[Git][security-tracker-team/security-tracker][master] CVE-2019-100{88, 93}/tika: jessie not affected
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker Commits: 878a6590 by Hugo Lefeuvre at 2019-08-13T06:24:00Z CVE-2019-100{88, 93}/tika: jessie not affected RecursiveParserWrapper was introduced in 1.7, so jessie is clearly not affected. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14122,6 +14122,7 @@ CVE-2019-10095 RESERVED CVE-2019-10094 (A carefully crafted package/compressed file that, when unzipped/uncomp ...) - tika 1.22-1 (bug #933746) + [jessie] - tika (Vulnerable feature introduced in 1.7) NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/4 NOTE: https://github.com/apache/tika/commit/c4e63c9be8665cccea8b680c59a6f5cfbc03e0fc CVE-2019-10093 (In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file ...) @@ -14138,6 +14139,7 @@ CVE-2019-10089 RESERVED CVE-2019-10088 (A carefully crafted or corrupt zip file can cause an OOM in Apache Tik ...) - tika 1.22-1 (bug #933744) + [jessie] - tika (Vulnerable feature introduced in 1.7) NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/2 NOTE: https://github.com/apache/tika/commit/426be73b9e7500fa3d441231fa4e473de34743f6 CVE-2019-10087 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/878a65903e294a59607d9505c313428c260dcbb8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/878a65903e294a59607d9505c313428c260dcbb8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new CVE-2019-1494{2,3,4}/chromium
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 370ca2e1 by Salvatore Bonaccorso at 2019-08-13T05:25:32Z Add new CVE-2019-1494{2,3,4}/chromium - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -58,12 +58,18 @@ CVE-2019-14946 (The ultimate-member plugin before 2.0.52 for WordPress has XSS r NOT-FOR-US: ultimate-member plugin for WordPress CVE-2019-14945 (The ultimate-member plugin before 2.0.54 for WordPress has XSS. ...) NOT-FOR-US: ultimate-member plugin for WordPress -CVE-2019-14944 +CVE-2019-14944 [Multiple Command-Line Flag Injection Vulnerabilities] RESERVED -CVE-2019-14943 + - gitlab + NOTE: https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/ +CVE-2019-14943 [Insecure Authentication Methods Disabled for Grafana By Default] RESERVED -CVE-2019-14942 + - gitlab (Only affects GitLab CE/EE 12.0 and later) + NOTE: https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/ +CVE-2019-14942 [Insecure Cookie Handling on GitLab Pages] RESERVED + - gitlab + NOTE: https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/ CVE-2019-14941 RESERVED CVE-2019-14940 (In Storage Performance Development Kit (SPDK) before 19.07, a user of ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/370ca2e114a53a4f9c8d484a8cd963663da1cc94 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/370ca2e114a53a4f9c8d484a8cd963663da1cc94 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Correct release date for DSA 4497-1/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 363e5743 by Salvatore Bonaccorso at 2019-08-13T04:19:12Z Correct release date for DSA 4497-1/linux - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = @@ -9,7 +9,7 @@ {CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235} [stretch] - python-django 1:1.10.7-2+deb9u6 [buster] - python-django 1:1.11.23-1~deb10u1 -[11 Aug 2019] DSA-4497-1 linux - security update +[13 Aug 2019] DSA-4497-1 linux - security update {CVE-2015-8553 CVE-2018-5995 CVE-2018-20836 CVE-2018-20856 CVE-2019-1125 CVE-2019-3882 CVE-2019-3900 CVE-2019-10207 CVE-2019-10638 CVE-2019-10639 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284} [stretch] - linux 4.9.168-1+deb9u5 [11 Aug 2019] DSA-4496-1 pango1.0 - security update View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/363e5743f51bdb3cdb5c929a35deb5e26b04fb5b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/363e5743f51bdb3cdb5c929a35deb5e26b04fb5b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fix for XSA-300 which will be included in DSA
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 12e7a6e6 by Salvatore Bonaccorso at 2019-08-13T04:16:41Z Track fix for XSA-300 which will be included in DSA - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5280,6 +5280,7 @@ CVE-2019-13451 NOTE: https://lists.xymon.com/archive/2019-July/046570.html CVE-2019- [No grant table and foreign mapping limits] - linux 5.2.6-1 + [stretch] - linux 4.9.168-1+deb9u5 NOTE: https://xenbits.xen.org/xsa/advisory-300.html CVE-2019-13450 (In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on ma ...) NOT-FOR-US: Zoom Client and RingCentral on MacOS View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/12e7a6e67007dba71d892d9f0fac93919e065f92 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/12e7a6e67007dba71d892d9f0fac93919e065f92 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] chromium dsa
Michael Gilbert pushed to branch master at Debian Security Tracker / security-tracker Commits: 6e560af8 by Michael Gilbert at 2019-08-13T00:30:18Z chromium dsa - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[12 Aug 2019] DSA-4500-1 chromium - security update + {CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5823 CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5842 CVE-2019-5847 CVE-2019-5848 CVE-2019-5849 CVE-2019-5850 CVE-2019-5851 CVE-2019-5852 CVE-2019-5853 CVE-2019-5854 CVE-2019-5855 CVE-2019-5856 CVE-2019-5857 CVE-2019-5858 CVE-2019-5859 CVE-2019-5860 CVE-2019-5861 CVE-2019-5862 CVE-2019-5864 CVE-2019-5865 CVE-2019-5867 CVE-2019-5868} + [buster] - chromium 76.0.3809.100-1~deb10u1 [12 Aug 2019] DSA-4499-1 ghostscript - security update {CVE-2019-10216} [stretch] - ghostscript 9.26a~dfsg-0+deb9u4 = data/dsa-needed.txt = @@ -15,8 +15,6 @@ If needed, specify the release by adding a slash after the name of the source pa 389-ds-base (fw) Thorsten Alteholz proposed an update -- -chromium --- evince/oldstable -- faad2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e560af84b83edad907055e7640ded3277f3fccf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e560af84b83edad907055e7640ded3277f3fccf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-14439,CVE-2019-14379,jackson-databind: Fixed in unstable
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 577aa394 by Markus Koschany at 2019-08-12T23:04:10Z CVE-2019-14439,CVE-2019-14379,jackson-databind: Fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1900,7 +1900,7 @@ CVE-2019-14441 (An issue was discovered in Libav 12.3. An access violation allow CVE-2019-14440 RESERVED CVE-2019-14439 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...) - - jackson-databind (bug #933393) + - jackson-databind 2.9.9.3-1 (bug #933393) NOTE: https://github.com/FasterXML/jackson-databind/issues/2389 NOTE: https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b CVE-2018-20871 (In Univa Grid Engine before 8.6.3, when configured for Docker jobs and ...) @@ -2041,7 +2041,7 @@ CVE-2019-14380 (libopenmpt before 0.4.5 allows a crash during playback due to an [stretch] - libopenmpt (Vulnerable code not present in 0.2 branch) NOTE: https://lib.openmpt.org/libopenmpt/2019/05/27/security-update-0.4.5/ CVE-2019-14379 (SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mis ...) - - jackson-databind (bug #933393) + - jackson-databind 2.9.9.3-1 (bug #933393) NOTE: https://github.com/FasterXML/jackson-databind/issues/2387 NOTE: https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b CVE-2019-14378 (ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overf ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/577aa394e61b1813f72c0cc74320b669e14e8640 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/577aa394e61b1813f72c0cc74320b669e14e8640 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1879-1 for jackson-databind
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 79ac06ae by Roberto C. Sánchez at 2019-08-12T22:07:21Z Reserve DLA-1879-1 for jackson-databind - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[12 Aug 2019] DLA-1879-1 jackson-databind - security update + {CVE-2019-14379 CVE-2019-14439} + [jessie] - jackson-databind 2.4.2-2+deb8u8 [12 Aug 2019] DLA-1878-1 php5 - security update {CVE-2019-11041 CVE-2019-11042} [jessie] - php5 5.6.40+dfsg-0+deb8u5 = data/dla-needed.txt = @@ -44,8 +44,6 @@ imagemagick (Hugo Lefeuvre) NOTE: can be shiped along (good patches, low regression risk). triaged the rest no-dsa. NOTE: waiting for upstream to answer my questions before proceeding further. -- -jackson-databind (Roberto C. Sánchez) --- libav (Mike Gabriel) NOTE: 20190529: There are currently 19 CVE issues known for libav in jessie, NOTE: 20190529: 11 tagged as . These issues have been triaged, no patch View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/79ac06aed3f091043d2cc5a403dd991e7cf07bae -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/79ac06aed3f091043d2cc5a403dd991e7cf07bae You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: claim ghostscript
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: beb8a6e8 by Emilio Pozuelo Monfort at 2019-08-12T21:29:34Z dla: claim ghostscript - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -29,6 +29,8 @@ freeimage -- freetype (Thorsten Alteholz) -- +ghostscript (Emilio) +-- golang-go.crypto NOTE: 20190707: Check that an upload of this will not require reverse build-deps to also be recompiled (see previous golang uploads?). (lamby) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/beb8a6e80de8c6a922fdeb9f370084a4a4121b31 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/beb8a6e80de8c6a922fdeb9f370084a4a4121b31 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1878-1 for php5
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 8df72335 by Emilio Pozuelo Monfort at 2019-08-12T21:18:02Z Reserve DLA-1878-1 for php5 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[12 Aug 2019] DLA-1878-1 php5 - security update + {CVE-2019-11041 CVE-2019-11042} + [jessie] - php5 5.6.40+dfsg-0+deb8u5 [12 Aug 2019] DLA-1877-1 otrs2 - security update {CVE-2018-11563 CVE-2019-12746 CVE-2019-13458} [jessie] - otrs2 3.3.18-1+deb8u11 = data/dla-needed.txt = @@ -88,8 +88,6 @@ openjdk-7 (Markus Koschany) NOTE: 20190804: The new OpenJDK 7 package needs more testing because this is NOTE: the first package which we could not simply backport. -- -php5 (Emilio) --- python2.7 (Thorsten Alteholz) NOTE: 20190804: need to check fails with test suite unrelated to this patch -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8df723359cfaffe1da55f9b844962580998aa113 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8df723359cfaffe1da55f9b844962580998aa113 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS/claim jackson-databind
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: d8222b66 by Roberto C. Sánchez at 2019-08-12T21:10:37Z LTS/claim jackson-databind - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -42,7 +42,7 @@ imagemagick (Hugo Lefeuvre) NOTE: can be shiped along (good patches, low regression risk). triaged the rest no-dsa. NOTE: waiting for upstream to answer my questions before proceeding further. -- -jackson-databind +jackson-databind (Roberto C. Sánchez) -- libav (Mike Gabriel) NOTE: 20190529: There are currently 19 CVE issues known for libav in jessie, View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8222b6664716dab080d611ea844061f83d80b0a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8222b6664716dab080d611ea844061f83d80b0a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a0fb4ffa by Salvatore Bonaccorso at 2019-08-12T20:24:43Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,15 +9,15 @@ CVE-2019-14971 CVE-2019-14970 RESERVED CVE-2019-14969 (Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\N ...) - TODO: check + NOT-FOR-US: Netwrix Auditor CVE-2019-14968 (An issue was discovered in imcat 4.9. There is SQL Injection via the i ...) TODO: check CVE-2019-14967 (An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and ...) - TODO: check + NOT-FOR-US: Frappe Framework CVE-2019-14966 (An issue was discovered in Frappe Framework 10 through 12 before 12.0. ...) - TODO: check + NOT-FOR-US: Frappe Framework CVE-2019-14965 (An issue was discovered in Frappe Framework 10 through 12 before 12.0. ...) - TODO: check + NOT-FOR-US: Frappe Framework CVE-2019-14964 RESERVED CVE-2019-14963 @@ -45,19 +45,19 @@ CVE-2019-14953 CVE-2019-14952 RESERVED CVE-2019-14951 (The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Le ...) - TODO: check + NOT-FOR-US: Telenav Scout GPS Link app CVE-2019-14950 (The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS vi ...) - TODO: check + NOT-FOR-US: wp-live-chat-support plugin for WordPress CVE-2019-14949 (The wp-database-backup plugin before 5.1.2 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: wp-database-backup plugin for WordPress CVE-2019-14948 (The woocommerce-product-addon plugin before 18.4 for WordPress has XSS ...) - TODO: check + NOT-FOR-US: woocommerce-product-addon plugin for WordPress CVE-2019-14947 (The ultimate-member plugin before 2.0.52 for WordPress has XSS during ...) - TODO: check + NOT-FOR-US: ultimate-member plugin for WordPress CVE-2019-14946 (The ultimate-member plugin before 2.0.52 for WordPress has XSS related ...) - TODO: check + NOT-FOR-US: ultimate-member plugin for WordPress CVE-2019-14945 (The ultimate-member plugin before 2.0.54 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: ultimate-member plugin for WordPress CVE-2019-14944 RESERVED CVE-2019-14943 @@ -67,7 +67,7 @@ CVE-2019-14942 CVE-2019-14941 RESERVED CVE-2019-14940 (In Storage Performance Development Kit (SPDK) before 19.07, a user of ...) - TODO: check + NOT-FOR-US: Storage Performance Development Kit CVE-2019-14939 (An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for N ...) TODO: check CVE-2019-14938 @@ -77,41 +77,41 @@ CVE-2019-14937 CVE-2019-14936 RESERVED CVE-2019-14935 (3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA% ...) - TODO: check + NOT-FOR-US: 3CX Phone 15 on Windows CVE-2019-14934 (An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_ki ...) TODO: check CVE-2019-14933 (Bagisto 0.1.5 allows CSRF under /admin URIs. ...) TODO: check CVE-2019-14932 (The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 ...) - TODO: check + NOT-FOR-US: Recruitment module in Humanica Humatrix CVE-2018-20966 (The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in t ...) - TODO: check + NOT-FOR-US: woocommerce-jetpack plugin for WordPress CVE-2018-20965 (The ultimate-member plugin before 2.0.4 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: ultimate-member plugin for WordPress CVE-2018-20964 RESERVED CVE-2018-20963 RESERVED CVE-2017-18508 (The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: wp-live-chat-support plugin for WordPress CVE-2017-18507 RESERVED CVE-2017-18506 (The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for Wo ...) - TODO: check + NOT-FOR-US: woocommerce-pdf-invoices-packing-slips plugin for WordPress CVE-2017-18505 (The twitter-plugin plugin before 2.55 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: twitter-plugin plugin for WordPress CVE-2017-18504 (The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF. ...) - TODO: check + NOT-FOR-US: twitter-cards-meta plugin for WordPress CVE-2017-18503 (The twitter-cards-meta plugin before 2.5.0 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: twitter-cards-meta plugin for WordPress CVE-2017-18502 (The subscriber plugin before 1.3.5 for WordPress has multiple XSS issu ...) - TODO: check + NOT-FOR-US: subscriber plugin for WordPress CVE-2017-18501 (The social-login-bws plugin before 0.2 for WordPress has multiple XSS ...) -
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aec6e2ec by security tracker role at 2019-08-12T20:10:24Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,15 +1,63 @@ -CVE-2019-14950 +CVE-2019-14974 RESERVED -CVE-2019-14949 +CVE-2019-14973 RESERVED -CVE-2019-14948 +CVE-2019-14972 RESERVED -CVE-2019-14947 +CVE-2019-14971 RESERVED -CVE-2019-14946 +CVE-2019-14970 RESERVED -CVE-2019-14945 +CVE-2019-14969 (Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\N ...) + TODO: check +CVE-2019-14968 (An issue was discovered in imcat 4.9. There is SQL Injection via the i ...) + TODO: check +CVE-2019-14967 (An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and ...) + TODO: check +CVE-2019-14966 (An issue was discovered in Frappe Framework 10 through 12 before 12.0. ...) + TODO: check +CVE-2019-14965 (An issue was discovered in Frappe Framework 10 through 12 before 12.0. ...) + TODO: check +CVE-2019-14964 + RESERVED +CVE-2019-14963 + RESERVED +CVE-2019-14962 + RESERVED +CVE-2019-14961 + RESERVED +CVE-2019-14960 + RESERVED +CVE-2019-14959 RESERVED +CVE-2019-14958 + RESERVED +CVE-2019-14957 + RESERVED +CVE-2019-14956 + RESERVED +CVE-2019-14955 + RESERVED +CVE-2019-14954 + RESERVED +CVE-2019-14953 + RESERVED +CVE-2019-14952 + RESERVED +CVE-2019-14951 (The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Le ...) + TODO: check +CVE-2019-14950 (The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS vi ...) + TODO: check +CVE-2019-14949 (The wp-database-backup plugin before 5.1.2 for WordPress has XSS. ...) + TODO: check +CVE-2019-14948 (The woocommerce-product-addon plugin before 18.4 for WordPress has XSS ...) + TODO: check +CVE-2019-14947 (The ultimate-member plugin before 2.0.52 for WordPress has XSS during ...) + TODO: check +CVE-2019-14946 (The ultimate-member plugin before 2.0.52 for WordPress has XSS related ...) + TODO: check +CVE-2019-14945 (The ultimate-member plugin before 2.0.54 for WordPress has XSS. ...) + TODO: check CVE-2019-14944 RESERVED CVE-2019-14943 @@ -34,36 +82,36 @@ CVE-2019-14934 (An issue was discovered in PDFResurrect before 0.18. pdf_load_pa TODO: check CVE-2019-14933 (Bagisto 0.1.5 allows CSRF under /admin URIs. ...) TODO: check -CVE-2019-14932 - RESERVED -CVE-2018-20966 - RESERVED -CVE-2018-20965 - RESERVED +CVE-2019-14932 (The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 ...) + TODO: check +CVE-2018-20966 (The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in t ...) + TODO: check +CVE-2018-20965 (The ultimate-member plugin before 2.0.4 for WordPress has XSS. ...) + TODO: check CVE-2018-20964 RESERVED CVE-2018-20963 RESERVED -CVE-2017-18508 - RESERVED +CVE-2017-18508 (The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS. ...) + TODO: check CVE-2017-18507 RESERVED -CVE-2017-18506 - RESERVED -CVE-2017-18505 - RESERVED -CVE-2017-18504 - RESERVED -CVE-2017-18503 - RESERVED -CVE-2017-18502 - RESERVED -CVE-2017-18501 - RESERVED -CVE-2017-18500 - RESERVED -CVE-2017-18499 - RESERVED +CVE-2017-18506 (The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for Wo ...) + TODO: check +CVE-2017-18505 (The twitter-plugin plugin before 2.55 for WordPress has XSS. ...) + TODO: check +CVE-2017-18504 (The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF. ...) + TODO: check +CVE-2017-18503 (The twitter-cards-meta plugin before 2.5.0 for WordPress has XSS. ...) + TODO: check +CVE-2017-18502 (The subscriber plugin before 1.3.5 for WordPress has multiple XSS issu ...) + TODO: check +CVE-2017-18501 (The social-login-bws plugin before 0.2 for WordPress has multiple XSS ...) + TODO: check +CVE-2017-18500 (The social-buttons-pack plugin before 1.1.1 for WordPress has multiple ...) + TODO: check +CVE-2017-18499 (The simple-membership plugin before 3.5.7 for WordPress has XSS. ...) + TODO: check CVE-2017-18498 RESERVED CVE-2017-18497 @@ -88,22 +136,22 @@ CVE-2017-18488 RESERVED CVE-2017-18487 RESERVED -CVE-2016-10879 - RESERVED -CVE-2016-10878 - RESERVED -CVE-2016-10877 - RESERVED -CVE-2016-10876 - RESERVED -CVE-2016-10875 - RESERVED -CVE-2016-10874 - RESERVED -CVE-2016-10873 - RESERVED -CVE-2016-10872 - RESERVED +CVE-2016-10879 (The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS. ...) + TODO: check +CVE-2016-
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for ghostscript DSA
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bf75182b by Salvatore Bonaccorso at 2019-08-12T19:33:47Z Reserve DSA number for ghostscript DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,7 @@ +[12 Aug 2019] DSA-4499-1 ghostscript - security update + {CVE-2019-10216} + [stretch] - ghostscript 9.26a~dfsg-0+deb9u4 + [buster] - ghostscript 9.27~dfsg-2+deb10u1 [12 Aug 2019] DSA-4498-1 python-django - security update {CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235} [stretch] - python-django 1:1.10.7-2+deb9u6 = data/dsa-needed.txt = @@ -24,8 +24,6 @@ faad2 -- freeimage -- -ghostscript (carnil) --- glusterfs/oldstable -- graphicsmagick/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf75182b2e998b83057d063f986139e96938f270 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf75182b2e998b83057d063f986139e96938f270 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-100{88,93,94}/tika: add commit links
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker Commits: f3cabd4d by Hugo Lefeuvre at 2019-08-12T17:11:47Z CVE-2019-100{88,93,94}/tika: add commit links see https://lists.debian.org/debian-lts/2019/08/msg00018.html - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14065,9 +14065,11 @@ CVE-2019-10095 CVE-2019-10094 (A carefully crafted package/compressed file that, when unzipped/uncomp ...) - tika 1.22-1 (bug #933746) NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/4 + NOTE: https://github.com/apache/tika/commit/c4e63c9be8665cccea8b680c59a6f5cfbc03e0fc CVE-2019-10093 (In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file ...) - tika 1.22-1 (bug #933745) NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/3 + NOTE: https://github.com/apache/tika/commit/81c21ab0aac6b3e4102a1a8906c8c7eab6f96dae CVE-2019-10092 RESERVED CVE-2019-10091 @@ -14079,6 +14081,7 @@ CVE-2019-10089 CVE-2019-10088 (A carefully crafted or corrupt zip file can cause an OOM in Apache Tik ...) - tika 1.22-1 (bug #933744) NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/2 + NOTE: https://github.com/apache/tika/commit/426be73b9e7500fa3d441231fa4e473de34743f6 CVE-2019-10087 RESERVED CVE-2019-10086 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3cabd4d4270962210cf813022452a3c4c0b67b4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3cabd4d4270962210cf813022452a3c4c0b67b4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add and take ghostscript in dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2bb91aa5 by Salvatore Bonaccorso at 2019-08-12T13:40:27Z Add and take ghostscript in dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -24,6 +24,8 @@ faad2 -- freeimage -- +ghostscript (carnil) +-- glusterfs/oldstable -- graphicsmagick/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bb91aa5edac59bd8ca4ba23ee990bf1320ca633 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bb91aa5edac59bd8ca4ba23ee990bf1320ca633 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-10216/ghostscript
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a853447 by Salvatore Bonaccorso at 2019-08-12T13:34:54Z Add CVE-2019-10216/ghostscript - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13617,8 +13617,12 @@ CVE-2019-10217 - ansible (bug #934128) NOTE: https://github.com/ansible/ansible/issues/56269 NOTE: https://github.com/ansible/ansible/pull/59427 -CVE-2019-10216 +CVE-2019-10216 [-dSAFER escape via .buildfont1] RESERVED + - ghostscript + NOTE: https://www.openwall.com/lists/oss-security/2019/08/12/4 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701394 + NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19 CVE-2019-10215 RESERVED CVE-2019-10214 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a853447b397f4bcbb1f0be9ad5af532b25aedb1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a853447b397f4bcbb1f0be9ad5af532b25aedb1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add epoch for version of python-django
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8033a631 by Salvatore Bonaccorso at 2019-08-12T10:28:26Z Add epoch for version of python-django - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = @@ -1,7 +1,7 @@ [12 Aug 2019] DSA-4498-1 python-django - security update {CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235} [stretch] - python-django 1:1.10.7-2+deb9u6 - [buster] - python-django 1.11.23-1~deb10u1 + [buster] - python-django 1:1.11.23-1~deb10u1 [11 Aug 2019] DSA-4497-1 linux - security update {CVE-2015-8553 CVE-2018-5995 CVE-2018-20836 CVE-2018-20856 CVE-2019-1125 CVE-2019-3882 CVE-2019-3900 CVE-2019-10207 CVE-2019-10638 CVE-2019-10639 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284} [stretch] - linux 4.9.168-1+deb9u5 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8033a631abac176648c03a60a6dc37a51ce4c188 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8033a631abac176648c03a60a6dc37a51ce4c188 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: claim php5
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: fa967d55 by Emilio Pozuelo Monfort at 2019-08-12T10:25:33Z dla: claim php5 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -88,6 +88,8 @@ openjdk-7 (Markus Koschany) NOTE: 20190804: The new OpenJDK 7 package needs more testing because this is NOTE: the first package which we could not simply backport. -- +php5 (Emilio) +-- python2.7 (Thorsten Alteholz) NOTE: 20190804: need to check fails with test suite unrelated to this patch -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa967d55b49a9330f111c58e6ab515f6177d47bf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa967d55b49a9330f111c58e6ab515f6177d47bf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA-4498-1 for python-django (CVE-2019-14232, CVE-2019-14233,...
Sebastien Delafond pushed to branch master at Debian Security Tracker / security-tracker Commits: acb2dd63 by Sébastien Delafond at 2019-08-12T08:44:25Z Reserve DSA-4498-1 for python-django (CVE-2019-14232, CVE-2019-14233, CVE-2019-14234, CVE-2019-14235) - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,7 @@ +[12 Aug 2019] DSA-4498-1 python-django - security update + {CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235} + [stretch] - python-django 1:1.10.7-2+deb9u6 + [buster] - python-django 1.11.23-1~deb10u1 [11 Aug 2019] DSA-4497-1 linux - security update {CVE-2015-8553 CVE-2018-5995 CVE-2018-20836 CVE-2018-20856 CVE-2019-1125 CVE-2019-3882 CVE-2019-3900 CVE-2019-10207 CVE-2019-10638 CVE-2019-10639 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284} [stretch] - linux 4.9.168-1+deb9u5 = data/dsa-needed.txt = @@ -47,9 +47,6 @@ python2.7 (jmm) -- python3.5 (jmm) -- -python-django (seb) - 2019-08-07: Chris proposed debdiffs for CVE-2019-1423[2-5] --- qemu (jmm) -- simplesamlphp/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/acb2dd63bcfdba693a54a66ebfdae3933d651c72 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/acb2dd63bcfdba693a54a66ebfdae3933d651c72 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a9810454 by security tracker role at 2019-08-12T08:10:20Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,153 @@ +CVE-2019-14950 + RESERVED +CVE-2019-14949 + RESERVED +CVE-2019-14948 + RESERVED +CVE-2019-14947 + RESERVED +CVE-2019-14946 + RESERVED +CVE-2019-14945 + RESERVED +CVE-2019-14944 + RESERVED +CVE-2019-14943 + RESERVED +CVE-2019-14942 + RESERVED +CVE-2019-14941 + RESERVED +CVE-2019-14940 (In Storage Performance Development Kit (SPDK) before 19.07, a user of ...) + TODO: check +CVE-2019-14939 (An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for N ...) + TODO: check +CVE-2019-14938 + RESERVED +CVE-2019-14937 + RESERVED +CVE-2019-14936 + RESERVED +CVE-2019-14935 (3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA% ...) + TODO: check +CVE-2019-14934 (An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_ki ...) + TODO: check +CVE-2019-14933 (Bagisto 0.1.5 allows CSRF under /admin URIs. ...) + TODO: check +CVE-2019-14932 + RESERVED +CVE-2018-20966 + RESERVED +CVE-2018-20965 + RESERVED +CVE-2018-20964 + RESERVED +CVE-2018-20963 + RESERVED +CVE-2017-18508 + RESERVED +CVE-2017-18507 + RESERVED +CVE-2017-18506 + RESERVED +CVE-2017-18505 + RESERVED +CVE-2017-18504 + RESERVED +CVE-2017-18503 + RESERVED +CVE-2017-18502 + RESERVED +CVE-2017-18501 + RESERVED +CVE-2017-18500 + RESERVED +CVE-2017-18499 + RESERVED +CVE-2017-18498 + RESERVED +CVE-2017-18497 + RESERVED +CVE-2017-18496 + RESERVED +CVE-2017-18495 + RESERVED +CVE-2017-18494 + RESERVED +CVE-2017-18493 + RESERVED +CVE-2017-18492 + RESERVED +CVE-2017-18491 + RESERVED +CVE-2017-18490 + RESERVED +CVE-2017-18489 + RESERVED +CVE-2017-18488 + RESERVED +CVE-2017-18487 + RESERVED +CVE-2016-10879 + RESERVED +CVE-2016-10878 + RESERVED +CVE-2016-10877 + RESERVED +CVE-2016-10876 + RESERVED +CVE-2016-10875 + RESERVED +CVE-2016-10874 + RESERVED +CVE-2016-10873 + RESERVED +CVE-2016-10872 + RESERVED +CVE-2016-10871 + RESERVED +CVE-2016-10870 + RESERVED +CVE-2016-10869 + RESERVED +CVE-2016-10868 + RESERVED +CVE-2016-10867 + RESERVED +CVE-2016-10866 + RESERVED +CVE-2015-9306 + RESERVED +CVE-2015-9305 + RESERVED +CVE-2015-9304 + RESERVED +CVE-2015-9303 + RESERVED +CVE-2015-9302 + RESERVED +CVE-2015-9301 + RESERVED +CVE-2015-9300 + RESERVED +CVE-2015-9299 + RESERVED +CVE-2015-9298 + RESERVED +CVE-2015-9297 + RESERVED +CVE-2015-9296 + RESERVED +CVE-2015-9295 + RESERVED +CVE-2015-9294 + RESERVED +CVE-2015-9293 + RESERVED +CVE-2013-7475 + RESERVED +CVE-2012-6713 + RESERVED CVE-2019-14931 RESERVED CVE-2019-14930 @@ -2120,11 +2270,11 @@ CVE-2015-9288 (The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 CVE-2019-133 REJECTED CVE-2019-14284 (In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a deni ...) - {DSA-4495-1} + {DSA-4497-1 DSA-4495-1} - linux 5.2.6-1 NOTE: Fixed by: https://git.kernel.org/linus/f3554aeb991214cbfafd17d55e2bfddb50282e32 CVE-2019-14283 (In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy ...) - {DSA-4495-1} + {DSA-4497-1 DSA-4495-1} - linux 5.2.6-1 NOTE: Fixed by: https://git.kernel.org/linus/da99466ac243f15fbba65bd261bfc75ffa1532b6 CVE-2019-1020019 (invenio-previewer before 1.0.0a12 allows XSS. ...) @@ -3553,10 +3703,11 @@ CVE-2019-13650 CVE-2019-13649 RESERVED CVE-2019-13648 (In the Linux kernel through 5.2.1 on the powerpc platform, when hardwa ...) - {DSA-4495-1} + {DSA-4497-1 DSA-4495-1} - linux 5.2.6-1 NOTE: https://patchwork.ozlabs.org/patch/1133904/ CVE-2018-20856 (An issue was discovered in the Linux kernel before 4.18.7. In block/bl ...) + {DSA-4497-1} - linux 4.18.8-1 [jessie] - linux (Vulnerability introduced later) NOTE: Fixed by: https://git.kernel.org/linus/54648cf1ec2d7f4b6a71767799c45676a138ca24 @@ -3613,7 +3764,7 @@ CVE-2019-13633 CVE-2019-13632 RESERVED CVE-2019-13631 (In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the L ...) - {DSA-4495-1} + {DSA-4497-1 DSA-4495-1} - linux 5.2.6-1 NOTE: https://patchwork.kernel.org/patch/11040813/ CVE-2019-13630 @@ -5033,6 +5184,7 @@ CVE-2019-13459 RESERVED CVE-2019-13458 RESERVED + {DLA-1877-1}
[Git][security-tracker-team/security-tracker][master] Details of ruby-openid security vulnerability published
Brian May pushed to branch master at Debian Security Tracker / security-tracker Commits: 4192bab2 by Brian May at 2019-08-12T07:34:16Z Details of ruby-openid security vulnerability published "the source of the weakness can be traced back to the Final OpenID 2.0 spec" As such, am concerned this could affect other openid 2.0 implementations. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -11466,7 +11466,7 @@ CVE-2015-9284 (The request phase of the OmniAuth Ruby gem is vulnerable to Cross CVE-2019-11027 (Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable ...) - ruby-openid (bug #930388) NOTE: https://github.com/openid/ruby-openid/issues/122 - NOTE: Even upstream doesn't know what this is about at this point + NOTE: https://github.com/openid/ruby-openid/issues/122#issuecomment-520304211 CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infini ...) - poppler (low; bug #926721) [buster] - poppler (Minor issue) = data/dla-needed.txt = @@ -110,6 +110,7 @@ ruby-openid NOTE: 20190705: Pinged bug (lamby) NOTE: 20190710: I'm at a loss to how to continue persuing this issue (see https://github.com/openid/ruby-openid/issues/122) so returning to the pool. (lamby) NOTE: 20190726: Still unknown how to fix (see aforementioned github issue) (lamby) + NOTE: 20190812: Details: https://github.com/openid/ruby-openid/issues/122#issuecomment-520304211 -- slurm-llnl -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4192bab22beef21fa48e16c0897aea4bbda75885 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4192bab22beef21fa48e16c0897aea4bbda75885 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Consider clamav still as unfixed for #934359
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0768b364 by Salvatore Bonaccorso at 2019-08-12T07:09:05Z Consider clamav still as unfixed for #934359 The applied change 0.101.2+dfsg-3 is still incomplete. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -321,11 +321,12 @@ CVE-2019-14776 CVE-2019-14775 RESERVED CVE-2019- [clamav zip DoS] - - clamav 0.101.2+dfsg-3 (bug #934359) + - clamav (bug #934359) [buster] - clamav (ClamAV is updated via -updates) [stretch] - clamav (ClamAV is updated via -updates) NOTE: https://www.openwall.com/lists/oss-security/2019/08/06/3 NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=12356 + NOTE: Partially adressed already in 0.101.2+dfsg-3 but incomplete. CVE-2019-14774 (The woo-variation-swatches (aka Variation Swatches for WooCommerce) pl ...) NOT-FOR-US: Wordpress plugin CVE-2019-14773 (admin/includes/class.actions.snippet.php in the "Woody ad snippets" pl ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0768b3642e3513ddd477260f9d11a639862dc8ca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0768b3642e3513ddd477260f9d11a639862dc8ca You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits