[Git][security-tracker-team/security-tracker][master] Claim debian-lan-config
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: bfa17ea0 by Utkarsh Gupta at 2019-12-31T23:12:03Z Claim debian-lan-config - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -20,7 +20,7 @@ apache-log4j1.2 (Markus Koschany) clamav (Hugo Lefeuvre) NOTE: 20191227: waiting for 0.102.1 to enter stretch/buster. -- -debian-lan-config +debian-lan-config (Utkarsh Gupta) -- git (Roberto C. Sánchez) NOTE: 20191226: Patches integrated for 4 of 5 CVEs. The last, CVE-2019-1387, View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bfa17ea08b9c2c51e0f2b3e9bedf379f33450130 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bfa17ea08b9c2c51e0f2b3e9bedf379f33450130 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1d1f96e2 by security tracker role at 2019-12-31T20:10:18Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,147 @@ +CVE-2020-5178 + RESERVED +CVE-2020-5177 + RESERVED +CVE-2020-5176 + RESERVED +CVE-2020-5175 + RESERVED +CVE-2020-5174 + RESERVED +CVE-2020-5173 + RESERVED +CVE-2020-5172 + RESERVED +CVE-2020-5171 + RESERVED +CVE-2020-5170 + RESERVED +CVE-2020-5169 + RESERVED +CVE-2020-5168 + RESERVED +CVE-2020-5167 + RESERVED +CVE-2020-5166 + RESERVED +CVE-2020-5165 + RESERVED +CVE-2020-5164 + RESERVED +CVE-2020-5163 + RESERVED +CVE-2020-5162 + RESERVED +CVE-2020-5161 + RESERVED +CVE-2020-5160 + RESERVED +CVE-2020-5159 + RESERVED +CVE-2020-5158 + RESERVED +CVE-2020-5157 + RESERVED +CVE-2020-5156 + RESERVED +CVE-2020-5155 + RESERVED +CVE-2020-5154 + RESERVED +CVE-2020-5153 + RESERVED +CVE-2020-5152 + RESERVED +CVE-2020-5151 + RESERVED +CVE-2020-5150 + RESERVED +CVE-2020-5149 + RESERVED +CVE-2020-5148 + RESERVED +CVE-2020-5147 + RESERVED +CVE-2020-5146 + RESERVED +CVE-2020-5145 + RESERVED +CVE-2020-5144 + RESERVED +CVE-2020-5143 + RESERVED +CVE-2020-5142 + RESERVED +CVE-2020-5141 + RESERVED +CVE-2020-5140 + RESERVED +CVE-2020-5139 + RESERVED +CVE-2020-5138 + RESERVED +CVE-2020-5137 + RESERVED +CVE-2020-5136 + RESERVED +CVE-2020-5135 + RESERVED +CVE-2020-5134 + RESERVED +CVE-2020-5133 + RESERVED +CVE-2020-5132 + RESERVED +CVE-2020-5131 + RESERVED +CVE-2020-5130 + RESERVED +CVE-2020-5129 + RESERVED +CVE-2019-20197 (In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary ...) + TODO: check +CVE-2019-20196 + RESERVED +CVE-2019-20195 + RESERVED +CVE-2019-20194 + RESERVED +CVE-2019-20193 + RESERVED +CVE-2019-20192 + RESERVED +CVE-2019-20191 + RESERVED +CVE-2019-20190 + RESERVED +CVE-2019-20189 + RESERVED +CVE-2019-20188 + RESERVED +CVE-2019-20187 + RESERVED +CVE-2019-20186 + RESERVED +CVE-2019-20185 + RESERVED +CVE-2019-20184 + RESERVED +CVE-2019-20183 + RESERVED +CVE-2019-20182 + RESERVED +CVE-2019-20181 + RESERVED +CVE-2019-20180 + RESERVED +CVE-2019-20179 + RESERVED +CVE-2019-20178 + RESERVED +CVE-2019-20177 + RESERVED +CVE-2019-20176 (In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the li ...) + TODO: check CVE-2019-20175 (** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core. ...) - qemu (unimportant) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg01651.html @@ -15243,6 +15387,7 @@ CVE-2019-18180 (Improper Check for filenames with overly long extensions in Post NOTE: https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/ CVE-2019-18179 RESERVED + {DLA-2053-1} - otrs2 6.0.24-1 (bug #945251) [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) @@ -19675,7 +19820,7 @@ CVE-2019-16407 (JetBrains ReSharper installers for versions before 2019.2 had a NOT-FOR-US: JetBrains ReSharper installer CVE-2019-16406 (Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware v ...) - centreon-web (bug #913903) -CVE-2019-16405 (Centreon Web 19.04.4 allows Remote Code Execution by an administrator ...) +CVE-2019-16405 (Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19. ...) - centreon-web (bug #913903) CVE-2019-16404 (Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php ...) NOT-FOR-US: OpenEMR @@ -25722,8 +25867,7 @@ CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c NOTE: https://sourceforge.net/p/open-cobol/bugs/581/ CVE-2019-14467 (The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code E ...) NOT-FOR-US: Social Photo Gallery plugin for WordPress -CVE-2019-14466 [GOsa <= 2.7.5.2 uses unserialize to restore filter settings from a cookie. Since this cookie is supplied by the client, authenticated users can pass arbitrary content to unserialized, which opens GOsa up to a potential PHP object injection.] - RESERVED +CVE-2019-14466 (The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable ...) {DLA-1905-1} - gosa 2.7.4+reloaded3-10 NOTE: https://github.com/gosa-project/gosa-core/commit/e1504e9765db2adde8b4685b5c93fbba57df868b (fix) @@ -31649,8 +31793,8 @@ CVE-2019-12838 (SchedMD
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2054-1 for jhead
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: a118a2b6 by Adrian Bunk at 2019-12-31T18:13:22Z Reserve DLA-2054-1 for jhead - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[31 Dec 2019] DLA-2054-1 jhead - security update + {CVE-2018-16554 CVE-2018-17088 CVE-2019-1010301 CVE-2019-1010302} + [jessie] - jhead 1:2.97-1+deb8u2 [31 Dec 2019] DLA-2053-1 otrs2 - security update {CVE-2019-18179} [jessie] - otrs2 3.3.18-1+deb8u12 = data/dla-needed.txt = @@ -33,9 +33,6 @@ ibus (Emilio) NOTE: 20191210: See https://bugs.debian.org/941018 NOTE: 20191210: See https://gitlab.gnome.org/GNOME/glib/merge_requests/1176 -- -jhead (Adrian Bunk) - NOTE: 20191230: work is ongoing --- libexif (Hugo Lefeuvre) NOTE: 2019: Contacted upstream for relevant commits of CVE-2019-9278. (utkarsh2102) NOTE: 20191114: Pinged upstream; just have the Android patch yet. (utkarsh2102) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a118a2b69fbd5f20f35611b27dbc4d664d48c158 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a118a2b69fbd5f20f35611b27dbc4d664d48c158 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add xerces-c to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 868ff32c by Markus Koschany at 2019-12-31T17:54:54Z Add xerces-c to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -141,6 +141,9 @@ xcftools (Hugo Lefeuvre) -- xen -- +xerces-c + NOTE: 20191231: There is no upstream patch yet. (apo) +-- yara NOTE: 20191212: no upstream fix yet -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/868ff32cf8796da89b64bf4dd924e2375466d5f0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/868ff32cf8796da89b64bf4dd924e2375466d5f0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add debian-lan-config to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 4d75f063 by Markus Koschany at 2019-12-31T17:44:38Z Add debian-lan-config to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -20,6 +20,8 @@ apache-log4j1.2 (Markus Koschany) clamav (Hugo Lefeuvre) NOTE: 20191227: waiting for 0.102.1 to enter stretch/buster. -- +debian-lan-config +-- git (Roberto C. Sánchez) NOTE: 20191226: Patches integrated for 4 of 5 CVEs. The last, CVE-2019-1387, NOTE: 20191226: is proving rather difficult. (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d75f0638f2c52421cfbee8705136b448f27d60e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d75f0638f2c52421cfbee8705136b448f27d60e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add graphicsmagick to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: c8dc22b5 by Markus Koschany at 2019-12-31T17:34:46Z Add graphicsmagick to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -24,6 +24,8 @@ git (Roberto C. Sánchez) NOTE: 20191226: Patches integrated for 4 of 5 CVEs. The last, CVE-2019-1387, NOTE: 20191226: is proving rather difficult. (roberto) -- +graphicsmagick +-- ibus (Emilio) NOTE: 20191210: Requires glib2.0 to be patched also. NOTE: 20191210: See https://bugs.debian.org/941018 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c8dc22b5297f95e4f2ab098eeaeb409ae78ea257 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c8dc22b5297f95e4f2ab098eeaeb409ae78ea257 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage libsixel for Jessie
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 4cd34447 by Markus Koschany at 2019-12-31T16:46:07Z Triage libsixel for Jessie - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2470,6 +2470,7 @@ CVE-2019-20140 (An issue was discovered in libsixel 1.8.4. There is a heap-based - libsixel [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) + [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/122 CVE-2019-20139 (In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgrou ...) NOT-FOR-US: Nagios XI @@ -2571,6 +2572,7 @@ CVE-2019-20094 (An issue was discovered in libsixel 1.8.4. There is a heap-based - libsixel [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) + [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/125 CVE-2019-20093 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...) - libpodofo @@ -2655,6 +2657,7 @@ CVE-2019-20056 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel - libsixel [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) + [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/126 CVE-2019-20055 (LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substri ...) NOT-FOR-US: LuquidPixels LiquiFire OS @@ -2725,18 +2728,21 @@ CVE-2019-20024 (A heap-based buffer overflow was discovered in image_buffer_resi - libsixel [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) + [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/121 NOTE: https://github.com/saitoha/libsixel/commit/6367d2fc8c365c5841d05697200e90c73c4b3c4b CVE-2019-20023 (A memory leak was discovered in image_buffer_resize in fromsixel.c in ...) - libsixel [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) + [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/120 NOTE: Proposed fix: https://github.com/saitoha/libsixel/commit/b9a4175c803b50a863b0fbd8b8b49058ca725ea6 CVE-2019-20022 (An invalid memory address dereference was discovered in load_pnm in fr ...) - libsixel [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) + [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/108 NOTE: https://github.com/saitoha/libsixel/commit/e17c0765ed708186865f0f8badfed44181063776 CVE-2019-20021 (A heap-based buffer over-read was discovered in canUnpack in p_mach.cp ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4cd3444716a32f2ccb15d2b059f9c57385274f22 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4cd3444716a32f2ccb15d2b059f9c57385274f22 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2053-1 for otrs2
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: dd8730bc by Abhijith PA at 2019-12-31T15:34:05Z Reserve DLA-2053-1 for otrs2 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[31 Dec 2019] DLA-2053-1 otrs2 - security update + {CVE-2019-18179} + [jessie] - otrs2 3.3.18-1+deb8u12 [30 Dec 2019] DLA-2052-1 libbsd - security update {CVE-2016-2090} [jessie] - libbsd 0.7.0-2+deb8u1 = data/dla-needed.txt = @@ -81,10 +81,6 @@ nss (Markus Koschany) opendmarc (Thorsten Alteholz) NOTE: 20191222: still testing package, original patch does not seem to be enough, still ongoing -- -otrs2 (Abhijith PA) - NOTE: otrs2 is in jessie/main so it should be taken care off - NOTE: 20191208: CVE-2019-18180 seems not affected (abhijith) --- python-reportlab (Hugo Lefeuvre) NOTE: 20191227: still no upstream fix -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd8730bc008803cfd2315ccf654d4640910e1479 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd8730bc008803cfd2315ccf654d4640910e1479 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2019-7733 via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d88553f by Salvatore Bonaccorso at 2019-12-31T13:56:33Z Track fixed version for CVE-2019-7733 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -46487,7 +46487,7 @@ CVE-2019-7734 RESERVED CVE-2019-7733 (In Live555 0.95, there is a buffer overflow via a large integer in a C ...) [experimental] - liblivemedia 2019.05.12-1 - - liblivemedia (low; bug #929948) + - liblivemedia 2019.10.11-2 (low; bug #929948) [buster] - liblivemedia (Minor issue) [stretch] - liblivemedia (Minor issue) [jessie] - liblivemedia (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d88553f5df98956e5442051f658d95dda30965e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d88553f5df98956e5442051f658d95dda30965e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add proposed update for cups via stretch-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 48dc75d1 by Salvatore Bonaccorso at 2019-12-31T13:54:04Z Add proposed update for cups via stretch-pu - - - - - 1 changed file: - data/next-oldstable-point-update.txt Changes: = data/next-oldstable-point-update.txt = @@ -116,3 +116,5 @@ CVE-2019-15680 [stretch] - tightvnc 1:1.3.9-9+deb9u1 CVE-2019-15681 [stretch] - tightvnc 1:1.3.9-9+deb9u1 +CVE-2019-2228 + [stretch] - cups 2.2.1-8+deb9u5 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/48dc75d15004c80035a8da1a18bdf4b688cfe1f5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/48dc75d15004c80035a8da1a18bdf4b688cfe1f5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark for now CVE-2019-19921 as undetermined
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3940da91 by Salvatore Bonaccorso at 2019-12-31T13:44:12Z Mark for now CVE-2019-19921 as undetermined - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3003,7 +3003,7 @@ CVE-2019-19922 (kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.c NOTE: https://git.kernel.org/linus/de53fd7aedb100f03e5d2231cfce0e4993282425 CVE-2019-19921 RESERVED - - runc + - runc NOTE: https://github.com/opencontainers/runc/pull/2190 TODO: check for details CVE-2019-19919 (Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Poll ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3940da91c51b623afb8c845301261f6ee10da322 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3940da91c51b623afb8c845301261f6ee10da322 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19921/runc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 024e0b65 by Salvatore Bonaccorso at 2019-12-31T13:42:30Z Add CVE-2019-19921/runc Details on the issue seem not present. The CVE was mentioned in https://lore.kernel.org/stable/20191230052036.8765-2-cyp...@cyphar.com/ and cross checking with containers https://github.com/opencontainers/runc/pull/2190 is found, but without information on the vulnerability. It seems to be related to an audit performed by Cure53 as per https://github.com/opencontainers/runc/pull/2190/commits/36268ea7e4a7bb02c9df1954a1d3d912e568ba69 .. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3003,6 +3003,9 @@ CVE-2019-19922 (kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.c NOTE: https://git.kernel.org/linus/de53fd7aedb100f03e5d2231cfce0e4993282425 CVE-2019-19921 RESERVED + - runc + NOTE: https://github.com/opencontainers/runc/pull/2190 + TODO: check for details CVE-2019-19919 (Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Poll ...) - node-handlebars 3:4.5.3-1 [buster] - node-handlebars (Minor issue; will be fixed via point release) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/024e0b655e468e49a250f20a211b52e303e7c723 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/024e0b655e468e49a250f20a211b52e303e7c723 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] cups spu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c99a8cbc by Moritz Muehlenhoff at 2019-12-31T13:38:04Z cups spu - - - - - 2 changed files: - data/CVE/list - data/next-point-update.txt Changes: = data/CVE/list = @@ -61772,6 +61772,8 @@ CVE-2019-2229 (In updateWidget of BaseWidgetProvider.java, there is a possible l CVE-2019-2228 (In array_find of array.c, there is a possible out-of-bounds read due t ...) {DLA-2047-1} - cups 2.3.1-1 (bug #946782) + [buster] - cups (Minor issue) + [stretch] - cups (Minor issue) NOTE: https://github.com/apple/cups/commit/b018978c278d42c7abf78941251b887c95dfdb07 (master, v2.3.1) NOTE: https://github.com/apple/cups/commit/8c9b3606cca99e5dfc51784a9de1634345db7579 (v2.2.13) CVE-2019-2227 (In DeepCopy of btif_av.cc, there is a possible out of bounds read due ...) = data/next-point-update.txt = @@ -177,3 +177,5 @@ CVE-2019-19060 [buster] - linux 4.19.87-1 CVE-2019-19075 [buster] - linux 4.19.87-1 +CVE-2019-2228 + [buster] - cups 2.2.10-6+deb10u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c99a8cbc1aaad9b911435a48f747dd33ed5ca913 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c99a8cbc1aaad9b911435a48f747dd33ed5ca913 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] liblivemedia fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5c659f0c by Moritz Muehlenhoff at 2019-12-31T13:34:35Z liblivemedia fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23103,7 +23103,7 @@ CVE-2019-15233 (The Live:Text Box macro in the Old Street Live Input Macros app NOT-FOR-US: Old Street Live Input Macros app for Confluence CVE-2019-15232 (Live555 before 2019.08.16 has a Use-After-Free because GenericMediaSer ...) [experimental] - liblivemedia 2019.08.16-1 - - liblivemedia (low) + - liblivemedia 2019.10.11-2 (low) [buster] - liblivemedia (Can be fixed along in future update) [stretch] - liblivemedia (Can be fixed along in future update) [jessie] - liblivemedia (Can be fixed along with more important patches) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5c659f0cc0a3a12be4938987ba50c0cb33b04bf8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5c659f0cc0a3a12be4938987ba50c0cb33b04bf8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Re-add libgcrypt20 for jessie LTS as I think the fix for...
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 558465c5 by Chris Lamb at 2019-12-31T12:28:18Z data/dla-needed.txt: Re-add libgcrypt20 for jessie LTS as I think the fix for CVE-2019-13627 was incomplete. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -40,6 +40,9 @@ libexif (Hugo Lefeuvre) NOTE: 20191216: The android patch does not apply but is easy to manually apply. (ola) NOTE: 20191216: The problem is the file to trigger the fault is not known. (ola) -- +libgcrypt20 (lamby) + NOTE: 20191231: I think the fix for CVE-2019-13627 was incomplete. (lamby) +-- libjackson-json-java (Adrian Bunk) NOTE: 20191230: work is ongoing -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/558465c5e18e169c7c7d5799f3af7a1268384153 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/558465c5e18e169c7c7d5799f3af7a1268384153 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track several new gpac issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f3896ca9 by Salvatore Bonaccorso at 2019-12-31T10:06:07Z Track several new gpac issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14,31 +14,44 @@ CVE-2019-20173 CVE-2019-20172 (Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not r ...) NOT-FOR-US: SerenityOS CVE-2019-20171 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1337 CVE-2019-20170 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1328 CVE-2019-20169 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1329 CVE-2019-20168 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1333 CVE-2019-20167 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1330 CVE-2019-20166 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1331 CVE-2019-20165 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1338 CVE-2019-20164 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1332 CVE-2019-20163 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1335 CVE-2019-20162 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1327 CVE-2019-20161 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1320 CVE-2019-20160 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1334 CVE-2019-20159 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1321 CVE-2019-20158 RESERVED CVE-2019-20157 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3896ca97e982fe61eb71bdd4391ce7741dd5ba0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3896ca97e982fe61eb71bdd4391ce7741dd5ba0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-20056/libsixel
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 397dbe86 by Salvatore Bonaccorso at 2019-12-31T08:43:59Z Add CVE-2019-20056/libsixel - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2639,7 +2639,10 @@ CVE-2019-20058 (** DISPUTED ** Bolt 3.7.0, if Symfony Web Profiler is used, allo CVE-2019-20057 (com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman ...) NOT-FOR-US: Proxyman for macOS CVE-2019-20056 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel and o ...) - TODO: check + - libsixel + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) + NOTE: https://github.com/saitoha/libsixel/issues/126 CVE-2019-20055 (LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substri ...) NOT-FOR-US: LuquidPixels LiquiFire OS CVE-2019-20053 (An invalid memory address dereference was discovered in the canUnpack ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/397dbe865863142cffb909db6466bab1219a04f5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/397dbe865863142cffb909db6466bab1219a04f5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d631d909 by Salvatore Bonaccorso at 2019-12-31T08:43:15Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12,7 +12,7 @@ CVE-2019-20174 CVE-2019-20173 RESERVED CVE-2019-20172 (Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not r ...) - TODO: check + NOT-FOR-US: SerenityOS CVE-2019-20171 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) TODO: check CVE-2019-20170 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) @@ -2461,7 +2461,7 @@ CVE-2019-20140 (An issue was discovered in libsixel 1.8.4. There is a heap-based CVE-2019-20139 (In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgrou ...) NOT-FOR-US: Nagios XI CVE-2019-20138 (The HTTP Authentication library before 2019-12-27 for Nim has weak pas ...) - TODO: check + NOT-FOR-US: HTTP Authentication library for Nim CVE-2019-20137 RESERVED CVE-2019-20136 @@ -9825,9 +9825,9 @@ CVE-2019-19034 CVE-2019-19033 (Jalios JCMS 10 allows attackers to access any part of the website and ...) NOT-FOR-US: Jalios JCMS CVE-2019-19032 (XMLBlueprint through 16.191112 is affected by XML External Entity Inje ...) - TODO: check + NOT-FOR-US: XMLBlueprint CVE-2019-19031 (Easy XML Editor through v1.7.8 is affected by: XML External Entity Inj ...) - TODO: check + NOT-FOR-US: Easy XML Editor CVE-2019-19030 RESERVED CVE-2019-19029 @@ -37437,7 +37437,7 @@ CVE-2019-10760 (safer-eval before 1.3.2 are vulnerable to Arbitrary Code Executi CVE-2019-10759 (safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A ...) NOT-FOR-US: safer-eval Node module CVE-2019-10758 (mongo-express before 0.54.0 is vulnerable to Remote Code Execution via ...) - TODO: check + NOT-FOR-US: mongo-express CVE-2019-10757 (knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. ...) NOT-FOR-US: knex.js CVE-2019-10756 (It is possible to inject JavaScript within node-red-dashboard versions ...) @@ -47220,9 +47220,9 @@ CVE-2019-7481 (Vulnerability in SonicWall SMA100 allow unauthenticated user to g CVE-2019-7480 RESERVED CVE-2019-7479 (A vulnerability in SonicOS allow authenticated read-only admin can ele ...) - TODO: check + NOT-FOR-US: SonicOS CVE-2019-7478 (A vulnerability in GMS allow unauthenticated user to SQL injection in ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2019-7477 (A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow ...) NOT-FOR-US: SonicWall CVE-2019-7476 (A vulnerability in SonicWall Global Management System (GMS), allow a r ...) @@ -98728,7 +98728,7 @@ CVE-2018-7861 CVE-2018-7860 RESERVED CVE-2018-7859 (A security vulnerability in D-Link DGS-1510-series switches with firmw ...) - TODO: check + NOT-FOR-US: D-Link CVE-2018-7858 (Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Em ...) - qemu 1:2.12~rc3+dfsg-1 (bug #892497) [stretch] - qemu (Vulnerable code not present) @@ -260784,7 +260784,7 @@ CVE-2013-4869 (Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) CVE-2013-4868 (Karotz API 12.07.19.00: Session Token Information Disclosure ...) TODO: check CVE-2013-4867 (Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module h ...) - TODO: check + NOT-FOR-US: Electronic Arts Karotz Smart Rabbit CVE-2013-4866 (The LIXIL Corporation My SATIS Genius Toilet application for Android h ...) NOT-FOR-US: LIXIL Corporation My SATIS Genius Toilet application for Android CVE-2013-4865 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d631d90901cabb1b294579f8e1db033c257b7072 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d631d90901cabb1b294579f8e1db033c257b7072 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-20175/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 40e3e0ca by Salvatore Bonaccorso at 2019-12-31T08:31:53Z Add CVE-2019-20175/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,12 @@ CVE-2019-20175 (** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core. ...) - TODO: check + - qemu (unimportant) + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg01651.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg03869.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg00597.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg02165.html + NOTE: Marked unimportant, as negligible security impact (a privileged guest + NOTE: can trigger similar issues without triggering the specific assert) and + NOTE: is disputed by QEMU security team. CVE-2019-20174 RESERVED CVE-2019-20173 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/40e3e0ca9def37424ba0ceadb57943049ccf0ac0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/40e3e0ca9def37424ba0ceadb57943049ccf0ac0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19927/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 84d38612 by Salvatore Bonaccorso at 2019-12-31T08:23:17Z Add CVE-2019-19927/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2955,7 +2955,8 @@ CVE-2019-19929 (An Untrusted Search Path vulnerability in Malwarebytes AdwCleane CVE-2019-19928 RESERVED CVE-2019-19927 (In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on k ...) - TODO: check + - linux + TODO: check in kernel-sec CVE-2019-19926 (multiSelect in select.c in SQLite 3.30.1 mishandles certain errors dur ...) - sqlite3 (Incomplete fix for CVE-2019-19880 not applied) NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/84d386121c9db3724ed642881b9b4050c8485048 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/84d386121c9db3724ed642881b9b4050c8485048 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ddc08817 by security tracker role at 2019-12-31T08:10:20Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,55 @@ +CVE-2019-20175 (** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core. ...) + TODO: check +CVE-2019-20174 + RESERVED +CVE-2019-20173 + RESERVED +CVE-2019-20172 (Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not r ...) + TODO: check +CVE-2019-20171 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20170 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20169 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20168 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20167 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20166 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20165 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20164 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20163 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20162 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20161 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20160 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20159 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20158 + RESERVED +CVE-2019-20157 + RESERVED +CVE-2019-20156 + RESERVED +CVE-2019-20155 + RESERVED +CVE-2019-20154 + RESERVED +CVE-2019-20153 + RESERVED +CVE-2019-20152 + RESERVED +CVE-2019-20151 + RESERVED +CVE-2019-20150 + RESERVED CVE-2020-5128 RESERVED CVE-2020-5127 @@ -2902,8 +2954,8 @@ CVE-2019-19929 (An Untrusted Search Path vulnerability in Malwarebytes AdwCleane NOT-FOR-US: Malwarebytes AdwCleaner CVE-2019-19928 RESERVED -CVE-2019-19927 - RESERVED +CVE-2019-19927 (In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on k ...) + TODO: check CVE-2019-19926 (multiSelect in select.c in SQLite 3.30.1 mishandles certain errors dur ...) - sqlite3 (Incomplete fix for CVE-2019-19880 not applied) NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089 @@ -9764,10 +9816,10 @@ CVE-2019-19034 RESERVED CVE-2019-19033 (Jalios JCMS 10 allows attackers to access any part of the website and ...) NOT-FOR-US: Jalios JCMS -CVE-2019-19032 - RESERVED -CVE-2019-19031 - RESERVED +CVE-2019-19032 (XMLBlueprint through 16.191112 is affected by XML External Entity Inje ...) + TODO: check +CVE-2019-19031 (Easy XML Editor through v1.7.8 is affected by: XML External Entity Inj ...) + TODO: check CVE-2019-19030 RESERVED CVE-2019-19029 @@ -18636,8 +18688,8 @@ CVE-2019-16792 RESERVED CVE-2019-16791 RESERVED -CVE-2019-16790 - RESERVED +CVE-2019-16790 (In Tiny File Manager before 2.3.9, there is a remote code execution vi ...) + TODO: check CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used in front ...) - waitress (bug #947433) [buster] - waitress (Minor issue) @@ -47159,10 +47211,10 @@ CVE-2019-7481 (Vulnerability in SonicWall SMA100 allow unauthenticated user to g NOT-FOR-US: SonicWall SMA100 CVE-2019-7480 RESERVED -CVE-2019-7479 - RESERVED -CVE-2019-7478 - RESERVED +CVE-2019-7479 (A vulnerability in SonicOS allow authenticated read-only admin can ele ...) + TODO: check +CVE-2019-7478 (A vulnerability in GMS allow unauthenticated user to SQL injection in ...) + TODO: check CVE-2019-7477 (A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow ...) NOT-FOR-US: SonicWall CVE-2019-7476 (A vulnerability in SonicWall Global Management System (GMS), allow a r ...) @@ -57530,8 +57582,7 @@ CVE-2018-20511 (An issue was discovered in the Linux kernel before 4.18.11. The - linux 4.18.20-1 [stretch] - linux 4.9.130-1 NOTE: Fixed by: https://git.kernel.org/linus/9824dfae5741275473a23a7ed5756c7b6efacc9d (4.19-rc5) -CVE-2018-20507 [Missing authentication for Prometheus alert