - data/next-oldstable-point-update.txt Changes: = data/CVE/list = @@ -26605,7 +26605,14 @@ CVE-2019-5060 (An exploitable code execution vulnerability exists in the XPM ima CVE-2019-5059 (An exploitable code execution vulnerability exists in the XPM image re ...) TODO: check CVE-2019-5058 (An exploitable code execution vulnerability exists in the XCF image re ...) - TODO: check + - libsdl2-image 2.0.5+dfsg1-1 (bug #932754) + [buster] - libsdl2-image (Minor issue) + [stretch] - libsdl2-image (Minor issue) + - sdl-image1.2 (bug #932755) + [buster] - sdl-image1.2 (Minor issue) + [stretch] - sdl-image1.2 (Minor issue) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0842 + NOTE: https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10 CVE-2019-5057 (An exploitable code execution vulnerability exists in the PCX image-re ...) - libsdl2-image 2.0.5+dfsg1-1 (bug #932754) [buster] - libsdl2-image (Minor issue) = data/next-oldstable-point-update.txt = @@ -125,5 +125,7 @@ CVE-2019-1 [stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2 CVE-2019-5057 [stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2 +CVE-2019-5058 + [stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2 CVE-2019-14275 [stretch] - fig2dev 1:3.2.6a-2+deb9u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf9e828b52341ca41ffd6ba12437023ef24bbd77 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf9e828b52341ca41ffd6ba12437023ef24bbd77 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-5057/SDL_image
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ff307347 by Salvatore Bonaccorso at 2019-08-04T18:59:20Z Add CVE-2019-5057/SDL_image - - - - - 3 changed files: - data/CVE/list - data/next-oldstable-point-update.txt - data/next-point-update.txt Changes: = data/CVE/list = @@ -26607,7 +26607,14 @@ CVE-2019-5059 (An exploitable code execution vulnerability exists in the XPM ima CVE-2019-5058 (An exploitable code execution vulnerability exists in the XCF image re ...) TODO: check CVE-2019-5057 (An exploitable code execution vulnerability exists in the PCX image-re ...) - TODO: check + - libsdl2-image 2.0.5+dfsg1-1 (bug #932754) + [buster] - libsdl2-image (Minor issue) + [stretch] - libsdl2-image (Minor issue) + - sdl-image1.2 (bug #932755) + [buster] - sdl-image1.2 (Minor issue) + [stretch] - sdl-image1.2 (Minor issue) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0841 + NOTE: https://hg.libsdl.org/SDL_image/rev/7453e79c8cdb CVE-2019-5056 RESERVED CVE-2019-5055 = data/next-oldstable-point-update.txt = @@ -123,5 +123,7 @@ CVE-2019-12221 [stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2 CVE-2019-1 [stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2 +CVE-2019-5057 + [stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2 CVE-2019-14275 [stretch] - fig2dev 1:3.2.6a-2+deb9u2 = data/next-point-update.txt = @@ -28,5 +28,7 @@ CVE-2019-12221 [buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1 CVE-2019-1 [buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1 +CVE-2019-5057 + [buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1 CVE-2019-14275 [buster] - fig2dev 1:3.2.7a-5+deb10u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff3073477f77c6fa65b2d779380c7992badb2e30 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff3073477f77c6fa65b2d779380c7992badb2e30 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] proftpd DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0595243d by Moritz Muehlenhoff at 2019-08-04T18:35:18Z proftpd DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,7 @@ +[04 Aug 2019] DSA-4491-1 proftpd-dfsg - security update + {CVE-2019-12815} + [stretch] - proftpd-dfsg 1.3.5b-4+deb9u1 + [buster] - proftpd-dfsg 1.3.6-4+deb10u1 [01 Aug 2019] DSA-4490-1 subversion - security update {CVE-2018-11782 CVE-2019-0203} [stretch] - subversion 1.9.5-1+deb9u4 = data/dsa-needed.txt = @@ -52,8 +52,6 @@ openjdk-11/stable (jmm) -- poppler (jmm) -- -proftpd-dfsg --- python2.7 (jmm) -- python3.5 (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0595243d70d671615a3628761ef96ef821dcd442 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0595243d70d671615a3628761ef96ef821dcd442 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-1010238/pango1.0 via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 14b4cb35 by Salvatore Bonaccorso at 2019-08-04T17:08:58Z Add fixed version for CVE-2019-1010238/pango1.0 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13868,7 +13868,7 @@ CVE-2019-1010239 (DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check fo NOTE: https://github.com/DaveGamble/cJSON/commit/be749d7efa7c9021da746e685bd6dec79f9dd99b NOTE: https://github.com/DaveGamble/cJSON/issues/315 CVE-2019-1010238 (Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact ...) - - pango1.0 (bug #933860) + - pango1.0 1.42.4-7 (bug #933860) NOTE: https://gitlab.gnome.org/GNOME/pango/issues/342 (not public) NOTE: https://gitlab.gnome.org/GNOME/pango/commit/490f8979a260c16b1df055eab386345da18a2d54 (1.44) CVE-2019-1010237 (Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/14b4cb35424d56996c1e067a40fd124b277dda0a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/14b4cb35424d56996c1e067a40fd124b277dda0a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-5020/yara
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 58de1b06 by Salvatore Bonaccorso at 2019-08-04T14:24:17Z Add CVE-2019-5020/yara - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26697,7 +26697,11 @@ CVE-2019-5022 CVE-2019-5021 (Versions of the Official Alpine Linux Docker images (since v3.3) conta ...) NOT-FOR-US: Official Alpine Linux Docker images CVE-2019-5020 (An exploitable denial of service vulnerability exists in the object lo ...) - TODO: check + - yara 3.9.0-1 + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0781 + NOTE: https://github.com/VirusTotal/yara/issues/1023 + NOTE: https://github.com/VirusTotal/yara/commit/1ecb0e66431bf5c5b4c2fdf622be969eb5f4a7cc + NOTE: https://github.com/VirusTotal/yara/commit/a3784d3855029bd0ad24071e72746cc0c31b8cba CVE-2019-5019 (A heap-based overflow vulnerability exists in the PowerPoint document ...) NOT-FOR-US: Rainbow PDF Office Server Document Converter CVE-2019-5018 (An exploitable use after free vulnerability exists in the window funct ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/58de1b063ddf6955414bc4bfdd458d4813dd6ff3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/58de1b063ddf6955414bc4bfdd458d4813dd6ff3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Remove one TODO item
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ebd653b3 by Salvatore Bonaccorso at 2019-08-04T14:09:12Z Remove one TODO item - - - - - 3b64e5be by Salvatore Bonaccorso at 2019-08-04T14:12:14Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13871,7 +13871,6 @@ CVE-2019-1010238 (Gnome Pango 1.42 and later is affected by: Buffer Overflow. Th - pango1.0 (bug #933860) NOTE: https://gitlab.gnome.org/GNOME/pango/issues/342 (not public) NOTE: https://gitlab.gnome.org/GNOME/pango/commit/490f8979a260c16b1df055eab386345da18a2d54 (1.44) - TODO: check CVE-2019-1010237 (Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site ...) NOT-FOR-US: ILIAS CVE-2019-1010236 @@ -25656,7 +25655,7 @@ CVE-2019-5503 CVE-2019-5502 RESERVED CVE-2019-5501 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose ...) - TODO: check + NOT-FOR-US: Data ONTAP CVE-2019-5500 RESERVED CVE-2019-5499 @@ -25672,7 +25671,7 @@ CVE-2019-5495 (OnCommand Unified Manager for VMware vSphere, Linux and Windows p CVE-2019-5494 (OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped withou ...) NOT-FOR-US: OnCommand Unified Manager 7-Mode / Netapp CVE-2019-5493 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptib ...) - TODO: check + NOT-FOR-US: Data ONTAP CVE-2019-5492 (Element Plug-in for vCenter Server versions prior to 4.2.3 may disclos ...) NOT-FOR-US: NetApp HCI Compute Node CVE-2019-5491 (Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 a ...) @@ -28853,11 +28852,11 @@ CVE-2019-3962 (Content Injection vulnerability in Tenable Nessus prior to 8.5.0 CVE-2019-3961 (Nessus versions 8.4.0 and earlier were found to contain a reflected XS ...) NOT-FOR-US: Nessus CVE-2019-3960 (Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 al ...) - TODO: check + NOT-FOR-US: WallacePOS CVE-2019-3959 (Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacke ...) - TODO: check + NOT-FOR-US: WallacePOS CVE-2019-3958 (Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, ...) - TODO: check + NOT-FOR-US: WallacePOS CVE-2019-3957 (Dameware Remote Mini Control version 12.1.0.34 and prior contains an u ...) NOT-FOR-US: Dameware Remote Mini Control CVE-2019-3956 (Dameware Remote Mini Control version 12.1.0.34 and prior contains an u ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b3ba94426eb2bbb8b648bd0c7c129ec527c8b2e7...3b64e5bede04ed8bca95905d65c533a288cf0c20 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b3ba94426eb2bbb8b648bd0c7c129ec527c8b2e7...3b64e5bede04ed8bca95905d65c533a288cf0c20 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add four issues in GnuCOBOL for tracking
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b3ba9442 by Salvatore Bonaccorso at 2019-08-04T14:04:37Z Add four issues in GnuCOBOL for tracking - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -228,7 +228,8 @@ CVE-2019-14543 CVE-2019-14542 RESERVED CVE-2019-14541 (GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id ...) - TODO: check + - gnucobol + NOTE: https://sourceforge.net/p/open-cobol/bugs/584/ CVE-2019-14540 RESERVED CVE-2019-14539 @@ -260,7 +261,8 @@ CVE-2019-14530 CVE-2019-14529 (OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/s ...) NOT-FOR-US: OpenEMR CVE-2019-14528 (GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/ ...) - TODO: check + - gnucobol + NOTE: https://sourceforge.net/p/open-cobol/bugs/583/ CVE-2019-14527 RESERVED CVE-2019-14526 @@ -352,7 +354,8 @@ CVE-2019-14488 CVE-2019-14487 RESERVED CVE-2019-14486 (GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c ...) - TODO: check + - gnucobol + NOTE: https://sourceforge.net/p/open-cobol/bugs/582/ CVE-2019-14485 RESERVED CVE-2019-14484 @@ -388,7 +391,8 @@ CVE-2019-14470 CVE-2019-14469 RESERVED CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via c ...) - TODO: check + - gnucobol + NOTE: https://sourceforge.net/p/open-cobol/bugs/581/ CVE-2019-14467 RESERVED CVE-2019-14466 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3ba94426eb2bbb8b648bd0c7c129ec527c8b2e7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3ba94426eb2bbb8b648bd0c7c129ec527c8b2e7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-1010238/pango1.0
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c65d30de by Salvatore Bonaccorso at 2019-08-04T13:58:02Z Add Debian bug reference for CVE-2019-1010238/pango1.0 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13864,7 +13864,7 @@ CVE-2019-1010239 (DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check fo NOTE: https://github.com/DaveGamble/cJSON/commit/be749d7efa7c9021da746e685bd6dec79f9dd99b NOTE: https://github.com/DaveGamble/cJSON/issues/315 CVE-2019-1010238 (Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact ...) - - pango1.0 + - pango1.0 (bug #933860) NOTE: https://gitlab.gnome.org/GNOME/pango/issues/342 (not public) NOTE: https://gitlab.gnome.org/GNOME/pango/commit/490f8979a260c16b1df055eab386345da18a2d54 (1.44) TODO: check View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c65d30de5afbd8b2958c2b3a9b4a624ab26f2ec6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c65d30de5afbd8b2958c2b3a9b4a624ab26f2ec6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-1010238/pango1.0
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e0b51823 by Salvatore Bonaccorso at 2019-08-04T13:51:38Z Add CVE-2019-1010238/pango1.0 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13864,6 +13864,9 @@ CVE-2019-1010239 (DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check fo NOTE: https://github.com/DaveGamble/cJSON/commit/be749d7efa7c9021da746e685bd6dec79f9dd99b NOTE: https://github.com/DaveGamble/cJSON/issues/315 CVE-2019-1010238 (Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact ...) + - pango1.0 + NOTE: https://gitlab.gnome.org/GNOME/pango/issues/342 (not public) + NOTE: https://gitlab.gnome.org/GNOME/pango/commit/490f8979a260c16b1df055eab386345da18a2d54 (1.44) TODO: check CVE-2019-1010237 (Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site ...) NOT-FOR-US: ILIAS View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0b5182370d26c53eb0c503d1b4fb4e84cb625e8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0b5182370d26c53eb0c503d1b4fb4e84cb625e8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-14271/docker.io
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cba37e70 by Salvatore Bonaccorso at 2019-08-04T12:16:06Z Add CVE-2019-14271/docker.io - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1511,7 +1511,11 @@ CVE-2019-14273 CVE-2019-14272 RESERVED CVE-2019-14271 (In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka ...) - TODO: check + - docker.io + NOTE: https://github.com/moby/moby/issues/39449 + NOTE: https://github.com/moby/moby/pull/39612 (19.03.x) + NOTE: Fix needs to be backported to 18.09 as well: + NOTE: https://github.com/docker/engine/pull/305 (18.09.x) CVE-2019-14270 (Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6 ...) NOT-FOR-US: Comodo Antivirus CVE-2019-14269 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cba37e705f7b47749b659a0d3422dacbefde9c04 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cba37e705f7b47749b659a0d3422dacbefde9c04 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-0222,activemq: Fixed in unstable
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 73542441 by Markus Koschany at 2019-08-04T10:42:42Z CVE-2019-0222,activemq: Fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -41012,7 +41012,7 @@ CVE-2019-0223 (While investigating bug PROTON-2014, we discovered that under som NOTE: not present in the jessie version. That part do not seem to be essential for NOTE: the package to be vulnerable. CVE-2019-0222 (In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame ca ...) - - activemq (bug #925964) + - activemq 5.15.9-1 (bug #925964) [buster] - activemq (Minor issue) [stretch] - activemq (Minor issue) [jessie] - activemq (MQTT support not enabled) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/73542441ad8c6da7d8a82dc33d7cc1014f3d69c4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/73542441ad8c6da7d8a82dc33d7cc1014f3d69c4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-5460/vlc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2b5afde4 by Salvatore Bonaccorso at 2019-08-04T08:45:06Z Add CVE-2019-5460/vlc - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: = data/CVE/list = @@ -25757,7 +25757,8 @@ CVE-2019-5461 [GitHub Integration SSRF] - gitlab (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5460 (Double Free in VLC versions = 3.0.6 leads to a crash. ...) - TODO: check + - vlc 3.0.7-1 + NOTE: https://hackerone.com/reports/503208 CVE-2019-5459 (An Integer underflow in VLC Media Player versions 3.0.7 leads to ...) - vlc 3.0.7-1 NOTE: https://hackerone.com/reports/502816 = data/DSA/list = @@ -106,7 +106,7 @@ {CVE-2019-11358 CVE-2019-12466 CVE-2019-12467 CVE-2019-12468 CVE-2019-12469 CVE-2019-12470 CVE-2019-12471 CVE-2019-12472 CVE-2019-12473 CVE-2019-12474} [stretch] - mediawiki 1:1.27.7-1~deb9u1 [12 Jun 2019] DSA-4459-1 vlc - security update - {CVE-2019-5439 CVE-2019-5459 CVE-2019-12874} + {CVE-2019-5439 CVE-2019-5459 CVE-2019-5460 CVE-2019-12874} [stretch] - vlc 3.0.7-0+deb9u1 [08 Jun 2019] DSA-4458-1 cyrus-imapd - security update {CVE-2019-11356} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2b5afde4bda1a7288499b60cf0dcb291cd43748e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2b5afde4bda1a7288499b60cf0dcb291cd43748e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-5459/vlc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 51b34b24 by Salvatore Bonaccorso at 2019-08-04T08:43:39Z Add CVE-2019-5459/vlc - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: = data/CVE/list = @@ -25759,7 +25759,8 @@ CVE-2019-5461 [GitHub Integration SSRF] CVE-2019-5460 (Double Free in VLC versions = 3.0.6 leads to a crash. ...) TODO: check CVE-2019-5459 (An Integer underflow in VLC Media Player versions 3.0.7 leads to ...) - TODO: check + - vlc 3.0.7-1 + NOTE: https://hackerone.com/reports/502816 CVE-2019-5458 (Cross-site scripting (XSS) vulnerability in http-file-server (all vers ...) TODO: check CVE-2019-5457 (Cross-site scripting (XSS) vulnerability in min-http-server (all versi ...) = data/DSA/list = @@ -106,7 +106,7 @@ {CVE-2019-11358 CVE-2019-12466 CVE-2019-12467 CVE-2019-12468 CVE-2019-12469 CVE-2019-12470 CVE-2019-12471 CVE-2019-12472 CVE-2019-12473 CVE-2019-12474} [stretch] - mediawiki 1:1.27.7-1~deb9u1 [12 Jun 2019] DSA-4459-1 vlc - security update - {CVE-2019-5439 CVE-2019-12874} + {CVE-2019-5439 CVE-2019-5459 CVE-2019-12874} [stretch] - vlc 3.0.7-0+deb9u1 [08 Jun 2019] DSA-4458-1 cyrus-imapd - security update {CVE-2019-11356} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/51b34b244e9dbabc5f55333406c8a6bd7cfad056 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/51b34b244e9dbabc5f55333406c8a6bd7cfad056 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-13568/cimg
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f30d7961 by Salvatore Bonaccorso at 2019-08-04T08:22:02Z Add CVE-2019-13568/cimg - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4073,7 +4073,8 @@ CVE-2019-13570 (The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Inj CVE-2019-13569 (A SQL injection vulnerability exists in the Icegram Email Subscribers ...) NOT-FOR-US: Icegram Email Subscribers & Newsletters plugin for WordPress CVE-2019-13568 (CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CI ...) - TODO: check + - cimg + NOTE: https://github.com/dtschump/CImg/commit/ac8003393569aba51048c9d67e1491559877b1d1 CVE-2019-13567 (The Zoom Client before 4.4.53932.0709 on macOS allows remote code exec ...) NOT-FOR-US: Zoom CVE-2019-13566 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f30d7961985df308f010c65a74479a296054b4b6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f30d7961985df308f010c65a74479a296054b4b6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c1a8dde5 by Salvatore Bonaccorso at 2019-08-04T08:21:22Z Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2842,7 +2842,7 @@ CVE-2019-13657 CVE-2019-13656 RESERVED CVE-2019-13655 (Imgix through 2019-06-19 allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Imgix CVE-2019-13654 RESERVED CVE-2019-13653 @@ -25766,17 +25766,17 @@ CVE-2019-5457 (Cross-site scripting (XSS) vulnerability in min-http-server (all CVE-2019-5456 (SMTP MITM refers to a malicious actor setting up an SMTP proxy server ...) TODO: check CVE-2019-5455 (Bypassing lock protection exists in Nextcloud Android app 3.6.0 when c ...) - TODO: check + NOT-FOR-US: Nextcloud Android app CVE-2019-5454 (SQL Injection in the Nextcloud Android app prior to version 3.0.0 allo ...) - TODO: check + NOT-FOR-US: Nextcloud Android app CVE-2019-5453 (Bypass lock protection in the Nextcloud Android app prior to version 3 ...) - TODO: check + NOT-FOR-US: Nextcloud Android app CVE-2019-5452 (Bypass lock protection in the Nextcloud Android app prior to version 3 ...) - TODO: check + NOT-FOR-US: Nextcloud Android app CVE-2019-5451 (Bypass lock protection in the Nextcloud Android app prior to version 3 ...) - TODO: check + NOT-FOR-US: Nextcloud Android app CVE-2019-5450 (Improper sanitization of HTML in directory names in the Nextcloud Andr ...) - TODO: check + NOT-FOR-US: Nextcloud Android app CVE-2019-5449 (A missing check in the Nextcloud Server prior to version 15.0.1 causes ...) TODO: check CVE-2019-5448 (Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Da ...) @@ -35753,7 +35753,7 @@ CVE-2019-1903 (A vulnerability in Cisco Security Manager could allow an unauthen CVE-2019-1902 RESERVED CVE-2019-1901 (A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-1900 RESERVED CVE-2019-1899 (A vulnerability in the web interface of Cisco RV110W, RV130W, and RV21 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c1a8dde5277942adae4698e8d0485e7203c9f9a2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c1a8dde5277942adae4698e8d0485e7203c9f9a2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Add note re subversion.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 9bc0cbc2 by Chris Lamb at 2019-08-04T08:13:52Z data/dla-needed.txt: Add note re subversion. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -118,6 +118,7 @@ sqlite3 NOTE: 20190617: https://people.debian.org/~mejo/debian/jessie-security/sqlite3_3.8.7.1-1+deb8u5.dsc -- subversion + NOTE: 20190804: For (at least) CVE-2018-11782 the svn_err_trace that is in the diff has not been added yet. (lamby) -- tomcat8 NOTE: 20190522: FTBFS View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9bc0cbc2daef46aa51ba5f5d466f82103ddab7d6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9bc0cbc2daef46aa51ba5f5d466f82103ddab7d6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits