[Git][security-tracker-team/security-tracker][master] Add CVE-2019-17558/lucene-solr
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 112892f6 by Salvatore Bonaccorso at 2020-01-02T08:49:54+01:00 Add CVE-2019-17558/lucene-solr - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16732,7 +16732,11 @@ CVE-2019-17560 CVE-2019-17559 RESERVED CVE-2019-17558 (Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code ...) - TODO: check + - lucene-solr + NOTE: https://www.openwall.com/lists/oss-security/2019/12/30/1 + NOTE: https://issues.apache.org/jira/browse/SOLR-13971 + NOTE: https://issues.apache.org/jira/browse/SOLR-14025 + TODO: check, whilst the advisory claims 5.0.0 upwards only the SolrParamResourceLoader might be of issue already earlier? CVE-2019-17557 RESERVED CVE-2019-17556 (Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService clas ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/112892f6969cc9fa6f24dd78fdcf99b236f1ca82 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/112892f6969cc9fa6f24dd78fdcf99b236f1ca82 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing fb98e4529ad15c351e0733e49327483e0d350845 failed
The error message was: Makefile:34: recipe for target 'all' failed make: *** [all] Terminated ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-18898 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fb98e452 by Salvatore Bonaccorso at 2020-01-02T08:29:07+01:00 Mark CVE-2019-18898 as NFU Somehow a special case here. The affected source would be src:trousers, but a %posttrans would even not be present in the upstream provided spec files for rpm packaging. The CVE assignment seems specific to the packaging in SUSE itself. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10307,6 +10307,7 @@ CVE-2019-18899 RESERVED CVE-2019-18898 RESERVED + NOT-FOR-US: SUSE specific packaging issue in %posttrans section in src:trousers CVE-2019-18897 RESERVED CVE-2019-18896 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb98e4529ad15c351e0733e49327483e0d350845 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb98e4529ad15c351e0733e49327483e0d350845 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-20079,vim: Jessie is not affected
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: b89cbb9e by Markus Koschany at 2020-01-02T00:51:44+01:00 CVE-2019-20079,vim: Jessie is not affected The vulnerable code was introduced later - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2763,6 +2763,7 @@ CVE-2019-20080 RESERVED CVE-2019-20079 (The autocmd feature in window.c in Vim before 8.1.2136 accesses freed ...) - vim 2:8.1.2136-1 + [jessie] - vim (vulnerable code was introduced later) NOTE: https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421 CVE-2019-20078 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b89cbb9ec4f1f15692b0a4171fa19433dddaf786 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b89cbb9ec4f1f15692b0a4171fa19433dddaf786 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 73024699 by Salvatore Bonaccorso at 2020-01-01T21:14:03+01:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2020-5179 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...) - TODO: check + NOT-FOR-US: Comtech Stampede FX-1010 7.4.3 devices CVE-2019-20202 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) TODO: check CVE-2019-20201 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_ ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/73024699d0fdc0f97d8a3186cd43bc42d57d9866 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/73024699d0fdc0f97d8a3186cd43bc42d57d9866 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5aac60c7 by security tracker role at 2020-01-01T20:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2020-5179 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...) + TODO: check CVE-2019-20202 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) TODO: check CVE-2019-20201 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_ ...) @@ -18882,6 +18884,7 @@ CVE-2019-16791 CVE-2019-16790 (In Tiny File Manager before 2.3.9, there is a remote code execution vi ...) NOT-FOR-US: Tiny File Manager CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used in front ...) + {DLA-2056-1} - waitress 1.4.1-1 (bug #947433) [buster] - waitress (Minor issue) [stretch] - waitress (Minor issue) @@ -28597,7 +28600,7 @@ CVE-2019-13628 (wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without - wolfssl 4.1.0+dfsg-1 NOTE: https://github.com/wolfSSL/wolfssl/pull/2353 CVE-2019-13627 (It was discovered that there was a ECDSA timing attack in the libgcryp ...) - {DLA-1931-1} + {DLA-1931-2 DLA-1931-1} - libgcrypt20 1.8.5-1 (bug #938938) [buster] - libgcrypt20 (Minor issue) [stretch] - libgcrypt20 (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5aac60c7f0829e2db5d3b1b1182640bf78828687 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5aac60c7f0829e2db5d3b1b1182640bf78828687 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add tracking for fixed version for CVE-2019-20176/pure-ftpd
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 30882248 by Salvatore Bonaccorso at 2020-01-01T16:13:51Z Add tracking for fixed version for CVE-2019-20176/pure-ftpd - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -151,7 +151,7 @@ CVE-2019-20178 CVE-2019-20177 RESERVED CVE-2019-20176 (In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the li ...) - - pure-ftpd (bug #947869) + - pure-ftpd 1.0.49-2 (bug #947869) NOTE: https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706 CVE-2019-20175 (** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core. ...) - qemu (unimportant) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3088224896555955de3a8ae610416a50d149932b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3088224896555955de3a8ae610416a50d149932b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Correct version number in DLA-2056-1 to include +deb8u1 suffix.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: ff35a32d by Chris Lamb at 2020-01-01T13:51:39Z Correct version number in DLA-2056-1 to include +deb8u1 suffix. - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,6 +1,6 @@ [01 Jan 2020] DLA-2056-1 waitress - security update {CVE-2019-16789} - [jessie] - waitress 0.8.9-2 + [jessie] - waitress 0.8.9-2+deb8u1 [01 Jan 2020] DLA-1931-2 libgcrypt20 - regression update {CVE-2019-13627} [jessie] - libgcrypt20 1.6.3-2+deb8u8 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff35a32d823c3ce521d055013d9a3282d0e86f6f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff35a32d823c3ce521d055013d9a3282d0e86f6f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Return DLA-2056-1 to the pool; libgcrypt20 is a regression update.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: e5595714 by Chris Lamb at 2020-01-01T12:21:09Z Return DLA-2056-1 to the pool; libgcrypt20 is a regression update. - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,4 +1,4 @@ -[01 Jan 2020] DLA-2056-1 libgcrypt20 - security update +[01 Jan 2020] DLA-1931-2 libgcrypt20 - regression update {CVE-2019-13627} [jessie] - libgcrypt20 1.6.3-2+deb8u8 [31 Dec 2019] DLA-2055-1 igraph - security update View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e5595714b6f6a125260810e4a09b68c6c9ccdeee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e5595714b6f6a125260810e4a09b68c6c9ccdeee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2056-1 for libgcrypt20
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 1e37589e by Chris Lamb at 2020-01-01T12:16:31Z Reserve DLA-2056-1 for libgcrypt20 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[01 Jan 2020] DLA-2056-1 libgcrypt20 - security update + {CVE-2019-13627} + [jessie] - libgcrypt20 1.6.3-2+deb8u8 [31 Dec 2019] DLA-2055-1 igraph - security update {CVE-2018-20349} [jessie] - igraph 0.7.1-2+deb8u1 = data/dla-needed.txt = @@ -41,9 +41,6 @@ libexif (Hugo Lefeuvre) NOTE: 20191216: The android patch does not apply but is easy to manually apply. (ola) NOTE: 20191216: The problem is the file to trigger the fault is not known. (ola) -- -libgcrypt20 (lamby) - NOTE: 20191231: I think the fix for CVE-2019-13627 was incomplete. (lamby) --- libjackson-json-java (Adrian Bunk) NOTE: 20191230: work is ongoing -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e37589e5fb7c9dd0a9ee7061f8d21f09be96361 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e37589e5fb7c9dd0a9ee7061f8d21f09be96361 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2019-1221{1,3}/freeimage
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 98a5bce2 by Salvatore Bonaccorso at 2020-01-01T10:01:50Z Add fixed version via unstable for CVE-2019-1221{1,3}/freeimage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33526,7 +33526,7 @@ CVE-2019-12214 (In FreeImage 3.18.0, an out-of-bounds access occurs because of m NOTE: nearly unfixable. CVE-2019-12213 (When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory ...) {DSA-4593-1 DLA-2031-1} - - freeimage (bug #929597) + - freeimage 3.18.0+ds2-3 (bug #929597) [buster] - freeimage (Revisit when upstream fixes are available) [stretch] - freeimage (Revisit when upstream fixes are available) NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/ @@ -33539,7 +33539,7 @@ CVE-2019-12212 (When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIF NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/ CVE-2019-12211 (When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load ...) {DSA-4593-1 DLA-2031-1} - - freeimage (bug #929597) + - freeimage 3.18.0+ds2-3 (bug #929597) [buster] - freeimage (Revisit when upstream fixes are available) [stretch] - freeimage (Revisit when upstream fixes are available) NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/98a5bce2a956af1cdcb5997728294fefd758f4a7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/98a5bce2a956af1cdcb5997728294fefd758f4a7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-1490{4,5}: Move status from undetermined to unfixed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4c8dab16 by Salvatore Bonaccorso at 2020-01-01T08:27:27Z CVE-2019-1490{4,5}: Move status from undetermined to unfixed Both issues have low impact according to the maintainer. Surpsisingly both have missleading fixed status information in the Red Hat reports; Maintainer will further check the status. Thanks: Lee Garrett - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24542,11 +24542,15 @@ CVE-2019-14906 NOT-FOR-US: Specific CVE assignment for incorrect/incomplete fix of CVE-2019-13616 in RHEL 7 CVE-2019-14905 [malicious code could craft filename in nxos_file_copy module] RESERVED - - ansible + - ansible (low) + [buster] - ansible (Minor issue) + [stretch] - ansible (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776943 CVE-2019-14904 [vulnerability in solaris_zone module via crafted solaris zone] RESERVED - - ansible + - ansible (low) + [buster] - ansible (Minor issue) + [stretch] - ansible (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776944 CVE-2019-14903 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c8dab1672a9b60f3cbae0711c52bb9b3f839c41 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c8dab1672a9b60f3cbae0711c52bb9b3f839c41 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-20176/pure-ftpd
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c591e87c by Salvatore Bonaccorso at 2020-01-01T08:21:50Z Add Debian bug reference for CVE-2019-20176/pure-ftpd - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -151,7 +151,7 @@ CVE-2019-20178 CVE-2019-20177 RESERVED CVE-2019-20176 (In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the li ...) - - pure-ftpd + - pure-ftpd (bug #947869) NOTE: https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706 CVE-2019-20175 (** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core. ...) - qemu (unimportant) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c591e87c2a94f174825b51a76eb5d39528e70f0b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c591e87c2a94f174825b51a76eb5d39528e70f0b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7aaddf9a by security tracker role at 2020-01-01T08:10:14Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2019-20202 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) + TODO: check +CVE-2019-20201 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_ ...) + TODO: check +CVE-2019-20200 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) + TODO: check +CVE-2019-20199 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) + TODO: check +CVE-2019-20198 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) + TODO: check CVE-2020-5178 RESERVED CVE-2020-5177 @@ -13471,8 +13481,8 @@ CVE-2019-18570 RESERVED CVE-2019-18569 RESERVED -CVE-2019-18568 - RESERVED +CVE-2019-18568 (Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege esca ...) + TODO: check CVE-2019-18567 RESERVED CVE-2019-18566 @@ -212721,19 +212731,15 @@ CVE-2015-5597 RESERVED CVE-2015-5596 RESERVED -CVE-2015-5595 - RESERVED +CVE-2015-5595 (Cross-site request forgery (CSRF) vulnerability in admin.php in Zenpho ...) NOT-FOR-US: Zenphoto CVE-2015-5594 (The sanitize_string function in ZenPhoto before 1.4.9 utilized the htm ...) NOT-FOR-US: Zenphoto -CVE-2015-5593 - RESERVED +CVE-2015-5593 (The sanitize_string function in Zenphoto before 1.4.9 does not properl ...) NOT-FOR-US: Zenphoto -CVE-2015-5592 - RESERVED +CVE-2015-5592 (Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allow ...) NOT-FOR-US: Zenphoto -CVE-2015-5591 - RESERVED +CVE-2015-5591 (SQL injection vulnerability in Zenphoto before 1.4.9 allow remote admi ...) NOT-FOR-US: Zenphoto CVE-2015-5588 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Win ...) NOT-FOR-US: Adobe Flash Player @@ -254285,11 +254291,9 @@ CVE-2013-7073 (The Content Editing Wizards component in TYPO3 4.5.0 through 4.5. NOTE: https://review.typo3.org/#/c/26180/ CVE-2013-7072 REJECTED -CVE-2013-7071 - RESERVED +CVE-2013-7071 (Cross-site scripting (XSS) vulnerability in the handle_request functio ...) NOT-FOR-US: Monitorix -CVE-2013-7070 - RESERVED +CVE-2013-7070 (The handle_request function in lib/HTTPServer.pm in Monitorix before 3 ...) NOT-FOR-US: Monitorix CVE-2013-7062 [XSS] RESERVED @@ -290777,8 +290781,7 @@ CVE-2011-5049 (MySQL 5.5.8, when running on Windows, allows remote attackers to NOT-FOR-US: MySQL on Windows CVE-2007-6751 (Cross-site scripting (XSS) vulnerability in the MailForm plugin before ...) NOT-FOR-US: MailForm plugin for Movable Type -CVE-2004-2776 - RESERVED +CVE-2004-2776 (go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary co ...) NOT-FOR-US: Montitorix CVE-2004-2775 RESERVED @@ -295867,8 +295870,7 @@ CVE-2011-3587 (Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in P - zope2.12 2.12.20-2 CVE-2011-3586 REJECTED -CVE-2011-3585 - RESERVED +CVE-2011-3585 (Multiple race conditions in the (1) mount.cifs and (2) umount.cifs pro ...) - samba 2:3.4.7~dfsg-2 (low) - cifs-utils 2:4.5-1 (low) NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7aaddf9a9fdd510c59f695306e66314a6104b043 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7aaddf9a9fdd510c59f695306e66314a6104b043 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0fd56a32 by Salvatore Bonaccorso at 2020-01-01T08:03:33Z Track NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -99,7 +99,7 @@ CVE-2020-5130 CVE-2020-5129 RESERVED CVE-2019-20197 (In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary ...) - TODO: check + NOT-FOR-US: Nagios XI CVE-2019-20196 RESERVED CVE-2019-20195 @@ -18869,7 +18869,7 @@ CVE-2019-16792 CVE-2019-16791 RESERVED CVE-2019-16790 (In Tiny File Manager before 2.3.9, there is a remote code execution vi ...) - TODO: check + NOT-FOR-US: Tiny File Manager CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used in front ...) - waitress (bug #947433) [buster] - waitress (Minor issue) @@ -31794,7 +31794,7 @@ CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allo [stretch] - slurm-llnl (Too intrusive to backport) NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2019/25.html CVE-2019-12837 (The Java API in Generalitat de Catalunya accesuniversitat.gencat.cat 1 ...) - TODO: check + NOT-FOR-US: Java API in Generalitat de Catalunya accesuniversitat.gencat.cat CVE-2019-12836 (The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker t ...) NOT-FOR-US: Bobronix JEditor editor for Jira CVE-2019-12835 (formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds ...) @@ -33311,7 +33311,7 @@ CVE-2016-10750 (In Hazelcast before 3.11, the cluster join procedure is vulnerab CVE-2019-12274 (In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to de ...) NOT-FOR-US: Rancher CVE-2019-12273 (OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF ...) - TODO: check + NOT-FOR-US: OutSystems Platform CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/band ...) NOT-FOR-US: OpenWrt LuCI CVE-2019-12271 (Sandline Centraleyezer (On Premises) allows unrestricted File Upload w ...) @@ -33586,7 +33586,7 @@ CVE-2019-12188 CVE-2019-12187 RESERVED CVE-2019-12186 (An issue was discovered in Sylius products. Missing input sanitization ...) - TODO: check + NOT-FOR-US: Sylius CVE-2019-12185 (eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/con ...) NOT-FOR-US: eLabFTW CVE-2019-12184 (There is XSS in browser/components/MarkdownPreview.js in BoostIO Boost ...) @@ -38912,7 +38912,7 @@ CVE-2019-10229 (An issue was discovered in MailStore Server (and Service Provide CVE-2019-10228 RESERVED CVE-2019-10227 (openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found comp ...) - TODO: check + NOT-FOR-US: openITCOCKPIT CVE-2019-10226 (HTML Injection has been discovered in the v0.19.0 version of the Fat F ...) NOT-FOR-US: Fat Free CRM CVE-2019-10225 @@ -41593,7 +41593,7 @@ CVE-2019-9670 (mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x be CVE-2019-9669 (The Wordfence plugin 7.2.3 for WordPress allows XSS via a unique attac ...) NOT-FOR-US: Wordfence plugin for WordPress CVE-2019-9668 (An issue was discovered in rovinbhandari FTP through 2012-03-28. recei ...) - TODO: check + NOT-FOR-US: rovinbhandari FTP CVE-2019-9667 RESERVED CVE-2019-9666 @@ -41952,13 +41952,13 @@ CVE-2019-9558 (Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Sc CVE-2019-9557 (Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) vi ...) NOT-FOR-US: Ability Mail Server CVE-2019-9556 (FiberHome an5506-04-f RP2669 devices have XSS. ...) - TODO: check + NOT-FOR-US: FiberHome an5506-04-f RP2669 devices CVE-2019-9555 (Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, ...) NOT-FOR-US: Sagemcom routers CVE-2019-9554 (In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the ...) - TODO: check + NOT-FOR-US: Craft CMS CVE-2019-9553 (Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcon ...) - TODO: check + NOT-FOR-US: Bolt CMS CVE-2019-9552 (Eloan V3.0 through 2018-09-20 allows remote attackers to list files vi ...) NOT-FOR-US: Eloan CVE-2019-9551 (An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06. ...) @@ -42892,9 +42892,9 @@ CVE-2019-9208 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissect NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2 NOTE: https://www.wireshark.org/security/wnpa-sec-2019-07.html CVE-2019-9207 (PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm search ...) - TODO:
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-20176/pure-ftpd
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1890e6fe by Salvatore Bonaccorso at 2020-01-01T08:04:10Z Add CVE-2019-20176/pure-ftpd - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -141,7 +141,8 @@ CVE-2019-20178 CVE-2019-20177 RESERVED CVE-2019-20176 (In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the li ...) - TODO: check + - pure-ftpd + NOTE: https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706 CVE-2019-20175 (** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core. ...) - qemu (unimportant) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg01651.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1890e6fe082e2be8a455a8ed3e50f55ec242a3fb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1890e6fe082e2be8a455a8ed3e50f55ec242a3fb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits