[Git][security-tracker-team/security-tracker][master] CVE-2019-100{88, 93}/tika: jessie not affected
Hugo Lefeuvre pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
878a6590 by Hugo Lefeuvre at 2019-08-13T06:24:00Z
CVE-2019-100{88, 93}/tika: jessie not affected
RecursiveParserWrapper was introduced in 1.7, so jessie is clearly not
affected.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -14122,6 +14122,7 @@ CVE-2019-10095
RESERVED
CVE-2019-10094 (A carefully crafted package/compressed file that, when
unzipped/uncomp ...)
- tika 1.22-1 (bug #933746)
+ [jessie] - tika (Vulnerable feature introduced in 1.7)
NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/4
NOTE:
https://github.com/apache/tika/commit/c4e63c9be8665cccea8b680c59a6f5cfbc03e0fc
CVE-2019-10093 (In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or
2006ml file ...)
@@ -14138,6 +14139,7 @@ CVE-2019-10089
RESERVED
CVE-2019-10088 (A carefully crafted or corrupt zip file can cause an OOM in
Apache Tik ...)
- tika 1.22-1 (bug #933744)
+ [jessie] - tika (Vulnerable feature introduced in 1.7)
NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/2
NOTE:
https://github.com/apache/tika/commit/426be73b9e7500fa3d441231fa4e473de34743f6
CVE-2019-10087
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/878a65903e294a59607d9505c313428c260dcbb8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/878a65903e294a59607d9505c313428c260dcbb8
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new CVE-2019-1494{2,3,4}/chromium
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
370ca2e1 by Salvatore Bonaccorso at 2019-08-13T05:25:32Z
Add new CVE-2019-1494{2,3,4}/chromium
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -58,12 +58,18 @@ CVE-2019-14946 (The ultimate-member plugin before 2.0.52
for WordPress has XSS r
NOT-FOR-US: ultimate-member plugin for WordPress
CVE-2019-14945 (The ultimate-member plugin before 2.0.54 for WordPress has
XSS. ...)
NOT-FOR-US: ultimate-member plugin for WordPress
-CVE-2019-14944
+CVE-2019-14944 [Multiple Command-Line Flag Injection Vulnerabilities]
RESERVED
-CVE-2019-14943
+ - gitlab
+ NOTE:
https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/
+CVE-2019-14943 [Insecure Authentication Methods Disabled for Grafana By
Default]
RESERVED
-CVE-2019-14942
+ - gitlab (Only affects GitLab CE/EE 12.0 and later)
+ NOTE:
https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/
+CVE-2019-14942 [Insecure Cookie Handling on GitLab Pages]
RESERVED
+ - gitlab
+ NOTE:
https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/
CVE-2019-14941
RESERVED
CVE-2019-14940 (In Storage Performance Development Kit (SPDK) before 19.07, a
user of ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/370ca2e114a53a4f9c8d484a8cd963663da1cc94
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/370ca2e114a53a4f9c8d484a8cd963663da1cc94
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Correct release date for DSA 4497-1/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
363e5743 by Salvatore Bonaccorso at 2019-08-13T04:19:12Z
Correct release date for DSA 4497-1/linux
- - - - -
1 changed file:
- data/DSA/list
Changes:
=
data/DSA/list
=
@@ -9,7 +9,7 @@
{CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235}
[stretch] - python-django 1:1.10.7-2+deb9u6
[buster] - python-django 1:1.11.23-1~deb10u1
-[11 Aug 2019] DSA-4497-1 linux - security update
+[13 Aug 2019] DSA-4497-1 linux - security update
{CVE-2015-8553 CVE-2018-5995 CVE-2018-20836 CVE-2018-20856
CVE-2019-1125 CVE-2019-3882 CVE-2019-3900 CVE-2019-10207 CVE-2019-10638
CVE-2019-10639 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284}
[stretch] - linux 4.9.168-1+deb9u5
[11 Aug 2019] DSA-4496-1 pango1.0 - security update
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/363e5743f51bdb3cdb5c929a35deb5e26b04fb5b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/363e5743f51bdb3cdb5c929a35deb5e26b04fb5b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fix for XSA-300 which will be included in DSA
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 12e7a6e6 by Salvatore Bonaccorso at 2019-08-13T04:16:41Z Track fix for XSA-300 which will be included in DSA - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5280,6 +5280,7 @@ CVE-2019-13451 NOTE: https://lists.xymon.com/archive/2019-July/046570.html CVE-2019- [No grant table and foreign mapping limits] - linux 5.2.6-1 + [stretch] - linux 4.9.168-1+deb9u5 NOTE: https://xenbits.xen.org/xsa/advisory-300.html CVE-2019-13450 (In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on ma ...) NOT-FOR-US: Zoom Client and RingCentral on MacOS View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/12e7a6e67007dba71d892d9f0fac93919e065f92 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/12e7a6e67007dba71d892d9f0fac93919e065f92 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] chromium dsa
Michael Gilbert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6e560af8 by Michael Gilbert at 2019-08-13T00:30:18Z
chromium dsa
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[12 Aug 2019] DSA-4500-1 chromium - security update
+ {CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809
CVE-2019-5810 CVE-2019-5811 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815
CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822
CVE-2019-5823 CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827
CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832
CVE-2019-5833 CVE-2019-5834 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838
CVE-2019-5839 CVE-2019-5840 CVE-2019-5842 CVE-2019-5847 CVE-2019-5848
CVE-2019-5849 CVE-2019-5850 CVE-2019-5851 CVE-2019-5852 CVE-2019-5853
CVE-2019-5854 CVE-2019-5855 CVE-2019-5856 CVE-2019-5857 CVE-2019-5858
CVE-2019-5859 CVE-2019-5860 CVE-2019-5861 CVE-2019-5862 CVE-2019-5864
CVE-2019-5865 CVE-2019-5867 CVE-2019-5868}
+ [buster] - chromium 76.0.3809.100-1~deb10u1
[12 Aug 2019] DSA-4499-1 ghostscript - security update
{CVE-2019-10216}
[stretch] - ghostscript 9.26a~dfsg-0+deb9u4
=
data/dsa-needed.txt
=
@@ -15,8 +15,6 @@ If needed, specify the release by adding a slash after the
name of the source pa
389-ds-base (fw)
Thorsten Alteholz proposed an update
--
-chromium
---
evince/oldstable
--
faad2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e560af84b83edad907055e7640ded3277f3fccf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e560af84b83edad907055e7640ded3277f3fccf
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-14439,CVE-2019-14379,jackson-databind: Fixed in unstable
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 577aa394 by Markus Koschany at 2019-08-12T23:04:10Z CVE-2019-14439,CVE-2019-14379,jackson-databind: Fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1900,7 +1900,7 @@ CVE-2019-14441 (An issue was discovered in Libav 12.3. An access violation allow CVE-2019-14440 RESERVED CVE-2019-14439 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...) - - jackson-databind (bug #933393) + - jackson-databind 2.9.9.3-1 (bug #933393) NOTE: https://github.com/FasterXML/jackson-databind/issues/2389 NOTE: https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b CVE-2018-20871 (In Univa Grid Engine before 8.6.3, when configured for Docker jobs and ...) @@ -2041,7 +2041,7 @@ CVE-2019-14380 (libopenmpt before 0.4.5 allows a crash during playback due to an [stretch] - libopenmpt (Vulnerable code not present in 0.2 branch) NOTE: https://lib.openmpt.org/libopenmpt/2019/05/27/security-update-0.4.5/ CVE-2019-14379 (SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mis ...) - - jackson-databind (bug #933393) + - jackson-databind 2.9.9.3-1 (bug #933393) NOTE: https://github.com/FasterXML/jackson-databind/issues/2387 NOTE: https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b CVE-2019-14378 (ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overf ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/577aa394e61b1813f72c0cc74320b669e14e8640 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/577aa394e61b1813f72c0cc74320b669e14e8640 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1879-1 for jackson-databind
Roberto C. Sánchez pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
79ac06ae by Roberto C. Sánchez at 2019-08-12T22:07:21Z
Reserve DLA-1879-1 for jackson-databind
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[12 Aug 2019] DLA-1879-1 jackson-databind - security update
+ {CVE-2019-14379 CVE-2019-14439}
+ [jessie] - jackson-databind 2.4.2-2+deb8u8
[12 Aug 2019] DLA-1878-1 php5 - security update
{CVE-2019-11041 CVE-2019-11042}
[jessie] - php5 5.6.40+dfsg-0+deb8u5
=
data/dla-needed.txt
=
@@ -44,8 +44,6 @@ imagemagick (Hugo Lefeuvre)
NOTE: can be shiped along (good patches, low regression risk). triaged the
rest no-dsa.
NOTE: waiting for upstream to answer my questions before proceeding further.
--
-jackson-databind (Roberto C. Sánchez)
---
libav (Mike Gabriel)
NOTE: 20190529: There are currently 19 CVE issues known for libav in jessie,
NOTE: 20190529: 11 tagged as . These issues have been triaged, no
patch
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/79ac06aed3f091043d2cc5a403dd991e7cf07bae
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/79ac06aed3f091043d2cc5a403dd991e7cf07bae
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: claim ghostscript
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: beb8a6e8 by Emilio Pozuelo Monfort at 2019-08-12T21:29:34Z dla: claim ghostscript - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -29,6 +29,8 @@ freeimage -- freetype (Thorsten Alteholz) -- +ghostscript (Emilio) +-- golang-go.crypto NOTE: 20190707: Check that an upload of this will not require reverse build-deps to also be recompiled (see previous golang uploads?). (lamby) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/beb8a6e80de8c6a922fdeb9f370084a4a4121b31 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/beb8a6e80de8c6a922fdeb9f370084a4a4121b31 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1878-1 for php5
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8df72335 by Emilio Pozuelo Monfort at 2019-08-12T21:18:02Z
Reserve DLA-1878-1 for php5
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[12 Aug 2019] DLA-1878-1 php5 - security update
+ {CVE-2019-11041 CVE-2019-11042}
+ [jessie] - php5 5.6.40+dfsg-0+deb8u5
[12 Aug 2019] DLA-1877-1 otrs2 - security update
{CVE-2018-11563 CVE-2019-12746 CVE-2019-13458}
[jessie] - otrs2 3.3.18-1+deb8u11
=
data/dla-needed.txt
=
@@ -88,8 +88,6 @@ openjdk-7 (Markus Koschany)
NOTE: 20190804: The new OpenJDK 7 package needs more testing because this is
NOTE: the first package which we could not simply backport.
--
-php5 (Emilio)
---
python2.7 (Thorsten Alteholz)
NOTE: 20190804: need to check fails with test suite unrelated to this patch
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8df723359cfaffe1da55f9b844962580998aa113
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8df723359cfaffe1da55f9b844962580998aa113
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS/claim jackson-databind
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: d8222b66 by Roberto C. Sánchez at 2019-08-12T21:10:37Z LTS/claim jackson-databind - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -42,7 +42,7 @@ imagemagick (Hugo Lefeuvre) NOTE: can be shiped along (good patches, low regression risk). triaged the rest no-dsa. NOTE: waiting for upstream to answer my questions before proceeding further. -- -jackson-databind +jackson-databind (Roberto C. Sánchez) -- libav (Mike Gabriel) NOTE: 20190529: There are currently 19 CVE issues known for libav in jessie, View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8222b6664716dab080d611ea844061f83d80b0a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8222b6664716dab080d611ea844061f83d80b0a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a0fb4ffa by Salvatore Bonaccorso at 2019-08-12T20:24:43Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,15 +9,15 @@ CVE-2019-14971 CVE-2019-14970 RESERVED CVE-2019-14969 (Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\N ...) - TODO: check + NOT-FOR-US: Netwrix Auditor CVE-2019-14968 (An issue was discovered in imcat 4.9. There is SQL Injection via the i ...) TODO: check CVE-2019-14967 (An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and ...) - TODO: check + NOT-FOR-US: Frappe Framework CVE-2019-14966 (An issue was discovered in Frappe Framework 10 through 12 before 12.0. ...) - TODO: check + NOT-FOR-US: Frappe Framework CVE-2019-14965 (An issue was discovered in Frappe Framework 10 through 12 before 12.0. ...) - TODO: check + NOT-FOR-US: Frappe Framework CVE-2019-14964 RESERVED CVE-2019-14963 @@ -45,19 +45,19 @@ CVE-2019-14953 CVE-2019-14952 RESERVED CVE-2019-14951 (The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Le ...) - TODO: check + NOT-FOR-US: Telenav Scout GPS Link app CVE-2019-14950 (The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS vi ...) - TODO: check + NOT-FOR-US: wp-live-chat-support plugin for WordPress CVE-2019-14949 (The wp-database-backup plugin before 5.1.2 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: wp-database-backup plugin for WordPress CVE-2019-14948 (The woocommerce-product-addon plugin before 18.4 for WordPress has XSS ...) - TODO: check + NOT-FOR-US: woocommerce-product-addon plugin for WordPress CVE-2019-14947 (The ultimate-member plugin before 2.0.52 for WordPress has XSS during ...) - TODO: check + NOT-FOR-US: ultimate-member plugin for WordPress CVE-2019-14946 (The ultimate-member plugin before 2.0.52 for WordPress has XSS related ...) - TODO: check + NOT-FOR-US: ultimate-member plugin for WordPress CVE-2019-14945 (The ultimate-member plugin before 2.0.54 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: ultimate-member plugin for WordPress CVE-2019-14944 RESERVED CVE-2019-14943 @@ -67,7 +67,7 @@ CVE-2019-14942 CVE-2019-14941 RESERVED CVE-2019-14940 (In Storage Performance Development Kit (SPDK) before 19.07, a user of ...) - TODO: check + NOT-FOR-US: Storage Performance Development Kit CVE-2019-14939 (An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for N ...) TODO: check CVE-2019-14938 @@ -77,41 +77,41 @@ CVE-2019-14937 CVE-2019-14936 RESERVED CVE-2019-14935 (3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA% ...) - TODO: check + NOT-FOR-US: 3CX Phone 15 on Windows CVE-2019-14934 (An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_ki ...) TODO: check CVE-2019-14933 (Bagisto 0.1.5 allows CSRF under /admin URIs. ...) TODO: check CVE-2019-14932 (The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 ...) - TODO: check + NOT-FOR-US: Recruitment module in Humanica Humatrix CVE-2018-20966 (The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in t ...) - TODO: check + NOT-FOR-US: woocommerce-jetpack plugin for WordPress CVE-2018-20965 (The ultimate-member plugin before 2.0.4 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: ultimate-member plugin for WordPress CVE-2018-20964 RESERVED CVE-2018-20963 RESERVED CVE-2017-18508 (The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: wp-live-chat-support plugin for WordPress CVE-2017-18507 RESERVED CVE-2017-18506 (The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for Wo ...) - TODO: check + NOT-FOR-US: woocommerce-pdf-invoices-packing-slips plugin for WordPress CVE-2017-18505 (The twitter-plugin plugin before 2.55 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: twitter-plugin plugin for WordPress CVE-2017-18504 (The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF. ...) - TODO: check + NOT-FOR-US: twitter-cards-meta plugin for WordPress CVE-2017-18503 (The twitter-cards-meta plugin before 2.5.0 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: twitter-cards-meta plugin for WordPress CVE-2017-18502 (The subscriber plugin before 1.3.5 for WordPress has multiple XSS issu ...) - TODO: check + NOT-FOR-US: subscriber plugin for WordPress CVE-2017-18501 (The social-login-bws plugin before 0.2 for WordPress has multiple XSS ...) -
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aec6e2ec by security tracker role at 2019-08-12T20:10:24Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,15 +1,63 @@ -CVE-2019-14950 +CVE-2019-14974 RESERVED -CVE-2019-14949 +CVE-2019-14973 RESERVED -CVE-2019-14948 +CVE-2019-14972 RESERVED -CVE-2019-14947 +CVE-2019-14971 RESERVED -CVE-2019-14946 +CVE-2019-14970 RESERVED -CVE-2019-14945 +CVE-2019-14969 (Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\N ...) + TODO: check +CVE-2019-14968 (An issue was discovered in imcat 4.9. There is SQL Injection via the i ...) + TODO: check +CVE-2019-14967 (An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and ...) + TODO: check +CVE-2019-14966 (An issue was discovered in Frappe Framework 10 through 12 before 12.0. ...) + TODO: check +CVE-2019-14965 (An issue was discovered in Frappe Framework 10 through 12 before 12.0. ...) + TODO: check +CVE-2019-14964 + RESERVED +CVE-2019-14963 + RESERVED +CVE-2019-14962 + RESERVED +CVE-2019-14961 + RESERVED +CVE-2019-14960 + RESERVED +CVE-2019-14959 RESERVED +CVE-2019-14958 + RESERVED +CVE-2019-14957 + RESERVED +CVE-2019-14956 + RESERVED +CVE-2019-14955 + RESERVED +CVE-2019-14954 + RESERVED +CVE-2019-14953 + RESERVED +CVE-2019-14952 + RESERVED +CVE-2019-14951 (The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Le ...) + TODO: check +CVE-2019-14950 (The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS vi ...) + TODO: check +CVE-2019-14949 (The wp-database-backup plugin before 5.1.2 for WordPress has XSS. ...) + TODO: check +CVE-2019-14948 (The woocommerce-product-addon plugin before 18.4 for WordPress has XSS ...) + TODO: check +CVE-2019-14947 (The ultimate-member plugin before 2.0.52 for WordPress has XSS during ...) + TODO: check +CVE-2019-14946 (The ultimate-member plugin before 2.0.52 for WordPress has XSS related ...) + TODO: check +CVE-2019-14945 (The ultimate-member plugin before 2.0.54 for WordPress has XSS. ...) + TODO: check CVE-2019-14944 RESERVED CVE-2019-14943 @@ -34,36 +82,36 @@ CVE-2019-14934 (An issue was discovered in PDFResurrect before 0.18. pdf_load_pa TODO: check CVE-2019-14933 (Bagisto 0.1.5 allows CSRF under /admin URIs. ...) TODO: check -CVE-2019-14932 - RESERVED -CVE-2018-20966 - RESERVED -CVE-2018-20965 - RESERVED +CVE-2019-14932 (The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 ...) + TODO: check +CVE-2018-20966 (The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in t ...) + TODO: check +CVE-2018-20965 (The ultimate-member plugin before 2.0.4 for WordPress has XSS. ...) + TODO: check CVE-2018-20964 RESERVED CVE-2018-20963 RESERVED -CVE-2017-18508 - RESERVED +CVE-2017-18508 (The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS. ...) + TODO: check CVE-2017-18507 RESERVED -CVE-2017-18506 - RESERVED -CVE-2017-18505 - RESERVED -CVE-2017-18504 - RESERVED -CVE-2017-18503 - RESERVED -CVE-2017-18502 - RESERVED -CVE-2017-18501 - RESERVED -CVE-2017-18500 - RESERVED -CVE-2017-18499 - RESERVED +CVE-2017-18506 (The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for Wo ...) + TODO: check +CVE-2017-18505 (The twitter-plugin plugin before 2.55 for WordPress has XSS. ...) + TODO: check +CVE-2017-18504 (The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF. ...) + TODO: check +CVE-2017-18503 (The twitter-cards-meta plugin before 2.5.0 for WordPress has XSS. ...) + TODO: check +CVE-2017-18502 (The subscriber plugin before 1.3.5 for WordPress has multiple XSS issu ...) + TODO: check +CVE-2017-18501 (The social-login-bws plugin before 0.2 for WordPress has multiple XSS ...) + TODO: check +CVE-2017-18500 (The social-buttons-pack plugin before 1.1.1 for WordPress has multiple ...) + TODO: check +CVE-2017-18499 (The simple-membership plugin before 3.5.7 for WordPress has XSS. ...) + TODO: check CVE-2017-18498 RESERVED CVE-2017-18497 @@ -88,22 +136,22 @@ CVE-2017-18488 RESERVED CVE-2017-18487 RESERVED -CVE-2016-10879 - RESERVED -CVE-2016-10878 - RESERVED -CVE-2016-10877 - RESERVED -CVE-2016-10876 - RESERVED -CVE-2016-10875 - RESERVED -CVE-2016-10874 - RESERVED -CVE-2016-10873 - RESERVED -CVE-2016-10872 - RESERVED +CVE-2016-10879 (The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS. ...) + TODO: check +CVE-2016-
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for ghostscript DSA
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bf75182b by Salvatore Bonaccorso at 2019-08-12T19:33:47Z
Reserve DSA number for ghostscript DSA
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,7 @@
+[12 Aug 2019] DSA-4499-1 ghostscript - security update
+ {CVE-2019-10216}
+ [stretch] - ghostscript 9.26a~dfsg-0+deb9u4
+ [buster] - ghostscript 9.27~dfsg-2+deb10u1
[12 Aug 2019] DSA-4498-1 python-django - security update
{CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235}
[stretch] - python-django 1:1.10.7-2+deb9u6
=
data/dsa-needed.txt
=
@@ -24,8 +24,6 @@ faad2
--
freeimage
--
-ghostscript (carnil)
---
glusterfs/oldstable
--
graphicsmagick/oldstable
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf75182b2e998b83057d063f986139e96938f270
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf75182b2e998b83057d063f986139e96938f270
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-100{88,93,94}/tika: add commit links
Hugo Lefeuvre pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f3cabd4d by Hugo Lefeuvre at 2019-08-12T17:11:47Z
CVE-2019-100{88,93,94}/tika: add commit links
see https://lists.debian.org/debian-lts/2019/08/msg00018.html
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -14065,9 +14065,11 @@ CVE-2019-10095
CVE-2019-10094 (A carefully crafted package/compressed file that, when
unzipped/uncomp ...)
- tika 1.22-1 (bug #933746)
NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/4
+ NOTE:
https://github.com/apache/tika/commit/c4e63c9be8665cccea8b680c59a6f5cfbc03e0fc
CVE-2019-10093 (In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or
2006ml file ...)
- tika 1.22-1 (bug #933745)
NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/3
+ NOTE:
https://github.com/apache/tika/commit/81c21ab0aac6b3e4102a1a8906c8c7eab6f96dae
CVE-2019-10092
RESERVED
CVE-2019-10091
@@ -14079,6 +14081,7 @@ CVE-2019-10089
CVE-2019-10088 (A carefully crafted or corrupt zip file can cause an OOM in
Apache Tik ...)
- tika 1.22-1 (bug #933744)
NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/2
+ NOTE:
https://github.com/apache/tika/commit/426be73b9e7500fa3d441231fa4e473de34743f6
CVE-2019-10087
RESERVED
CVE-2019-10086
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3cabd4d4270962210cf813022452a3c4c0b67b4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3cabd4d4270962210cf813022452a3c4c0b67b4
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add and take ghostscript in dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2bb91aa5 by Salvatore Bonaccorso at 2019-08-12T13:40:27Z Add and take ghostscript in dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -24,6 +24,8 @@ faad2 -- freeimage -- +ghostscript (carnil) +-- glusterfs/oldstable -- graphicsmagick/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bb91aa5edac59bd8ca4ba23ee990bf1320ca633 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bb91aa5edac59bd8ca4ba23ee990bf1320ca633 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-10216/ghostscript
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a853447 by Salvatore Bonaccorso at 2019-08-12T13:34:54Z Add CVE-2019-10216/ghostscript - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13617,8 +13617,12 @@ CVE-2019-10217 - ansible (bug #934128) NOTE: https://github.com/ansible/ansible/issues/56269 NOTE: https://github.com/ansible/ansible/pull/59427 -CVE-2019-10216 +CVE-2019-10216 [-dSAFER escape via .buildfont1] RESERVED + - ghostscript + NOTE: https://www.openwall.com/lists/oss-security/2019/08/12/4 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701394 + NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19 CVE-2019-10215 RESERVED CVE-2019-10214 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a853447b397f4bcbb1f0be9ad5af532b25aedb1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a853447b397f4bcbb1f0be9ad5af532b25aedb1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add epoch for version of python-django
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8033a631 by Salvatore Bonaccorso at 2019-08-12T10:28:26Z
Add epoch for version of python-django
- - - - -
1 changed file:
- data/DSA/list
Changes:
=
data/DSA/list
=
@@ -1,7 +1,7 @@
[12 Aug 2019] DSA-4498-1 python-django - security update
{CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235}
[stretch] - python-django 1:1.10.7-2+deb9u6
- [buster] - python-django 1.11.23-1~deb10u1
+ [buster] - python-django 1:1.11.23-1~deb10u1
[11 Aug 2019] DSA-4497-1 linux - security update
{CVE-2015-8553 CVE-2018-5995 CVE-2018-20836 CVE-2018-20856
CVE-2019-1125 CVE-2019-3882 CVE-2019-3900 CVE-2019-10207 CVE-2019-10638
CVE-2019-10639 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284}
[stretch] - linux 4.9.168-1+deb9u5
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8033a631abac176648c03a60a6dc37a51ce4c188
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8033a631abac176648c03a60a6dc37a51ce4c188
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: claim php5
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: fa967d55 by Emilio Pozuelo Monfort at 2019-08-12T10:25:33Z dla: claim php5 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -88,6 +88,8 @@ openjdk-7 (Markus Koschany) NOTE: 20190804: The new OpenJDK 7 package needs more testing because this is NOTE: the first package which we could not simply backport. -- +php5 (Emilio) +-- python2.7 (Thorsten Alteholz) NOTE: 20190804: need to check fails with test suite unrelated to this patch -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa967d55b49a9330f111c58e6ab515f6177d47bf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa967d55b49a9330f111c58e6ab515f6177d47bf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA-4498-1 for python-django (CVE-2019-14232, CVE-2019-14233,...
Sebastien Delafond pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
acb2dd63 by Sébastien Delafond at 2019-08-12T08:44:25Z
Reserve DSA-4498-1 for python-django (CVE-2019-14232, CVE-2019-14233,
CVE-2019-14234, CVE-2019-14235)
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,7 @@
+[12 Aug 2019] DSA-4498-1 python-django - security update
+ {CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235}
+ [stretch] - python-django 1:1.10.7-2+deb9u6
+ [buster] - python-django 1.11.23-1~deb10u1
[11 Aug 2019] DSA-4497-1 linux - security update
{CVE-2015-8553 CVE-2018-5995 CVE-2018-20836 CVE-2018-20856
CVE-2019-1125 CVE-2019-3882 CVE-2019-3900 CVE-2019-10207 CVE-2019-10638
CVE-2019-10639 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284}
[stretch] - linux 4.9.168-1+deb9u5
=
data/dsa-needed.txt
=
@@ -47,9 +47,6 @@ python2.7 (jmm)
--
python3.5 (jmm)
--
-python-django (seb)
- 2019-08-07: Chris proposed debdiffs for CVE-2019-1423[2-5]
---
qemu (jmm)
--
simplesamlphp/oldstable
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/acb2dd63bcfdba693a54a66ebfdae3933d651c72
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/acb2dd63bcfdba693a54a66ebfdae3933d651c72
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a9810454 by security tracker role at 2019-08-12T08:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,153 @@
+CVE-2019-14950
+ RESERVED
+CVE-2019-14949
+ RESERVED
+CVE-2019-14948
+ RESERVED
+CVE-2019-14947
+ RESERVED
+CVE-2019-14946
+ RESERVED
+CVE-2019-14945
+ RESERVED
+CVE-2019-14944
+ RESERVED
+CVE-2019-14943
+ RESERVED
+CVE-2019-14942
+ RESERVED
+CVE-2019-14941
+ RESERVED
+CVE-2019-14940 (In Storage Performance Development Kit (SPDK) before 19.07, a
user of ...)
+ TODO: check
+CVE-2019-14939 (An issue was discovered in the mysql (aka mysqljs) module
2.17.1 for N ...)
+ TODO: check
+CVE-2019-14938
+ RESERVED
+CVE-2019-14937
+ RESERVED
+CVE-2019-14936
+ RESERVED
+CVE-2019-14935 (3CX Phone 15 on Windows has insecure permissions on the
"%PROGRAMDATA% ...)
+ TODO: check
+CVE-2019-14934 (An issue was discovered in PDFResurrect before 0.18.
pdf_load_pages_ki ...)
+ TODO: check
+CVE-2019-14933 (Bagisto 0.1.5 allows CSRF under /admin URIs. ...)
+ TODO: check
+CVE-2019-14932
+ RESERVED
+CVE-2018-20966
+ RESERVED
+CVE-2018-20965
+ RESERVED
+CVE-2018-20964
+ RESERVED
+CVE-2018-20963
+ RESERVED
+CVE-2017-18508
+ RESERVED
+CVE-2017-18507
+ RESERVED
+CVE-2017-18506
+ RESERVED
+CVE-2017-18505
+ RESERVED
+CVE-2017-18504
+ RESERVED
+CVE-2017-18503
+ RESERVED
+CVE-2017-18502
+ RESERVED
+CVE-2017-18501
+ RESERVED
+CVE-2017-18500
+ RESERVED
+CVE-2017-18499
+ RESERVED
+CVE-2017-18498
+ RESERVED
+CVE-2017-18497
+ RESERVED
+CVE-2017-18496
+ RESERVED
+CVE-2017-18495
+ RESERVED
+CVE-2017-18494
+ RESERVED
+CVE-2017-18493
+ RESERVED
+CVE-2017-18492
+ RESERVED
+CVE-2017-18491
+ RESERVED
+CVE-2017-18490
+ RESERVED
+CVE-2017-18489
+ RESERVED
+CVE-2017-18488
+ RESERVED
+CVE-2017-18487
+ RESERVED
+CVE-2016-10879
+ RESERVED
+CVE-2016-10878
+ RESERVED
+CVE-2016-10877
+ RESERVED
+CVE-2016-10876
+ RESERVED
+CVE-2016-10875
+ RESERVED
+CVE-2016-10874
+ RESERVED
+CVE-2016-10873
+ RESERVED
+CVE-2016-10872
+ RESERVED
+CVE-2016-10871
+ RESERVED
+CVE-2016-10870
+ RESERVED
+CVE-2016-10869
+ RESERVED
+CVE-2016-10868
+ RESERVED
+CVE-2016-10867
+ RESERVED
+CVE-2016-10866
+ RESERVED
+CVE-2015-9306
+ RESERVED
+CVE-2015-9305
+ RESERVED
+CVE-2015-9304
+ RESERVED
+CVE-2015-9303
+ RESERVED
+CVE-2015-9302
+ RESERVED
+CVE-2015-9301
+ RESERVED
+CVE-2015-9300
+ RESERVED
+CVE-2015-9299
+ RESERVED
+CVE-2015-9298
+ RESERVED
+CVE-2015-9297
+ RESERVED
+CVE-2015-9296
+ RESERVED
+CVE-2015-9295
+ RESERVED
+CVE-2015-9294
+ RESERVED
+CVE-2015-9293
+ RESERVED
+CVE-2013-7475
+ RESERVED
+CVE-2012-6713
+ RESERVED
CVE-2019-14931
RESERVED
CVE-2019-14930
@@ -2120,11 +2270,11 @@ CVE-2015-9288 (The Unity Web Player plugin before
4.6.6f2 and 5.x before 5.0.3f2
CVE-2019-133
REJECTED
CVE-2019-14284 (In the Linux kernel before 5.2.3, drivers/block/floppy.c
allows a deni ...)
- {DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1}
- linux 5.2.6-1
NOTE: Fixed by:
https://git.kernel.org/linus/f3554aeb991214cbfafd17d55e2bfddb50282e32
CVE-2019-14283 (In the Linux kernel before 5.2.3, set_geometry in
drivers/block/floppy ...)
- {DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1}
- linux 5.2.6-1
NOTE: Fixed by:
https://git.kernel.org/linus/da99466ac243f15fbba65bd261bfc75ffa1532b6
CVE-2019-1020019 (invenio-previewer before 1.0.0a12 allows XSS. ...)
@@ -3553,10 +3703,11 @@ CVE-2019-13650
CVE-2019-13649
RESERVED
CVE-2019-13648 (In the Linux kernel through 5.2.1 on the powerpc platform,
when hardwa ...)
- {DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1}
- linux 5.2.6-1
NOTE: https://patchwork.ozlabs.org/patch/1133904/
CVE-2018-20856 (An issue was discovered in the Linux kernel before 4.18.7. In
block/bl ...)
+ {DSA-4497-1}
- linux 4.18.8-1
[jessie] - linux (Vulnerability introduced later)
NOTE: Fixed by:
https://git.kernel.org/linus/54648cf1ec2d7f4b6a71767799c45676a138ca24
@@ -3613,7 +3764,7 @@ CVE-2019-13633
CVE-2019-13632
RESERVED
CVE-2019-13631 (In parse_hid_report_descriptor in drivers/input/tablet/gtco.c
in the L ...)
- {DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1}
- linux 5.2.6-1
NOTE: https://patchwork.kernel.org/patch/11040813/
CVE-2019-13630
@@ -5033,6 +5184,7 @@ CVE-2019-13459
RESERVED
CVE-2019-13458
RESERVED
+ {DLA-1877-1}
[Git][security-tracker-team/security-tracker][master] Details of ruby-openid security vulnerability published
Brian May pushed to branch master at Debian Security Tracker / security-tracker Commits: 4192bab2 by Brian May at 2019-08-12T07:34:16Z Details of ruby-openid security vulnerability published "the source of the weakness can be traced back to the Final OpenID 2.0 spec" As such, am concerned this could affect other openid 2.0 implementations. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -11466,7 +11466,7 @@ CVE-2015-9284 (The request phase of the OmniAuth Ruby gem is vulnerable to Cross CVE-2019-11027 (Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable ...) - ruby-openid (bug #930388) NOTE: https://github.com/openid/ruby-openid/issues/122 - NOTE: Even upstream doesn't know what this is about at this point + NOTE: https://github.com/openid/ruby-openid/issues/122#issuecomment-520304211 CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infini ...) - poppler (low; bug #926721) [buster] - poppler (Minor issue) = data/dla-needed.txt = @@ -110,6 +110,7 @@ ruby-openid NOTE: 20190705: Pinged bug (lamby) NOTE: 20190710: I'm at a loss to how to continue persuing this issue (see https://github.com/openid/ruby-openid/issues/122) so returning to the pool. (lamby) NOTE: 20190726: Still unknown how to fix (see aforementioned github issue) (lamby) + NOTE: 20190812: Details: https://github.com/openid/ruby-openid/issues/122#issuecomment-520304211 -- slurm-llnl -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4192bab22beef21fa48e16c0897aea4bbda75885 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4192bab22beef21fa48e16c0897aea4bbda75885 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Consider clamav still as unfixed for #934359
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0768b364 by Salvatore Bonaccorso at 2019-08-12T07:09:05Z Consider clamav still as unfixed for #934359 The applied change 0.101.2+dfsg-3 is still incomplete. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -321,11 +321,12 @@ CVE-2019-14776 CVE-2019-14775 RESERVED CVE-2019- [clamav zip DoS] - - clamav 0.101.2+dfsg-3 (bug #934359) + - clamav (bug #934359) [buster] - clamav (ClamAV is updated via -updates) [stretch] - clamav (ClamAV is updated via -updates) NOTE: https://www.openwall.com/lists/oss-security/2019/08/06/3 NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=12356 + NOTE: Partially adressed already in 0.101.2+dfsg-3 but incomplete. CVE-2019-14774 (The woo-variation-swatches (aka Variation Swatches for WooCommerce) pl ...) NOT-FOR-US: Wordpress plugin CVE-2019-14773 (admin/includes/class.actions.snippet.php in the "Woody ad snippets" pl ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0768b3642e3513ddd477260f9d11a639862dc8ca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0768b3642e3513ddd477260f9d11a639862dc8ca You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
