[Git][security-tracker-team/security-tracker][master] Add CVE-2019-951{2,4}/golang
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a149b30b by Salvatore Bonaccorso at 2019-08-15T06:35:09Z Add CVE-2019-951{2,4}/golang - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16890,11 +16890,27 @@ CVE-2019-9516 (Some HTTP/2 implementations are vulnerable to a header leak, pote CVE-2019-9515 (Some HTTP/2 implementations are vulnerable to a settings flood, potent ...) TODO: check CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood, potential ...) - TODO: check + - golang-1.13 + - golang-1.12 1.12.8-1 + - golang-1.11 + - golang-1.8 + - golang-1.7 + - golang + NOTE: Issue: https://github.com/golang/go/issues/33606 + NOTE: https://github.com/golang/go/commit/e152b01a468a1c18a290bf9aec52ccea7693c7f2 (golang-1.11) + NOTE: https://github.com/golang/go/commit/7139b45d1410ded14e1e131151fd8dfc435ede6c (golang-1.12) CVE-2019-9513 (Some HTTP/2 implementations are vulnerable to resource loops, potentia ...) TODO: check CVE-2019-9512 (Some HTTP/2 implementations are vulnerable to ping floods, potentially ...) - TODO: check + - golang-1.13 + - golang-1.12 1.12.8-1 + - golang-1.11 + - golang-1.8 + - golang-1.7 + - golang + NOTE: Issue: https://github.com/golang/go/issues/33606 + NOTE: https://github.com/golang/go/commit/e152b01a468a1c18a290bf9aec52ccea7693c7f2 (golang-1.11) + NOTE: https://github.com/golang/go/commit/7139b45d1410ded14e1e131151fd8dfc435ede6c (golang-1.12) CVE-2019-9511 (Some HTTP/2 implementations are vulnerable to window size manipulation ...) TODO: check CVE-2019-9510 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a149b30bf8063bfef7adf780c28fed36817012d2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a149b30bf8063bfef7adf780c28fed36817012d2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add tracking for golang-1.8 and golang-1.7 as well
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 65bcf8e2 by Salvatore Bonaccorso at 2019-08-15T06:33:05Z Add tracking for golang-1.8 and golang-1.7 as well - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -690,6 +690,8 @@ CVE-2019-14809 (net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles - golang-1.13 - golang-1.12 1.12.8-1 - golang-1.11 + - golang-1.8 + - golang-1.7 - golang NOTE: Issue: https://github.com/golang/go/issues/29098 NOTE: https://github.com/golang/go/commit/c1d9ca70995dc232a2145e3214f94e03409f6fcc (golang-1.11) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65bcf8e2914ce0abf007514a171dda85835f8871 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65bcf8e2914ce0abf007514a171dda85835f8871 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-14809/golang
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ecf05d92 by Salvatore Bonaccorso at 2019-08-15T06:31:31Z Add CVE-2019-14809/golang - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -687,7 +687,13 @@ CVE-2019-14811 CVE-2019-14810 RESERVED CVE-2019-14809 (net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malfo ...) - TODO: check + - golang-1.13 + - golang-1.12 1.12.8-1 + - golang-1.11 + - golang + NOTE: Issue: https://github.com/golang/go/issues/29098 + NOTE: https://github.com/golang/go/commit/c1d9ca70995dc232a2145e3214f94e03409f6fcc (golang-1.11) + NOTE: https://github.com/golang/go/commit/3226f2d492963d361af9dfc6714ef141ba606713 (golang-1.12) CVE-2019-14808 RESERVED CVE-2019-14807 (In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS e ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ecf05d9273d60e86be9af6061001e67921e6017f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ecf05d9273d60e86be9af6061001e67921e6017f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-5477/ruby-nokogiri
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fbd3e2ac by Salvatore Bonaccorso at 2019-08-15T05:43:48Z Add Debian bug reference for CVE-2019-5477/ruby-nokogiri - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27062,7 +27062,7 @@ CVE-2019-5478 RESERVED CVE-2019-5477 [Command Injection Vulnerability] RESERVED - - ruby-nokogiri + - ruby-nokogiri (bug #934802) NOTE: https://github.com/sparklemotion/nokogiri/issues/1915 NOTE: Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file NOTE: is being passed untrusted user input. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbd3e2ace71f65763d50be6d96c32e9aa96b4b0d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbd3e2ace71f65763d50be6d96c32e9aa96b4b0d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-11250/kubernetes
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 125e2cb5 by Salvatore Bonaccorso at 2019-08-15T05:42:41Z Add Debian bug reference for CVE-2019-11250/kubernetes - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11329,7 +11329,7 @@ CVE-2019-11251 RESERVED CVE-2019-11250 [Bearer tokens are revealed in logs] RESERVED - - kubernetes + - kubernetes (bug #934801) NOTE: https://github.com/kubernetes/kubernetes/issues/81114 CVE-2019-11249 [Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal] RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/125e2cb5f352605587d87ce100f461a189e0aec1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/125e2cb5f352605587d87ce100f461a189e0aec1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-5477/ruby-nokogiri
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 95175540 by Salvatore Bonaccorso at 2019-08-15T05:41:49Z Add CVE-2019-5477/ruby-nokogiri - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27060,8 +27060,12 @@ CVE-2019-5479 RESERVED CVE-2019-5478 RESERVED -CVE-2019-5477 +CVE-2019-5477 [Command Injection Vulnerability] RESERVED + - ruby-nokogiri + NOTE: https://github.com/sparklemotion/nokogiri/issues/1915 + NOTE: Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file + NOTE: is being passed untrusted user input. CVE-2019-5476 (An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running o ...) TODO: check CVE-2019-5475 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/951755403ff826f4c6cd3af156cfec5d52d1d978 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/951755403ff826f4c6cd3af156cfec5d52d1d978 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new apache2 issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4296578f by Salvatore Bonaccorso at 2019-08-15T05:17:30Z Add new apache2 issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14366,10 +14366,16 @@ CVE-2016-10744 (In Select2 through 4.0.5, as used in Snipe-IT and other products NOT-FOR-US: Snipe-IT CVE-2019-10099 (Prior to Spark 2.3.3, in certain situations Spark would write user dat ...) NOT-FOR-US: Apache Spark -CVE-2019-10098 +CVE-2019-10098 [mod_rewrite configurations vulnerable to open redirect] RESERVED -CVE-2019-10097 + - apache2 2.4.41-1 + NOTE: Affects upstream versions 2.4.0 to 2.4.39 +CVE-2019-10097 [mod_remoteip stack buffer overflow and NULL pointer dereference] RESERVED + - apache2 2.4.41-1 + [stretch] - apache2 (PROXY protocol support in mod_remoteip added later) + [jessie] - apache2 (PROXY protocol support in mod_remoteip added later) + NOTE: Affects upstream versions 2.4.32 to 2.4.39 CVE-2019-10096 RESERVED CVE-2019-10095 @@ -14383,8 +14389,10 @@ CVE-2019-10093 (In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006m - tika 1.22-1 (bug #933745) NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/3 NOTE: https://github.com/apache/tika/commit/81c21ab0aac6b3e4102a1a8906c8c7eab6f96dae -CVE-2019-10092 +CVE-2019-10092 [Limited cross-site scripting in mod_proxy] RESERVED + - apache2 2.4.41-1 + NOTE: Affects upstream versions 2.4.0 to 2.4.39 CVE-2019-10091 RESERVED CVE-2019-10090 @@ -14406,10 +14414,14 @@ CVE-2019-10084 RESERVED CVE-2019-10083 RESERVED -CVE-2019-10082 +CVE-2019-10082 [mod_http2, read-after-free in h2 connection shutdown] RESERVED -CVE-2019-10081 + - apache2 2.4.41-1 + NOTE: Affects upstream versions 2.4.18 to 2.4.39 +CVE-2019-10081 [mod_http2, memory corruption on early pushes] RESERVED + - apache2 2.4.41-1 + NOTE: Affects upstream versions 2.4.20 to 2.4.39 CVE-2019-10080 RESERVED CVE-2019-10079 @@ -16862,7 +16874,9 @@ CVE-2019-9519 CVE-2019-9518 (Some HTTP/2 implementations are vulnerable to a flood of empty frames, ...) TODO: check CVE-2019-9517 (Some HTTP/2 implementations are vulnerable to unconstrained interal da ...) - TODO: check + - apache2 2.4.41-1 + NOTE: Affects upstream versions 2.4.20 to 2.4.39 + NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md CVE-2019-9516 (Some HTTP/2 implementations are vulnerable to a header leak, potential ...) TODO: check CVE-2019-9515 (Some HTTP/2 implementations are vulnerable to a settings flood, potent ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4296578f05fc84986cebc6cb7715d7e38ca3d8df -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4296578f05fc84986cebc6cb7715d7e38ca3d8df You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixes for gitlab via experimental
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2f343aae by Salvatore Bonaccorso at 2019-08-14T20:35:42Z Track fixes for gitlab via experimental - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -291,6 +291,7 @@ CVE-2019-14945 (The ultimate-member plugin before 2.0.54 for WordPress has XSS. NOT-FOR-US: ultimate-member plugin for WordPress CVE-2019-14944 [Multiple Command-Line Flag Injection Vulnerabilities] RESERVED + [experimental] - gitlab 11.11.8+dfsg-1 - gitlab (bug #934708) NOTE: https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/ CVE-2019-14943 [Insecure Authentication Methods Disabled for Grafana By Default] @@ -299,6 +300,7 @@ CVE-2019-14943 [Insecure Authentication Methods Disabled for Grafana By Default] NOTE: https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/ CVE-2019-14942 [Insecure Cookie Handling on GitLab Pages] RESERVED + [experimental] - gitlab 11.11.8+dfsg-1 - gitlab (bug #934708) NOTE: https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/ CVE-2019-14941 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2f343aae5737bae385bb765b4bee5f94d23c8981 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2f343aae5737bae385bb765b4bee5f94d23c8981 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-11250/kubernetes
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 885964c3 by Salvatore Bonaccorso at 2019-08-14T20:33:01Z Add CVE-2019-11250/kubernetes - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11325,8 +11325,10 @@ CVE-2019-11252 RESERVED CVE-2019-11251 RESERVED -CVE-2019-11250 +CVE-2019-11250 [Bearer tokens are revealed in logs] RESERVED + - kubernetes + NOTE: https://github.com/kubernetes/kubernetes/issues/81114 CVE-2019-11249 [Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal] RESERVED - kubernetes (Vulnerable code not present; incomplete fix not applied) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/885964c339e0b2c82320ae9e82de0ebc77dcddea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/885964c339e0b2c82320ae9e82de0ebc77dcddea You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-10201/Keycloak
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a030230a by Salvatore Bonaccorso at 2019-08-14T20:21:49Z Add CVE-2019-10201/Keycloak - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13993,7 +13993,7 @@ CVE-2019-10203 [PowerDNS Security Advisory 2019-06: Denial of service via crafte CVE-2019-10202 RESERVED CVE-2019-10201 (It was found that Keycloak's SAML broker, versions up to 6.0.1, did no ...) - TODO: check + NOT-FOR-US: Keycloak CVE-2019-10200 RESERVED NOT-FOR-US: OpenShift View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a030230a79205e4805c78c72fcc1986619284b3e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a030230a79205e4805c78c72fcc1986619284b3e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-10199/Keycloak
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 12a8a7e7 by Salvatore Bonaccorso at 2019-08-14T20:20:33Z Add CVE-2019-10199/Keycloak - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13998,7 +13998,7 @@ CVE-2019-10200 RESERVED NOT-FOR-US: OpenShift CVE-2019-10199 (It was found that Keycloak's account console, up to 6.0.1, did not per ...) - TODO: check + NOT-FOR-US: Keycloak CVE-2019-10198 (An authentication bypass vulnerability was discovered in foreman-tasks ...) - foreman (bug #663101) CVE-2019-10197 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/12a8a7e7e146b1fbeb4e131ead1f9ee32f88041b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/12a8a7e7e146b1fbeb4e131ead1f9ee32f88041b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0286f662 by Salvatore Bonaccorso at 2019-08-14T20:19:17Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -59,68 +59,68 @@ CVE-2019-15027 (The MediaTek Embedded Multimedia Card (eMMC) subsystem for Andro CVE-2019-15026 RESERVED CVE-2019-15025 (The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection ...) - TODO: check + NOT-FOR-US: ninja-forms plugin for WordPress CVE-2018-20968 (The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. ...) - TODO: check + NOT-FOR-US: wp-ultimate-exporter plugin for WordPress CVE-2018-20967 (The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSR ...) - TODO: check + NOT-FOR-US: wp-ultimate-csv-importer plugin for WordPress CVE-2017-18515 (The wp-statistics plugin before 12.0.8 for WordPress has SQL injection ...) - TODO: check + NOT-FOR-US: wp-statistics plugin for WordPress CVE-2017-18514 (The simple-login-log plugin before 1.1.2 for WordPress has SQL injecti ...) - TODO: check + NOT-FOR-US: simple-login-log plugin for WordPress CVE-2017-18513 (The responsive-menu plugin before 3.1.4 for WordPress has no CSRF prot ...) - TODO: check + NOT-FOR-US: responsive-menu plugin for WordPress CVE-2017-18512 (The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF ...) - TODO: check + NOT-FOR-US: newsletter-by-supsystic plugin for WordPress CVE-2017-18511 (The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF. ...) - TODO: check + NOT-FOR-US: custom-sidebars plugin for WordPress CVE-2017-18510 (The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related ...) - TODO: check + NOT-FOR-US: custom-sidebars plugin for WordPress CVE-2016-10889 (The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injecti ...) - TODO: check + NOT-FOR-US: nextgen-gallery plugin for WordPress CVE-2016-10888 (The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPr ...) - TODO: check + NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress CVE-2016-10887 (The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPr ...) - TODO: check + NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress CVE-2016-10886 (The wp-editor plugin before 1.2.6 for WordPress has incorrect permissi ...) - TODO: check + NOT-FOR-US: wp-editor plugin for WordPress CVE-2016-10885 (The wp-editor plugin before 1.2.6 for WordPress has CSRF. ...) - TODO: check + NOT-FOR-US: wp-editor plugin for WordPress CVE-2016-10884 (The simple-membership plugin before 3.3.3 for WordPress has multiple C ...) - TODO: check + NOT-FOR-US: simple-membership plugin for WordPress CVE-2016-10883 (The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF ...) - TODO: check + NOT-FOR-US: simple-add-pages-or-posts plugin for WordPress CVE-2016-10882 (The google-document-embedder plugin before 2.6.2 for WordPress has CSR ...) - TODO: check + NOT-FOR-US: google-document-embedder plugin for WordPress CVE-2016-10881 (The google-document-embedder plugin before 2.6.2 for WordPress has XSS ...) - TODO: check + NOT-FOR-US: google-document-embedder plugin for WordPress CVE-2016-10880 (The google-document-embedder plugin before 2.6.1 for WordPress has XSS ...) - TODO: check + NOT-FOR-US: google-document-embedder plugin for WordPress CVE-2015-9316 (The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injec ...) - TODO: check + NOT-FOR-US: wp-fastest-cache plugin for WordPress CVE-2015-9315 (The newstatpress plugin before 1.0.1 for WordPress has SQL injection. ...) - TODO: check + NOT-FOR-US: newstatpress plugin for WordPress CVE-2015-9314 (The newstatpress plugin before 1.0.4 for WordPress has XSS related to ...) - TODO: check + NOT-FOR-US: newstatpress plugin for WordPress CVE-2015-9313 (The newstatpress plugin before 1.0.5 for WordPress has SQL injection r ...) - TODO: check + NOT-FOR-US: newstatpress plugin for WordPress CVE-2015-9312 (The newstatpress plugin before 1.0.5 for WordPress has XSS related to ...) - TODO: check + NOT-FOR-US: newstatpress plugin for WordPress CVE-2015-9311 (The newstatpress plugin before 1.0.6 for WordPress has reflected XSS. ...) - TODO: check + NOT-FOR-US: newstatpress plugin for WordPress CVE-2015-9310 (The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPr ...) - TODO: check + NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress CVE-2015-9309 (The wp-google-map-p
[Git][security-tracker-team/security-tracker][master] Add openldap maintained by Ryan Tandy to lts-do-call-me
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: da316e1f by Markus Koschany at 2019-08-14T20:13:38Z Add openldap maintained by Ryan Tandy to lts-do-call-me - - - - - 1 changed file: - data/packages/lts-do-call-me Changes: = data/packages/lts-do-call-me = @@ -23,5 +23,7 @@ apt # All packages by William Blough xerces-c https://lists.debian.org/debian-lts/2019/07/msg00050.html +# Ryan Tandy +openldap View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da316e1f83be3b7a2b46b0a99d50f982eabe6ab9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da316e1f83be3b7a2b46b0a99d50f982eabe6ab9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9fb92ed3 by security tracker role at 2019-08-14T20:10:27Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,82 +1,126 @@ -CVE-2019-15033 - RESERVED -CVE-2019-15032 - RESERVED -CVE-2019-15031 - RESERVED -CVE-2019-15030 - RESERVED -CVE-2019-15029 - RESERVED -CVE-2019-15028 (In Joomla! before 3.9.11, inadequate checks in com_contact could allow ...) - NOT-FOR-US: Joomla! -CVE-2019-15027 - RESERVED -CVE-2019-15026 - RESERVED -CVE-2019-15025 - RESERVED -CVE-2018-20968 +CVE-2019-15055 RESERVED -CVE-2018-20967 +CVE-2019-15054 RESERVED -CVE-2017-18515 - RESERVED -CVE-2017-18514 - RESERVED -CVE-2017-18513 - RESERVED -CVE-2017-18512 - RESERVED -CVE-2017-18511 - RESERVED -CVE-2017-18510 - RESERVED -CVE-2016-10889 +CVE-2019-15053 (The "HTML Include and replace macro" plugin before 1.5.0 for Confluenc ...) + TODO: check +CVE-2019-15052 RESERVED -CVE-2016-10888 +CVE-2019-15051 RESERVED -CVE-2016-10887 +CVE-2019-15050 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...) + TODO: check +CVE-2019-15049 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...) + TODO: check +CVE-2019-15048 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...) + TODO: check +CVE-2019-15047 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...) + TODO: check +CVE-2019-15046 (Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthentica ...) + TODO: check +CVE-2019-15045 RESERVED -CVE-2016-10886 +CVE-2019-15044 RESERVED -CVE-2016-10885 +CVE-2019-15043 RESERVED -CVE-2016-10884 +CVE-2019-15042 RESERVED -CVE-2016-10883 +CVE-2019-15041 RESERVED -CVE-2016-10882 +CVE-2019-15040 RESERVED -CVE-2016-10881 +CVE-2019-15039 RESERVED -CVE-2016-10880 +CVE-2019-15038 RESERVED -CVE-2015-9316 +CVE-2019-15037 RESERVED -CVE-2015-9315 +CVE-2019-15036 RESERVED -CVE-2015-9314 +CVE-2019-15035 RESERVED -CVE-2015-9313 +CVE-2019-15034 RESERVED -CVE-2015-9312 +CVE-2019-15033 RESERVED -CVE-2015-9311 +CVE-2019-15032 RESERVED -CVE-2015-9310 +CVE-2019-15031 RESERVED -CVE-2015-9309 +CVE-2019-15030 RESERVED -CVE-2015-9308 +CVE-2019-15029 RESERVED -CVE-2015-9307 +CVE-2019-15028 (In Joomla! before 3.9.11, inadequate checks in com_contact could allow ...) + NOT-FOR-US: Joomla! +CVE-2019-15027 (The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on ...) + TODO: check +CVE-2019-15026 RESERVED +CVE-2019-15025 (The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection ...) + TODO: check +CVE-2018-20968 (The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. ...) + TODO: check +CVE-2018-20967 (The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSR ...) + TODO: check +CVE-2017-18515 (The wp-statistics plugin before 12.0.8 for WordPress has SQL injection ...) + TODO: check +CVE-2017-18514 (The simple-login-log plugin before 1.1.2 for WordPress has SQL injecti ...) + TODO: check +CVE-2017-18513 (The responsive-menu plugin before 3.1.4 for WordPress has no CSRF prot ...) + TODO: check +CVE-2017-18512 (The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF ...) + TODO: check +CVE-2017-18511 (The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF. ...) + TODO: check +CVE-2017-18510 (The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related ...) + TODO: check +CVE-2016-10889 (The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injecti ...) + TODO: check +CVE-2016-10888 (The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPr ...) + TODO: check +CVE-2016-10887 (The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPr ...) + TODO: check +CVE-2016-10886 (The wp-editor plugin before 1.2.6 for WordPress has incorrect permissi ...) + TODO: check +CVE-2016-10885 (The wp-editor plugin before 1.2.6 for WordPress has CSRF. ...) + TODO: check +CVE-2016-10884 (The simple-membership plugin before 3.3.3 for WordPress has multiple C ...) + TODO: check +CVE-2016-10883 (The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF ...) + TODO: check +CVE-2016-10882 (The google-document-embedder plugin before 2.6.2 for WordPress has CSR ...) + TODO: check +CVE-2016-10881 (The google-document-embedder plugin before 2.6.2 for WordPress has XSS ...) + TODO: check +CVE-2016-10880 (The google-document-embedder plu
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference or CVE-2019-2386/mongodb
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1270946d by Salvatore Bonaccorso at 2019-08-14T20:04:38Z Add Debian bug reference or CVE-2019-2386/mongodb - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35863,7 +35863,7 @@ CVE-2019-2388 CVE-2019-2387 RESERVED CVE-2019-2386 (After user deletion in MongoDB Server the improper invalidation of aut ...) - - mongodb + - mongodb (bug #934783) NOTE: https://jira.mongodb.org/browse/SERVER-38984 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0829 CVE-2019-2385 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1270946d47fc18f025c7d45580ee28ae9c495f49 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1270946d47fc18f025c7d45580ee28ae9c495f49 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-14973/tiff fixed version in unstable
László Böszörményi pushed to branch master at Debian Security Tracker / security-tracker Commits: 924895e2 by Laszlo Boszormenyi (GCS) at 2019-08-14T19:58:51Z Add CVE-2019-14973/tiff fixed version in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -185,7 +185,7 @@ CVE-2019-14975 CVE-2019-14974 RESERVED CVE-2019-14973 (_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through ...) - - tiff (bug #934780) + - tiff 4.0.10+git190814-1 (bug #934780) - tiff3 NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/90 NOTE: https://gitlab.com/libtiff/libtiff/commit/1b5e3b6a23827c33acf19ad50ce5ce78f12b3773 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/924895e21969fb3cab46612a948b1be9d057d4db -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/924895e21969fb3cab46612a948b1be9d057d4db You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-12618/nomad
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 66ebb761 by Salvatore Bonaccorso at 2019-08-14T19:51:33Z Add CVE-2019-12618/nomad - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7672,7 +7672,9 @@ CVE-2019-12620 CVE-2019-12619 RESERVED CVE-2019-12618 (HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via t ...) - TODO: check + - nomad (Vulnerability introduced in 0.9.0) + NOTE: https://www.hashicorp.com/blog/hashicorp-nomad-0-9-2 + NOTE: https://github.com/hashicorp/nomad/issues/5783 CVE-2019-12617 RESERVED CVE-2019-12616 (An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability wa ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/66ebb76197dba1963695897cb1a14f0c91cbe37f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/66ebb76197dba1963695897cb1a14f0c91cbe37f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-2386/mongodb
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f00f0924 by Salvatore Bonaccorso at 2019-08-14T19:52:11Z Add CVE-2019-2386/mongodb - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35863,7 +35863,9 @@ CVE-2019-2388 CVE-2019-2387 RESERVED CVE-2019-2386 (After user deletion in MongoDB Server the improper invalidation of aut ...) - TODO: check + - mongodb + NOTE: https://jira.mongodb.org/browse/SERVER-38984 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0829 CVE-2019-2385 RESERVED CVE-2019-2384 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f00f09242b7ceccf21c9c0ce4d50e755f5b2b4d4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f00f09242b7ceccf21c9c0ce4d50e755f5b2b4d4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: accb3713 by Salvatore Bonaccorso at 2019-08-14T19:46:09Z Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7201,9 +7201,9 @@ CVE-2019-12809 CVE-2019-12808 (ALTOOLS update service 18.1 and earlier versions contains a local priv ...) NOT-FOR-US: ALTOOLS update service CVE-2019-12807 (Alzip 10.83 and earlier version contains a stack-based buffer overflow ...) - TODO: check + NOT-FOR-US: ALZip CVE-2019-12806 (UniSign 2.0.4.0 and earlier version contains a stack-based buffer over ...) - TODO: check + NOT-FOR-US: UniSign CVE-2019-12805 (NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have ...) NOT-FOR-US: NCSOFT Game Launcher CVE-2019-12804 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/accb3713f9d75db5a741657bbdae192dccbf0460 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/accb3713f9d75db5a741657bbdae192dccbf0460 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-14973/tiff
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 157aea89 by Salvatore Bonaccorso at 2019-08-14T19:14:50Z Add Debian bug reference for CVE-2019-14973/tiff - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -185,7 +185,7 @@ CVE-2019-14975 CVE-2019-14974 RESERVED CVE-2019-14973 (_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through ...) - - tiff + - tiff (bug #934780) - tiff3 NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/90 NOTE: https://gitlab.com/libtiff/libtiff/commit/1b5e3b6a23827c33acf19ad50ce5ce78f12b3773 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/157aea89b2723ac76d9d1218080d4833cf1490fc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/157aea89b2723ac76d9d1218080d4833cf1490fc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-14973/tiff
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 19ea7137 by Salvatore Bonaccorso at 2019-08-14T19:00:43Z Add CVE-2019-14973/tiff - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -185,7 +185,10 @@ CVE-2019-14975 CVE-2019-14974 RESERVED CVE-2019-14973 (_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through ...) - TODO: check + - tiff + - tiff3 + NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/90 + NOTE: https://gitlab.com/libtiff/libtiff/commit/1b5e3b6a23827c33acf19ad50ce5ce78f12b3773 CVE-2019-14972 RESERVED CVE-2019-14971 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/19ea713759f48e38339620ffece3ede503ee46ad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/19ea713759f48e38339620ffece3ede503ee46ad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] add note for slurm-llnl
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 8a4131e4 by Abhijith PA at 2019-08-14T16:05:55Z add note for slurm-llnl - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -111,6 +111,7 @@ ruby-openid NOTE: 20190812: Details: https://github.com/openid/ruby-openid/issues/122#issuecomment-520304211 -- slurm-llnl (Abhijith PA) + NOTE: 20190814: Contacted security of slurm-llnl for relevant commits (abhijith) -- sox NOTE: 20190721: no patch available (hle) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a4131e4fe06a1b81fdcaace6d10d3c4dcc194b7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a4131e4fe06a1b81fdcaace6d10d3c4dcc194b7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2014-10375/libexosip2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4a9c6f19 by Salvatore Bonaccorso at 2019-08-14T15:40:19Z Add Debian bug reference for CVE-2014-10375/libexosip2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -73,7 +73,7 @@ CVE-2015-9308 CVE-2015-9307 RESERVED CVE-2014-10375 (handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a nega ...) - - libexosip2 + - libexosip2 (bug #934766) NOTE: http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=2549e421c14aff886629b8482c14af800f411070 CVE-2013-7476 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4a9c6f195f95785549ba87c3dbb4742556af4471 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4a9c6f195f95785549ba87c3dbb4742556af4471 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2014-10375/libexosip2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 60d22509 by Salvatore Bonaccorso at 2019-08-14T15:18:23Z Add CVE-2014-10375/libexosip2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -73,7 +73,8 @@ CVE-2015-9308 CVE-2015-9307 RESERVED CVE-2014-10375 (handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a nega ...) - TODO: check + - libexosip2 + NOTE: http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=2549e421c14aff886629b8482c14af800f411070 CVE-2013-7476 RESERVED CVE-2019-15024 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/60d22509510f80ee76e78a445e938cb4f7de2b2a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/60d22509510f80ee76e78a445e938cb4f7de2b2a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c29eb453 by Salvatore Bonaccorso at 2019-08-14T12:31:39Z Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,7 +9,7 @@ CVE-2019-15030 CVE-2019-15029 RESERVED CVE-2019-15028 (In Joomla! before 3.9.11, inadequate checks in com_contact could allow ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2019-15027 RESERVED CVE-2019-15026 @@ -153,11 +153,11 @@ CVE-2019-14988 CVE-2019-14987 (Adive Framework through 2.0.7 is affected by XSS in the Create New Tab ...) NOT-FOR-US: Adive Framework CVE-2019-14986 (eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installe ...) - TODO: check + NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3 CVE-2019-14985 (eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remot ...) - TODO: check + NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3 CVE-2019-14984 (eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn inst ...) - TODO: check + NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3 CVE-2019-14983 RESERVED CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerability in ...) @@ -1294,7 +1294,7 @@ CVE-2019-14531 (An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is NOTE: https://github.com/sleuthkit/sleuthkit/issues/1576 NOTE: Negligible security impact CVE-2019-14530 (An issue was discovered in custom/ajax_download.php in OpenEMR before ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2019-14529 (OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/s ...) NOT-FOR-US: OpenEMR CVE-2019-14528 (GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/ ...) @@ -1335,7 +1335,7 @@ CVE-2019-14518 CVE-2019-14517 (pandao Editor.md 1.5.0 allows XSS via the Javascript: string. ...) NOT-FOR-US: pandao Editor.md CVE-2019-14516 (The mAadhaar application 1.2.7 for Android lacks SSL Certificate Valid ...) - TODO: check + NOT-FOR-US: mAadhaar application for Android CVE-2019-14515 RESERVED CVE-2019-14514 @@ -2325,7 +2325,7 @@ CVE-2019-14361 CVE-2019-14360 RESERVED CVE-2019-14359 (** DISPUTED ** On BC Vault devices, a side channel for the row-based S ...) - TODO: check + NOT-FOR-US: BC Vault devices CVE-2019-14358 RESERVED CVE-2019-14357 (** DISPUTED ** On Mooltipass Mini devices, a side channel for the row- ...) @@ -5425,7 +5425,7 @@ CVE-2019-13464 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) CVE-2019-13463 RESERVED CVE-2019-13462 (Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. ...) - TODO: check + NOT-FOR-US: Lansweeper CVE-2019-13461 (In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_addre ...) NOT-FOR-US: PrestaShop CVE-2019-13460 @@ -5543,17 +5543,17 @@ CVE-2019-13422 CVE-2019-13421 RESERVED CVE-2019-13420 (Search Guard versions before 21.0 had an timing side channel issue whe ...) - TODO: check + NOT-FOR-US: Search Guard CVE-2019-13419 (Search Guard versions before 23.1 had an issue that for aggregations c ...) - TODO: check + NOT-FOR-US: Search Guard CVE-2019-13418 (Search Guard versions before 24.0 had an issue that values of string a ...) - TODO: check + NOT-FOR-US: Search Guard CVE-2019-13417 (Search Guard versions before 24.0 had an issue that field caps and map ...) - TODO: check + NOT-FOR-US: Search Guard CVE-2019-13416 (Search Guard versions before 24.3 had an issue when Cross Cluster Sear ...) - TODO: check + NOT-FOR-US: Search Guard CVE-2019-13415 (Search Guard versions before 24.3 had an issue when Cross Cluster Sear ...) - TODO: check + NOT-FOR-US: Search Guard CVE-2019-13414 (The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/ren ...) NOT-FOR-US: Wordpress plugin CVE-2019-13413 (The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection v ...) @@ -7195,7 +7195,7 @@ CVE-2019-12810 CVE-2019-12809 RESERVED CVE-2019-12808 (ALTOOLS update service 18.1 and earlier versions contains a local priv ...) - TODO: check + NOT-FOR-US: ALTOOLS update service CVE-2019-12807 (Alzip 10.83 and earlier version contains a stack-based buffer overflow ...) TODO: check CVE-2019-12806 (UniSign 2.0.4.0 and earlier version contains a stack-based buffer over ...) @@ -8003,7 +8003,7 @@ CVE-2019-12481 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer d CVE-2019-12480 (BACnet Protocol Stack through 0.8.6 has a segmentation fault leading t ...) NOT-FOR-US: BACnet Protocol Stack CVE-2019-12479 (An issue was discovered in 20|20 Storage 2.11.0. A
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-14378/slirp4netns via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: daf1747c by Salvatore Bonaccorso at 2019-08-14T12:03:55Z Add fixed version for CVE-2019-14378/slirp4netns via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2247,7 +2247,7 @@ CVE-2019-14379 (SubTypeValidator.java in FasterXML jackson-databind before 2.9.9 CVE-2019-14378 (ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overf ...) - qemu (bug #933741) - qemu-kvm - - slirp4netns (bug #933742) + - slirp4netns 0.3.2-1 (bug #933742) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210 CVE-2018-20870 (The WebDAV transport feature in cPanel before 76.0.8 enables debug log ...) NOT-FOR-US: cPanel View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/daf1747c0cf3b9298b2d854508b31c7edf331683 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/daf1747c0cf3b9298b2d854508b31c7edf331683 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 12d1b227 by security tracker role at 2019-08-14T08:10:17Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,81 @@ +CVE-2019-15033 + RESERVED +CVE-2019-15032 + RESERVED +CVE-2019-15031 + RESERVED +CVE-2019-15030 + RESERVED +CVE-2019-15029 + RESERVED +CVE-2019-15028 (In Joomla! before 3.9.11, inadequate checks in com_contact could allow ...) + TODO: check +CVE-2019-15027 + RESERVED +CVE-2019-15026 + RESERVED +CVE-2019-15025 + RESERVED +CVE-2018-20968 + RESERVED +CVE-2018-20967 + RESERVED +CVE-2017-18515 + RESERVED +CVE-2017-18514 + RESERVED +CVE-2017-18513 + RESERVED +CVE-2017-18512 + RESERVED +CVE-2017-18511 + RESERVED +CVE-2017-18510 + RESERVED +CVE-2016-10889 + RESERVED +CVE-2016-10888 + RESERVED +CVE-2016-10887 + RESERVED +CVE-2016-10886 + RESERVED +CVE-2016-10885 + RESERVED +CVE-2016-10884 + RESERVED +CVE-2016-10883 + RESERVED +CVE-2016-10882 + RESERVED +CVE-2016-10881 + RESERVED +CVE-2016-10880 + RESERVED +CVE-2015-9316 + RESERVED +CVE-2015-9315 + RESERVED +CVE-2015-9314 + RESERVED +CVE-2015-9313 + RESERVED +CVE-2015-9312 + RESERVED +CVE-2015-9311 + RESERVED +CVE-2015-9310 + RESERVED +CVE-2015-9309 + RESERVED +CVE-2015-9308 + RESERVED +CVE-2015-9307 + RESERVED +CVE-2014-10375 (handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a nega ...) + TODO: check +CVE-2013-7476 + RESERVED CVE-2019-15024 RESERVED CVE-2019-15023 @@ -74,12 +152,12 @@ CVE-2019-14988 REJECTED CVE-2019-14987 (Adive Framework through 2.0.7 is affected by XSS in the Create New Tab ...) NOT-FOR-US: Adive Framework -CVE-2019-14986 - RESERVED -CVE-2019-14985 - RESERVED -CVE-2019-14984 - RESERVED +CVE-2019-14986 (eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installe ...) + TODO: check +CVE-2019-14985 (eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remot ...) + TODO: check +CVE-2019-14984 (eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn inst ...) + TODO: check CVE-2019-14983 RESERVED CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerability in ...) @@ -105,8 +183,8 @@ CVE-2019-14975 RESERVED CVE-2019-14974 RESERVED -CVE-2019-14973 - RESERVED +CVE-2019-14973 (_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through ...) + TODO: check CVE-2019-14972 RESERVED CVE-2019-14971 @@ -558,8 +636,8 @@ CVE-2019-14811 RESERVED CVE-2019-14810 RESERVED -CVE-2019-14809 - RESERVED +CVE-2019-14809 (net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malfo ...) + TODO: check CVE-2019-14808 RESERVED CVE-2019-14807 (In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS e ...) @@ -7116,12 +7194,12 @@ CVE-2019-12810 RESERVED CVE-2019-12809 RESERVED -CVE-2019-12808 - RESERVED -CVE-2019-12807 - RESERVED -CVE-2019-12806 - RESERVED +CVE-2019-12808 (ALTOOLS update service 18.1 and earlier versions contains a local priv ...) + TODO: check +CVE-2019-12807 (Alzip 10.83 and earlier version contains a stack-based buffer overflow ...) + TODO: check +CVE-2019-12806 (UniSign 2.0.4.0 and earlier version contains a stack-based buffer over ...) + TODO: check CVE-2019-12805 (NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have ...) NOT-FOR-US: NCSOFT Game Launcher CVE-2019-12804 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to ...) @@ -7924,8 +8002,8 @@ CVE-2019-12481 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer d NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1 CVE-2019-12480 (BACnet Protocol Stack through 0.8.6 has a segmentation fault leading t ...) NOT-FOR-US: BACnet Protocol Stack -CVE-2019-12479 - RESERVED +CVE-2019-12479 (An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vuln ...) + TODO: check CVE-2019-12478 RESERVED CVE-2019-12477 (Supra Smart Cloud TV allows remote file inclusion in the openLiveURL f ...) @@ -11320,8 +11398,8 @@ CVE-2019-11209 RESERVED CVE-2019-11208 (The authorization component of TIBCO Software Inc.'s TIBCO API Exchang ...) NOT-FOR-US: TIBCO -CVE-2019-11207 - RESERVED +CVE-2019-11207 (The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enter ...) + TODO: check CVE-2019-11206 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire