[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bac92906 by Salvatore Bonaccorso at 2019-09-23T05:31:18Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,15 +1,15 @@ CVE-2019-16697 RESERVED CVE-2019-16696 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit. ...) - TODO: check + NOT-FOR-US: phpIPAM CVE-2019-16695 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filte ...) - TODO: check + NOT-FOR-US: phpIPAM CVE-2019-16694 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit- ...) - TODO: check + NOT-FOR-US: phpIPAM CVE-2019-16693 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order ...) - TODO: check + NOT-FOR-US: phpIPAM CVE-2019-16692 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filte ...) - TODO: check + NOT-FOR-US: phpIPAM CVE-2019-16691 RESERVED CVE-2019-16690 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bac92906cb0e2761c03e715a61a0673035994b57 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bac92906cb0e2761c03e715a61a0673035994b57 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b89bd41c by security tracker role at 2019-09-22T20:10:24Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,37 @@ +CVE-2019-16697 + RESERVED +CVE-2019-16696 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit. ...) + TODO: check +CVE-2019-16695 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filte ...) + TODO: check +CVE-2019-16694 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit- ...) + TODO: check +CVE-2019-16693 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order ...) + TODO: check +CVE-2019-16692 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filte ...) + TODO: check +CVE-2019-16691 + RESERVED +CVE-2019-16690 + RESERVED +CVE-2019-16689 + RESERVED +CVE-2019-16688 + RESERVED +CVE-2019-16687 + RESERVED +CVE-2019-16686 + RESERVED +CVE-2019-16685 + RESERVED +CVE-2019-16684 + RESERVED +CVE-2019-16683 + RESERVED +CVE-2019-16682 + RESERVED +CVE-2018-21018 (Mastodon before 2.6.3 mishandles timeouts of incompletely established ...) + TODO: check CVE-2019-16681 (The Traveloka application 3.14.0 for Android exports com.traveloka.and ...) TODO: check CVE-2019-16680 (An issue was discovered in GNOME file-roller before 3.29.91. It allows ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b89bd41c1b065a092bff11b44bbd8c3bf6a11d67 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b89bd41c1b065a092bff11b44bbd8c3bf6a11d67 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-13568/cimg
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 76cd3f46 by Salvatore Bonaccorso at 2019-09-22T15:33:40Z Add Debian bug reference for CVE-2019-13568/cimg - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10027,7 +10027,7 @@ CVE-2019-13570 (The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Inj CVE-2019-13569 (A SQL injection vulnerability exists in the Icegram Email Subscribers ...) NOT-FOR-US: Icegram Email Subscribers & Newsletters plugin for WordPress CVE-2019-13568 (CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CI ...) - - cimg + - cimg (bug #940952) [jessie] - cimg (Vulnerable code added later) NOTE: https://github.com/dtschump/CImg/commit/ac8003393569aba51048c9d67e1491559877b1d1 CVE-2019-13567 (The Zoom Client before 4.4.53932.0709 on macOS allows remote code exec ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/76cd3f463ce06895ec7dd1da6316ae2dffb04334 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/76cd3f463ce06895ec7dd1da6316ae2dffb04334 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add cloned bug from #892780 for src:img
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b09d8222 by Salvatore Bonaccorso at 2019-09-22T15:30:09Z Add cloned bug from #892780 for src:img There was one remaining issue unfixed (respectively yet very unclear) for CVE-2018-7587. Track with a spearate bug and closed the former bug. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -79140,7 +79140,7 @@ CVE-2018-7588 (An issue was discovered in CImg v.220. A heap-based buffer over-r NOTE: https://github.com/dtschump/CImg/issues/183 NOTE: https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4 CVE-2018-7587 (An issue was discovered in CImg v.220. DoS occurs when loading a craft ...) - - cimg (low; bug #892780) + - cimg (low; bug #892780; bug #940951) [buster] - cimg (Minor issue) [stretch] - cimg (Minor issue) [jessie] - cimg (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b09d8222450e3a983b573e53fad30758a27ccb72 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b09d8222450e3a983b573e53fad30758a27ccb72 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-16395/gnucobol
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ca723f54 by Salvatore Bonaccorso at 2019-09-22T15:29:04Z Add Debian bug reference for CVE-2019-16395/gnucobol - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -670,7 +670,7 @@ CVE-2019-16396 (GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_na [stretch] - open-cobol (Minor issue) NOTE: https://sourceforge.net/p/open-cobol/bugs/587/ CVE-2019-16395 (GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() functi ...) - - gnucobol + - gnucobol (bug #940949) [buster] - gnucobol (Minor issue) - open-cobol [stretch] - open-cobol (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ca723f549086d18e30a0436ed8f96a1f3924884b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ca723f549086d18e30a0436ed8f96a1f3924884b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-16396/gnucobol
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 55eea7b4 by Salvatore Bonaccorso at 2019-09-22T15:28:29Z Add Debian bug reference for CVE-2019-16396/gnucobol - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -664,7 +664,7 @@ CVE-2019-16398 (On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execut CVE-2019-16397 RESERVED CVE-2019-16396 (GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() f ...) - - gnucobol + - gnucobol (bug #940950) [buster] - gnucobol (Minor issue) - open-cobol [stretch] - open-cobol (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/55eea7b46352c9d03831a61d57a349bc340ce70b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/55eea7b46352c9d03831a61d57a349bc340ce70b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for xtrlock.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: c0d0edb1 by Chris Lamb at 2019-09-22T15:05:35Z Update note for xtrlock. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -144,6 +144,7 @@ xtrlock (Chris Lamb) NOTE: 20190822: WIP on #830726 (lamby) NOTE: 20190904: Need to get advice/pointer from libinput2 maintainers for a full patch. (lamby) NOTE: 20190910: Further roundtrips on #830726. (lamby) + NOTE: 20190922: Pinged X.org upstream (see #830726). (lamby) -- yard NOTE: 20190830: second reviewer / triager needed. The security announcement states that the fix View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c0d0edb1d11eee4f8241c20e098e48d294d4a412 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c0d0edb1d11eee4f8241c20e098e48d294d4a412 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-14806
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1e09aad1 by Salvatore Bonaccorso at 2019-09-22T08:27:32Z Add Debian bug reference for CVE-2019-14806 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5354,7 +5354,7 @@ CVE-2019-14808 CVE-2019-14807 (In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS e ...) NOT-FOR-US: MobileFrontend extension for MediaWiki CVE-2019-14806 (Pallets Werkzeug before 0.15.3, when used with Docker, has insufficien ...) - - python-werkzeug (low) + - python-werkzeug (low; bug #940935) [buster] - python-werkzeug (Minor issue) [stretch] - python-werkzeug (Minor issue) [jessie] - python-werkzeug (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e09aad1734b43bd00a3a0febb08e0e3fbf30a41 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e09aad1734b43bd00a3a0febb08e0e3fbf30a41 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 53b5e30d by Salvatore Bonaccorso at 2019-09-22T08:26:55Z Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,7 +9,7 @@ CVE-2019-16679 (Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversa CVE-2019-16678 (admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant deni ...) NOT-FOR-US: YzmCMS CVE-2019-16677 (An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=membe ...) - TODO: check + NOT-FOR-US: idreamsoft iCMS CVE-2019-16676 RESERVED CVE-2019-16675 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/53b5e30db7bd5b730dfcf26d79bc7fc0ba007575 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/53b5e30db7bd5b730dfcf26d79bc7fc0ba007575 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-16680/file-roller
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 30bc3374 by Salvatore Bonaccorso at 2019-09-22T08:25:52Z Add CVE-2019-16680/file-roller - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,9 @@ CVE-2019-16681 (The Traveloka application 3.14.0 for Android exports com.traveloka.and ...) TODO: check CVE-2019-16680 (An issue was discovered in GNOME file-roller before 3.29.91. It allows ...) - TODO: check + - file-roller 3.30.0-1 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=794337 + NOTE: https://gitlab.gnome.org/GNOME/file-roller/commit/57268e51e59b61c9e3125eb0f65551c7084297e2 CVE-2019-16679 (Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, lea ...) NOT-FOR-US: Gila CMS CVE-2019-16678 (admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant deni ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/30bc337462e75d743b5650440879e9eb393e6fb9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/30bc337462e75d743b5650440879e9eb393e6fb9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Cleanup one REJECTED entry
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: f8635dab by Henri Salo at 2019-09-22T08:23:55Z Cleanup one REJECTED entry - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15500,7 +15500,6 @@ CVE-2019-11564 (A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allo NOT-FOR-US: HumHub CVE-2019-11563 REJECTED - NOT-FOR-US: Shenzhen Sricctv DeviceViewer for XP CVE-2019-11562 RESERVED CVE-2019-11561 (The Chuango 433 MHz burglar-alarm product line is vulnerable to a Deni ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8635dabc80c000f74297c085c5f0493b7eeffa3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8635dabc80c000f74297c085c5f0493b7eeffa3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 78443754 by Henri Salo at 2019-09-22T08:22:58Z NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,9 +3,9 @@ CVE-2019-16681 (The Traveloka application 3.14.0 for Android exports com.travelo CVE-2019-16680 (An issue was discovered in GNOME file-roller before 3.29.91. It allows ...) TODO: check CVE-2019-16679 (Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, lea ...) - TODO: check + NOT-FOR-US: Gila CMS CVE-2019-16678 (admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant deni ...) - TODO: check + NOT-FOR-US: YzmCMS CVE-2019-16677 (An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=membe ...) TODO: check CVE-2019-16676 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/784437543ffa50bbf2fe524771c7702d534a7a93 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/784437543ffa50bbf2fe524771c7702d534a7a93 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-13616/libsdl2-image
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 04da0eef by Salvatore Bonaccorso at 2019-09-22T08:16:47Z Add Debian bug reference for CVE-2019-13616/libsdl2-image - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8898,7 +8898,7 @@ CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2. [buster] - libsdl1.2 (Minor issue) [stretch] - libsdl1.2 (Minor issue) [jessie] - libsdl1.2 (can be fixed along with more important patches) - - libsdl2-image + - libsdl2-image (bug #940934) [buster] - libsdl2-image (Minor issue) [stretch] - libsdl2-image (Minor issue) [jessie] - libsdl2-image (can be fixed along with more important patches) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/04da0eeff2d9d6dad3a8a2ca81eff5a24f63b932 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/04da0eeff2d9d6dad3a8a2ca81eff5a24f63b932 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 229ff83b by security tracker role at 2019-09-22T08:10:14Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,15 @@ +CVE-2019-16681 (The Traveloka application 3.14.0 for Android exports com.traveloka.and ...) + TODO: check +CVE-2019-16680 (An issue was discovered in GNOME file-roller before 3.29.91. It allows ...) + TODO: check +CVE-2019-16679 (Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, lea ...) + TODO: check +CVE-2019-16678 (admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant deni ...) + TODO: check +CVE-2019-16677 (An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=membe ...) + TODO: check +CVE-2019-16676 + RESERVED CVE-2019-16675 RESERVED CVE-2019-16674 @@ -2064,7 +2076,7 @@ CVE-2019-15905 CVE-2019-15904 RESERVED CVE-2019-15903 (In libexpat before 2.2.8, crafted XML input could fool the parser into ...) - {DLA-1912-1} + {DSA-4530-1 DLA-1912-1} - expat 2.2.7-2 (bug #939394) NOTE: https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43 NOTE: https://github.com/libexpat/libexpat/issues/317 @@ -15486,7 +15498,8 @@ CVE-2019-11565 (Server Side Request Forgery (SSRF) exists in the Print My Blog p NOT-FOR-US: Print My Blog plugin for WordPress CVE-2019-11564 (A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows rem ...) NOT-FOR-US: HumHub -CVE-2019-11563 (Shenzhen Sricctv DeviceViewer for XP has a Buffer Overflow via the use ...) +CVE-2019-11563 + REJECTED NOT-FOR-US: Shenzhen Sricctv DeviceViewer for XP CVE-2019-11562 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/229ff83bb156ba8ef2ffe640c502ab431166ce36 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/229ff83bb156ba8ef2ffe640c502ab431166ce36 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2019-1622{4,5,6,7,8}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 21f01e0a by Salvatore Bonaccorso at 2019-09-22T08:06:32Z Update status for CVE-2019-1622{4,5,6,7,8} - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1229,25 +1229,30 @@ CVE-2019-16229 (drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5 NOTE: Requires memory allocation failure during device probe, so unlikely to NOTE: be exploitable, and then it's only a local DoS. CVE-2019-16228 (An issue was discovered in py-lmdb 0.97. There is a divide-by-zero err ...) - - py-lmdb + - py-lmdb (unimportant) NOTE: https://github.com/jnwatson/py-lmdb/issues/210 - TODO: check + NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all + NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023 CVE-2019-16227 (An issue was discovered in py_lmdb 0.97. For certain values of mn_flag ...) - - py-lmdb + - py-lmdb (unimportant) NOTE: https://github.com/jnwatson/py-lmdb/issues/210 - TODO: check + NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all + NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023 CVE-2019-16226 (An issue was discovered in py-lmdb 0.97. mdb_node_del does not validat ...) - - py-lmdb + - py-lmdb (unimportant) NOTE: https://github.com/jnwatson/py-lmdb/issues/210 - TODO: check + NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all + NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023 CVE-2019-16225 (An issue was discovered in py-lmdb 0.97. For certain values of mp_flag ...) - - py-lmdb + - py-lmdb (unimportant) NOTE: https://github.com/jnwatson/py-lmdb/issues/210 - TODO: check + NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all + NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023 CVE-2019-16224 (An issue was discovered in py-lmdb 0.97. For certain values of md_flag ...) - - py-lmdb + - py-lmdb (unimportant) NOTE: https://github.com/jnwatson/py-lmdb/issues/210 - TODO: check + NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all + NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023 CVE-2019-16223 (WordPress before 5.2.3 allows XSS in post previews by authenticated us ...) - wordpress 5.2.3+dfsg1-1 (bug #939543) CVE-2019-16222 (WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_b ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/21f01e0a6948f1c69d4d59a85259b6438dc2a331 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/21f01e0a6948f1c69d4d59a85259b6438dc2a331 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for expat update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0db66d75 by Salvatore Bonaccorso at 2019-09-22T07:32:17Z Reserve DSA number for expat update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,7 @@ +[22 Sep 2019] DSA-4530-1 expat - security update + {CVE-2019-15903} + [stretch] - expat 2.2.0-2+deb9u3 + [buster] - expat 2.2.6-2+deb10u1 [20 Sep 2019] DSA-4529-1 php7.0 - security update {CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-11038 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042} [stretch] - php7.0 7.0.33-0+deb9u5 = data/dsa-needed.txt = @@ -25,8 +25,6 @@ curl (ghedo) -- evince/oldstable -- -expat (carnil) --- freeimage -- glusterfs/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0db66d75faccdc92ba3b8c8e5160c1ac1a4e4603 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0db66d75faccdc92ba3b8c8e5160c1ac1a4e4603 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d10772e by Salvatore Bonaccorso at 2019-09-22T07:11:56Z Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,7 +11,7 @@ CVE-2019-16671 CVE-2019-16670 RESERVED CVE-2019-16669 (The Reset Password feature in Pagekit 1.0.17 gives a different respons ...) - TODO: check + NOT-FOR-US: Pagekit CMS CVE-2019-16668 RESERVED CVE-2019-16667 @@ -19,27 +19,27 @@ CVE-2019-16667 CVE-2019-1 RESERVED CVE-2019-16665 (An issue was discovered in ThinkSAAS 2.91. There is XSS via the conten ...) - TODO: check + NOT-FOR-US: ThinkSAAS CVE-2019-16664 (An issue was discovered in ThinkSAAS 2.91. There is XSS via the index. ...) - TODO: check + NOT-FOR-US: ThinkSAAS CVE-2019-16663 RESERVED CVE-2019-16662 RESERVED CVE-2019-16661 (Ogma CMS 0.5 has XSS via creation of a new blog. ...) - TODO: check + NOT-FOR-US: Ogma CMS CVE-2019-16660 (joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CS ...) - TODO: check + NOT-FOR-US: joyplus-cms CVE-2019-16659 (TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. ...) - TODO: check + NOT-FOR-US: TuziCMS CVE-2019-16658 (TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. ...) - TODO: check + NOT-FOR-US: TuziCMS CVE-2019-16657 (TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrate ...) - TODO: check + NOT-FOR-US: TuziCMS CVE-2019-16656 (joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP cod ...) - TODO: check + NOT-FOR-US: joyplus-cms CVE-2019-16655 (joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains av ...) - TODO: check + NOT-FOR-US: joyplus-cms CVE-2019-16654 RESERVED CVE-2019-16653 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d10772ebd8e1d203d1374b7d5b62971476da67f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d10772ebd8e1d203d1374b7d5b62971476da67f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits