[Git][security-tracker-team/security-tracker][master] Temporarily track fix for CVE-2020-6860/libmysofa via experimental
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f2225a24 by Salvatore Bonaccorso at 2020-02-09T08:18:07+01:00 Temporarily track fix for CVE-2020-6860/libmysofa via experimental - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4287,6 +4287,7 @@ CVE-2020-6862 (V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Info CVE-2020-6861 RESERVED CVE-2020-6860 (libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hd ...) + [experimental] - libmysofa 1.0~dfsg0-1~exp1 - libmysofa (bug #949325) [buster] - libmysofa (Minor issue) NOTE: https://github.com/hoene/libmysofa/issues/96 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2225a24ab194472486cf4d63ffe4803657f3f68 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2225a24ab194472486cf4d63ffe4803657f3f68 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add note for CVE-2020-3123 pointing to upstream announcement
Scott Kitterman pushed to branch master at Debian Security Tracker / security-tracker Commits: 10c52b8a by Scott Kitterman at 2020-02-09T01:21:14-05:00 Add note for CVE-2020-3123 pointing to upstream announcement - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13594,6 +13594,7 @@ CVE-2020-3123 (A vulnerability in the Data-Loss-Prevention (DLP) module in Clam - clamav (bug #950944) [buster] - clamav (ClamAV is updated via -updates) [stretch] - clamav (ClamAV is updated via -updates) + NOTE: https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html CVE-2020-3122 RESERVED CVE-2020-3121 (A vulnerability in the web-based management interface of Cisco Small B ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10c52b8ae632cbd7226c4e8b6ed256ce5a5828aa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10c52b8ae632cbd7226c4e8b6ed256ce5a5828aa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] List all needed commits for CVE-2020-5208
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 65d1191b by Salvatore Bonaccorso at 2020-02-08T23:37:31+01:00 List all needed commits for CVE-2020-5208 The initially mentioned one was only the first part of a series of commits to adress CVE-2020-5208 which consist of a full set of 6 commits. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7911,6 +7911,11 @@ CVE-2020-5208 (It's been found that multiple functions in ipmitool before 1.8.19 - ipmitool (bug #950761) NOTE: https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp NOTE: https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2 + NOTE: https://github.com/ipmitool/ipmitool/commit/840fb1cbb4fb365cb9797300e3374d4faefcdb10 + NOTE: https://github.com/ipmitool/ipmitool/commit/41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22 + NOTE: https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4 + NOTE: https://github.com/ipmitool/ipmitool/commit/d45572d71e70840e0d4c50bf48218492b79c1a10 + NOTE: https://github.com/ipmitool/ipmitool/commit/7ccea283dd62a05a320c1921e3d8d71a87772637 CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when running behin ...) NOT-FOR-US: Ktor CVE-2020-5206 (In Opencast before 7.6 and 8.1, using a remember-me cookie with an arb ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65d1191b07b7c8a792db0301172dec3088706dc5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65d1191b07b7c8a792db0301172dec3088706dc5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-19920/sa-exim via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 82948b38 by Salvatore Bonaccorso at 2020-02-09T00:10:28+01:00 Add fixed version for CVE-2019-19920/sa-exim via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -97613,7 +97613,7 @@ CVE-2018-1000182 (A server-side request forgery vulnerability exists in Jenkins NOT-FOR-US: Jenkins plugin CVE-2019-19920 (sa-exim 4.2.1 allows attackers to execute arbitrary code if they can w ...) {DLA-2062-1} - - sa-exim (bug #947198) + - sa-exim 4.2.1-19 (bug #947198) [buster] - sa-exim (Minor issue; can be fixed via point release) [stretch] - sa-exim (Minor issue; can be fixed via point release) NOTE: https://bugs.debian.org/946829#24 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/82948b38d0c8f8fb0e5b622978fae369a38d518d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/82948b38d0c8f8fb0e5b622978fae369a38d518d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim ppp in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 0f79da60 by Markus Koschany at 2020-02-08T23:46:02+01:00 Claim ppp in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -69,6 +69,8 @@ openjdk-7 (Emilio) -- php5 (Thorsten Alteholz) -- +ppp (Markus Koschany) +-- python-pysaml2 (Abhijith PA) NOTE: 2020203: test fails already for the one in archive (abhijith) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f79da606dd1e6b36b95cc848fbc7be69cd71eb1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f79da606dd1e6b36b95cc848fbc7be69cd71eb1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim ipmitool in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f4d7938 by Markus Koschany at 2020-02-08T23:07:22+01:00 Claim ipmitool in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -24,6 +24,8 @@ ibus -- intel-microcode -- +ipmitool (Markus Koschany) +-- jackson-databind NOTE: 20200105: Can be postponed again. (apo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f4d7938935c9075cacd7b5883958ce4bdf2b379 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f4d7938935c9075cacd7b5883958ce4bdf2b379 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2020-70{59,60}/php7.4
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 69822c73 by Salvatore Bonaccorso at 2020-02-08T21:47:49+01:00 Track fixed version via unstable for CVE-2020-70{59,60}/php7.4 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3841,7 +3841,7 @@ CVE-2020-7061 RESERVED CVE-2020-7060 [Global buffer-overflow in mbfl_filt_conv_big5_wchar function] RESERVED - - php7.4 + - php7.4 7.4.2-7 - php7.3 - php7.0 - php5 @@ -3849,7 +3849,7 @@ CVE-2020-7060 [Global buffer-overflow in mbfl_filt_conv_big5_wchar function] NOTE: PHP Bug: http://bugs.php.net/79037 CVE-2020-7059 [Out of bounds read in php_strip_tags_ex] RESERVED - - php7.4 + - php7.4 7.4.2-7 - php7.3 - php7.0 - php5 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/69822c7356f11962f3469a5ba2e6e806928e5151 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/69822c7356f11962f3469a5ba2e6e806928e5151 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add Debian bug reference for CVE-2019-20444
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 370851b3 by Salvatore Bonaccorso at 2020-02-08T21:43:26+01:00 Add Debian bug reference for CVE-2019-20444 - - - - - 5c97c854 by Salvatore Bonaccorso at 2020-02-08T21:44:23+01:00 Add Debian bug reference for CVE-2019-20445 (and CVE-2020-7238) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -814,13 +814,13 @@ CVE-2020-8434 CVE-2020-8433 RESERVED CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length ...) - - netty + - netty (bug #950967) - netty-3.9 NOTE: https://github.com/netty/netty/issues/9861 NOTE: https://github.com/netty/netty/commit/8494b046ec7e4f28dbd44bc699cc4c4c92251729 (4.1) NOTE: https://github.com/netty/netty/commit/5f68897880467c00f29495b0aa46ed19bf7a873c (tests) CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header th ...) - - netty + - netty (bug #950966) - netty-3.9 NOTE: https://github.com/netty/netty/issues/9866 NOTE: https://github.com/netty/netty/commit/a7c18d44b46e02dadfe3da225a06e5091f5f328e (4.1) @@ -3454,7 +3454,7 @@ CVE-2019-20383 CVE-2019-20382 RESERVED CVE-2020-7238 (Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles ...) - - netty + - netty (bug #950967) - netty-3.9 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1796225 NOTE: https://github.com/jdordonezn/CVE-2020-72381/issues/1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9b998114a97dced4120c3a70ff9f0ef7647800ed...5c97c8545dbb9885e05aba59e3b3f562fd958fa9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9b998114a97dced4120c3a70ff9f0ef7647800ed...5c97c8545dbb9885e05aba59e3b3f562fd958fa9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9b998114 by Salvatore Bonaccorso at 2020-02-08T21:42:26+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26604,9 +26604,9 @@ CVE-2019-17138 (This vulnerability allows remote attackers to disclose sensitive CVE-2019-17137 RESERVED CVE-2019-17136 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit PhantomPDF CVE-2019-17135 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit PhantomPDF CVE-2019-17134 (Amphora Images in OpenStack Octavia =0.10.0 2.1.2, =3.0.0 ...) - octavia 4.0.0-6 (bug #941897) [buster] - octavia (Minor issue in regular setups, can be fixed via point release) @@ -29509,7 +29509,7 @@ CVE-2019-16157 CVE-2019-16156 RESERVED CVE-2019-16155 (A privilege escalation vulnerability in FortiClient for Linux 6.2.1 an ...) - TODO: check + NOT-FOR-US: Fortiguard FortiClient CVE-2019-16154 (An improper neutralization of input during web page generation in Fort ...) NOT-FOR-US: FortiAuthenticator WEB UI CVE-2019-16153 (A hard-coded password vulnerability in the Fortinet FortiSIEM database ...) @@ -36515,7 +36515,7 @@ CVE-2019-14090 CVE-2019-14089 RESERVED CVE-2019-14088 (Possible use after free issue while CRM is accessing the link pointer ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14087 RESERVED CVE-2019-14086 @@ -36565,23 +36565,23 @@ CVE-2019-14065 CVE-2019-14064 RESERVED CVE-2019-14063 (Out of bound access due to Invalid inputs to dapm mux settings which r ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14062 RESERVED CVE-2019-14061 RESERVED CVE-2019-14060 (Uninitialized stack data gets used If memory is not allocated for blob ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14059 RESERVED CVE-2019-14058 RESERVED CVE-2019-14057 (Buffer Over read of codec private data while parsing an mkv file due t ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14056 RESERVED CVE-2019-14055 (Possibility of use-after-free and double free because of not marking b ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14054 RESERVED CVE-2019-14053 @@ -36589,29 +36589,29 @@ CVE-2019-14053 CVE-2019-14052 RESERVED CVE-2019-14051 (Subsequent additions performed during Module loading while allocating ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14050 RESERVED CVE-2019-14049 (Stage-2 fault will occur while writing to an ION system allocation whi ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14048 RESERVED CVE-2019-14047 RESERVED CVE-2019-14046 (Out of bound access while allocating memory for an array in camera due ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14045 RESERVED CVE-2019-14044 (Out of bound access due to access of uninitialized memory segment in a ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14043 RESERVED CVE-2019-14042 RESERVED CVE-2019-14041 (During listener modified response processing, a buffer overrun occurs ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14040 (Using memory after being freed in qsee due to wrong implementation can ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14039 RESERVED CVE-2019-14038 @@ -39487,9 +39487,9 @@ CVE-2019-13336 (The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote CVE-2019-13335 (SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has ...) NOT-FOR-US: SalesAgility SuiteCRM CVE-2019-13334 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit PhantomPDF CVE-2019-1 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit PhantomPDF CVE-2019-13332 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-13331 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -39984,7 +39984,7 @@ CVE-2019-13164 (qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a networ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00245.html NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6f5d8671225dc77190647f18a27a0d156d4ca97a CVE-2019-13163 (The Fujitsu TLS library allows a man-in-the-middle attack. This affect ...) - TODO: check + NOT-FOR-US: Fujitsu CVE-2019-13162
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f2af77da by security tracker role at 2020-02-08T20:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -221362,8 +221362,7 @@ CVE-2014-9742 (The Miller-Rabin primality check in Botan before 1.10.8 and 1.11. - botan1.10 1.10.8-1 NOTE: Introduced in 1.8.3, fixed in 1.10.8 and 1.11.9 NOTE: http://botan.randombit.net/security.html -CVE-2015-5741 [other discoveries of security-relevant RFC 7230 violations] - RESERVED +CVE-2015-5741 (The net/http library in net/http/transfer.go in Go before 1.4.3 does n ...) - golang 2:1.4.2-4 (bug #795106) [jessie] - golang (Minor issue) [wheezy] - golang (Minor issue) @@ -228058,8 +228057,8 @@ CVE-2015-3425 (Cross-site scripting (XSS) vulnerability in Accentis Content Reso NOT-FOR-US: Accentis Content Resource Management System CVE-2015-3424 (SQL injection vulnerability in Accentis Content Resource Management Sy ...) NOT-FOR-US: Accentis Content Resource Management System -CVE-2015-3423 - RESERVED +CVE-2015-3423 (Multiple SQL injection vulnerabilities in NetCracker Resource Manageme ...) + TODO: check CVE-2015-3422 (Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 al ...) NOT-FOR-US: SearchBlox CVE-2015-3421 (The eshop_checkout function in checkout.php in the Wordpress Eshop plu ...) @@ -232034,8 +232033,8 @@ CVE-2015-2209 (DLGuard 4.5 allows remote attackers to obtain the installation pa NOT-FOR-US: DLGuard CVE-2015-2208 (The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remo ...) NOT-FOR-US: phpMoAdmin -CVE-2015-2207 - RESERVED +CVE-2015-2207 (Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Reso ...) + TODO: check CVE-2015-2206 (libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2 ...) {DSA-3382-1 DLA-336-1} - phpmyadmin 4:4.4.4-1 (unimportant) @@ -232485,8 +232484,8 @@ CVE-2015-2080 (The exception handling code in Eclipse Jetty before 9.2.9.v201502 NOTE: http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html NOTE: https://github.com/eclipse/jetty.project/blob/master/advisories/2015-02-24-httpparser-error-buffer-bleed.md NOTE: http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html -CVE-2015-2062 - RESERVED +CVE-2015-2062 (Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-i ...) + TODO: check CVE-2015-2061 (Heap-based buffer overflow in the browser plugin for PTC Creo View all ...) NOT-FOR-US: PTC Creo View CVE-2015-2057 @@ -234562,8 +234561,7 @@ CVE-2015-1398 (Multiple directory traversal vulnerabilities in Magento Community NOT-FOR-US: Magento CVE-2015-1397 (SQL injection vulnerability in the getCsvFile function in the Mage_Adm ...) NOT-FOR-US: Magento -CVE-2015-1394 - RESERVED +CVE-2015-1394 (Multiple cross-site scripting (XSS) vulnerabilities in the Photo Galle ...) NOT-FOR-US: WordPress plugin photo-gallery CVE-2015-1393 (SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 ...) NOT-FOR-US: WordPress plugin photo-gallery @@ -237733,8 +237731,8 @@ CVE-2014-9472 (The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x b {DSA-3176-1 DLA-158-1} - request-tracker4 4.2.8-3 - request-tracker3.8 (unimportant) -CVE-2014-9470 - RESERVED +CVE-2014-9470 (Cross-site scripting (XSS) vulnerability in the loadForm function in F ...) + TODO: check CVE-2014-9469 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3. ...) NOT-FOR-US: vBulletin CVE-2014-9468 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP Inst ...) @@ -239490,10 +239488,10 @@ CVE-2014-9131 RESERVED CVE-2014-9128 RESERVED -CVE-2014-9127 - RESERVED -CVE-2014-9126 - RESERVED +CVE-2014-9127 (Open-School Community Edition 2.2 does not properly restrict access to ...) + TODO: check +CVE-2014-9126 (Multiple cross-site scripting (XSS) vulnerabilities in Open-School Com ...) + TODO: check CVE-2014-9125 RESERVED CVE-2014-9124 @@ -241298,8 +241296,8 @@ CVE-2014-8741 (Directory traversal vulnerability in the GfdFileUploadServerlet s NOT-FOR-US: Lexmark CVE-2014-8740 RESERVED -CVE-2014-8739 - RESERVED +CVE-2014-8739 (Unrestricted file upload vulnerability in server/php/UploadHandler.php ...) + TODO: check CVE-2014-8736 (The Open Atrium Core module for Drupal before 7.x-2.22 allows remote a ...) NOT-FOR-US: Drupal module Open Atrium Core CVE-2014-8735 (The Bad Behavior module 6.x-2.x before 6.x-2.2216 and
[Git][security-tracker-team/security-tracker][master] Mark ruby-openssl as removed from every supported suite
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 01a90672 by Salvatore Bonaccorso at 2020-02-08T19:16:05+01:00 Mark ruby-openssl as removed from every supported suite The source is now shipped with ruby2.7 directly and not anymore separately. There is no further supported suite with the source package still shipped. - - - - - 1 changed file: - data/packages/removed-packages Changes: = data/packages/removed-packages = @@ -704,3 +704,4 @@ openjdk-12 golang-1.12 lepton ruby-simple-form +ruby-openssl View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/01a9067210e8a388b916d0e943b9cd5f4bf69390 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/01a9067210e8a388b916d0e943b9cd5f4bf69390 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-3123/clamav
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0c6c7609 by Salvatore Bonaccorso at 2020-02-08T17:19:05+01:00 Add CVE-2020-3123/clamav - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13586,7 +13586,9 @@ CVE-2020-3125 CVE-2020-3124 RESERVED CVE-2020-3123 (A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiV ...) - TODO: check + - clamav (bug #950944) + [buster] - clamav (ClamAV is updated via -updates) + [stretch] - clamav (ClamAV is updated via -updates) CVE-2020-3122 RESERVED CVE-2020-3121 (A vulnerability in the web-based management interface of Cisco Small B ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c6c7609ec0399969efead554b5602485b0ae8c9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c6c7609ec0399969efead554b5602485b0ae8c9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-1560{4,5,6}/nodejs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 78fec22d by Salvatore Bonaccorso at 2020-02-08T15:12:10+01:00 Add CVE-2019-1560{4,5,6}/nodejs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31080,11 +31080,14 @@ CVE-2019-15608 CVE-2019-15607 (A stored XSS vulnerability is present within node-red (version: = ...) TODO: check CVE-2019-15606 (Including trailing white space in HTTP header values in Nodejs 10, 12, ...) - TODO: check + - nodejs + NOTE: https://hackerone.com/reports/730779 CVE-2019-15605 (HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payl ...) - TODO: check + - nodejs + NOTE: https://hackerone.com/reports/735748 CVE-2019-15604 (Improper Certificate Validation in Node.js 10, 12, and 13 causes the p ...) - TODO: check + - nodejs + NOTE: https://hackerone.com/reports/746733 CVE-2019-15603 (The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scriptin ...) NOT-FOR-US: seefl CVE-2019-15602 (The fileview package v0.1.6 has inadequate output encoding and escapin ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/78fec22de3a6284f6bc45ad825f613770f8d31a3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/78fec22de3a6284f6bc45ad825f613770f8d31a3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-1697 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 93a693a0 by Salvatore Bonaccorso at 2020-02-08T15:03:48+01:00 Mark CVE-2020-1697 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17626,6 +17626,7 @@ CVE-2020-1698 RESERVED CVE-2020-1697 RESERVED + NOT-FOR-US: Keycloak CVE-2020-1696 RESERVED - dogtag-pki View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/93a693a08cb6302077b15a9a8bf8d56fdc36b2cd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/93a693a08cb6302077b15a9a8bf8d56fdc36b2cd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-12528/squid
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 43fbdb29 by Salvatore Bonaccorso at 2020-02-08T14:49:40+01:00 Add Debian bug reference for CVE-2019-12528/squid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -41659,7 +41659,7 @@ CVE-2019-12529 (An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x th NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_2.txt NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch CVE-2019-12528 (An issue was discovered in Squid before 4.10. It allows a crafted FTP ...) - - squid + - squid (bug #950925) - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_2.txt NOTE: Squid 3: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8cdb18ca1829a0b7faa1c9e472604ed0e7e105ac.patch View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43fbdb29fe05b2fcc8df2b010f698d0c8eb5ea4e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43fbdb29fe05b2fcc8df2b010f698d0c8eb5ea4e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 5 commits: Add fixed version for CVE-2009-0801/squid
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 03dddcf9 by Salvatore Bonaccorso at 2020-02-08T14:42:33+01:00 Add fixed version for CVE-2009-0801/squid Mark is as fixed with first src:squid version based on 4.x series after the source package rename. - - - - - e419eb0b by Salvatore Bonaccorso at 2020-02-08T14:44:03+01:00 Add fixed version for CVE-2014-6270/squid While src:squid was on the 2.x branch the issue was unimportant as the SNMP part was not build. A while later after the issue got fixed in 3.4.8-1 in src:squid3 the source package was renamed back to src:squid. Mark the issue for src:squid as fixed with the first upload of the 4.x series to unstable. - - - - - 904f33d3 by Salvatore Bonaccorso at 2020-02-08T14:45:42+01:00 Add fixed version for CVE-2015-3455/squid - - - - - ed1c67f2 by Salvatore Bonaccorso at 2020-02-08T14:46:30+01:00 Add fixed version for CVE-2016-2390/squid For the 4.x branch the issue was fixed back in 4.0.6, mark the first 4.x based version which entered unstable as the fixed one. - - - - - 7ab89c98 by Salvatore Bonaccorso at 2020-02-08T14:47:41+01:00 Add fixed version for CVE-2018-1172/squid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -128132,7 +128132,7 @@ CVE-2018-1173 (This vulnerability allows remote attackers to execute arbitrary c NOT-FOR-US: Foxit Reader CVE-2018-1172 (This vulnerability allows remote attackers to deny service on vulnerab ...) [experimental] - squid 4.0.21-1~exp5 (unimportant) - - squid (unimportant) + - squid 4.1-1 (unimportant) [wheezy] - squid (Vunerable code introduced in 3.1) - squid3 (unimportant) NOTE: src:squid as source package reintroduced for 4.x in experimental @@ -205478,7 +205478,7 @@ CVE-2016-2391 (The ohci_bus_start function in the USB OHCI emulation support (hw NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1304794 NOTE: http://www.openwall.com/lists/oss-security/2016/02/16/2 CVE-2016-2390 (The FwdState::connectedToPeer method in FwdState.cc in Squid before 3. ...) - - squid (unimportant) + - squid 4.1-1 (unimportant) - squid3 3.5.14-1 (unimportant) NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_1.txt NOTE: Only affects custom builds with --enable-ssl (disabled for license purposes in Debian) @@ -228012,7 +228012,7 @@ CVE-2015-3622 (The _asn1_extract_der_octet function in lib/decoding.c in GNU Lib NOTE: Introduced by http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=609d5c1366fb424f6150c4eed358d246e61cf204 (libtasn1_3_6) NOTE: DECR_LEN introduced in http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=154909136c12cfa5c60732b7210827dfb1ec6aee (libtasn1_3_6) CVE-2015-3455 (Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, a ...) - - squid (unimportant) + - squid 4.1-1 (unimportant) - squid3 3.5.6-1 (unimportant) NOTE: http://www.squid-cache.org/Advisories/SQUID-2015_1.txt NOTE: Only affects custom builds with --enable-ssl (disabled for license purposes in Debian) @@ -247687,8 +247687,8 @@ CVE-2014-6311 (generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable CVE-2014-6310 (Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attacker ...) - chicken (Affects only CHICKEN Scheme on the Android platform) CVE-2014-6270 (Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squi ...) - - squid (unimportant) - NOTE: SNMP not built in squid 2 + - squid 4.1-1 (unimportant) + NOTE: SNMP was not built in squid 2.x - squid3 3.4.8-1 (low; bug #761002) [wheezy] - squid3 (Minor issue) [squeeze] - squid3 (Minor issue) @@ -340951,7 +340951,7 @@ CVE-2009-0803 (SmoothWall SmoothGuardian, as used in SmoothWall Firewall, Networ CVE-2009-0802 (Qbik WinGate, when transparent interception mode is enabled, uses the ...) NOT-FOR-US: Qbik WinGate CVE-2009-0801 (Squid, when transparent interception mode is enabled, uses the HTTP Ho ...) - - squid (unimportant; bug #521053) + - squid 4.1-1 (unimportant; bug #521053) - squid3 3.3.3-1 (unimportant; bug #521052) NOTE: This only affects HTTP connections and only in transparent mode NOTE: Also, same origin validations in the browsers still apply and keep this mostly harmless View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/fa1960b0b09d9b7ca93d900a27afe177fbde9349...7ab89c98171845029531068b99eef8e7717c2289 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/fa1960b0b09d9b7ca93d900a27afe177fbde9349...7ab89c98171845029531068b99eef8e7717c2289 You're receiving this email because of your
[Git][security-tracker-team/security-tracker][master] xml-security-c issue (#913136) got addressed in 9.12
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fa1960b0 by Salvatore Bonaccorso at 2020-02-08T13:47:40+01:00 xml-security-c issue (#913136) got addressed in 9.12 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -89257,7 +89257,7 @@ CVE-2018-14879 (The command-line argument parser in tcpdump before 4.9.3 has a b NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6 CVE-2018- [DSA verification crashes OpenSSL on invalid combinations of key content] - xml-security-c 2.0.2-2 (bug #913136) - [stretch] - xml-security-c (Minor issue; can be fixed via point release) + [stretch] - xml-security-c 1.7.3-4+deb9u2 [jessie] - xml-security-c 1.7.2-3+deb8u2 NOTE: temporary entry for DLA-1594-1 NOTE: https://issues.apache.org/jira/browse/SANTUARIO-496 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa1960b0b09d9b7ca93d900a27afe177fbde9349 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa1960b0b09d9b7ca93d900a27afe177fbde9349 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] ruby-simple-form removed from every supported suite
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6ce75177 by Salvatore Bonaccorso at 2020-02-08T13:37:48+01:00 ruby-simple-form removed from every supported suite Was still present in stretch but with the point release ahead for 9.12 the package is as well removed from stretch. - - - - - 1 changed file: - data/packages/removed-packages Changes: = data/packages/removed-packages = @@ -703,3 +703,4 @@ flif openjdk-12 golang-1.12 lepton +ruby-simple-form View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6ce75177fc36292cf5a3a5cfb65a5c7171a19835 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6ce75177fc36292cf5a3a5cfb65a5c7171a19835 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla-needed.txt: Update note for yara.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 7018ad9d by Chris Lamb at 2020-02-08T09:22:58+00:00 dla-needed.txt: Update note for yara. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -140,4 +140,5 @@ xerces-c (Hugo Lefeuvre) yara NOTE: 20191212: no upstream fix yet NOTE: 20200119: still no upstream fix (daissi) + NOTE: 20200208: still no fix (lamby) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7018ad9d6498b9eeab8f532c51412e25b2523cae -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7018ad9d6498b9eeab8f532c51412e25b2523cae You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c570fd5a by Salvatore Bonaccorso at 2020-02-08T09:51:03+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,15 +1,15 @@ CVE-2020-8813 RESERVED CVE-2020-8812 (** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert m ...) - TODO: check + NOT-FOR-US: Bludit CVE-2020-8811 (ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated ...) - TODO: check + NOT-FOR-US: Bludit CVE-2020-8810 RESERVED CVE-2020-8809 RESERVED CVE-2020-8808 (The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR ...) - TODO: check + NOT-FOR-US: CORSAIR iCUE CVE-2020-8807 RESERVED CVE-2020-8806 @@ -33,7 +33,7 @@ CVE-2020-8798 CVE-2020-8797 RESERVED CVE-2020-8796 (Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before ...) - TODO: check + NOT-FOR-US: Biscom Secure File Transfer (SFT) CVE-2020-8795 RESERVED CVE-2020-8794 @@ -4498,11 +4498,11 @@ CVE-2020-6772 CVE-2020-6771 RESERVED CVE-2020-6770 (Deserialization of Untrusted Data in the BVMS Mobile Video Service (BV ...) - TODO: check + NOT-FOR-US: BVMS Mobile Video Service (BVMS MVS) CVE-2020-6769 (Missing Authentication for Critical Function in the Bosch Video Stream ...) - TODO: check + NOT-FOR-US: Bosch CVE-2020-6768 (A path traversal vulnerability in the Bosch Video Management System (B ...) - TODO: check + NOT-FOR-US: Bosch CVE-2020-6767 (A path traversal vulnerability in the Bosch Video Management System (B ...) NOT-FOR-US: Bosch CVE-2020-6766 @@ -17622,7 +17622,7 @@ CVE-2019-19358 CVE-2019-19357 RESERVED CVE-2019-19356 (Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE ...) - TODO: check + NOT-FOR-US: Netis WF2419 CVE-2019-19355 RESERVED NOT-FOR-US: openshift View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c570fd5adc1077b08ff3b38fa77788a3063d4a9b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c570fd5adc1077b08ff3b38fa77788a3063d4a9b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d162b9fc by security tracker role at 2020-02-08T08:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,41 @@ +CVE-2020-8813 + RESERVED +CVE-2020-8812 (** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert m ...) + TODO: check +CVE-2020-8811 (ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated ...) + TODO: check +CVE-2020-8810 + RESERVED +CVE-2020-8809 + RESERVED +CVE-2020-8808 (The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR ...) + TODO: check +CVE-2020-8807 + RESERVED +CVE-2020-8806 + RESERVED +CVE-2020-8805 + RESERVED +CVE-2020-8804 + RESERVED +CVE-2020-8803 + RESERVED +CVE-2020-8802 + RESERVED +CVE-2020-8801 + RESERVED +CVE-2020-8800 + RESERVED +CVE-2020-8799 + RESERVED +CVE-2020-8798 + RESERVED +CVE-2020-8797 + RESERVED +CVE-2020-8796 (Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before ...) + TODO: check +CVE-2020-8795 + RESERVED CVE-2020-8794 RESERVED CVE-2020-8793 @@ -4459,12 +4497,12 @@ CVE-2020-6772 RESERVED CVE-2020-6771 RESERVED -CVE-2020-6770 - RESERVED -CVE-2020-6769 - RESERVED -CVE-2020-6768 - RESERVED +CVE-2020-6770 (Deserialization of Untrusted Data in the BVMS Mobile Video Service (BV ...) + TODO: check +CVE-2020-6769 (Missing Authentication for Critical Function in the Bosch Video Stream ...) + TODO: check +CVE-2020-6768 (A path traversal vulnerability in the Bosch Video Management System (B ...) + TODO: check CVE-2020-6767 (A path traversal vulnerability in the Bosch Video Management System (B ...) NOT-FOR-US: Bosch CVE-2020-6766 @@ -17510,8 +17548,7 @@ CVE-2020-1710 CVE-2020-1709 RESERVED NOT-FOR-US: openshift -CVE-2020-1708 - RESERVED +CVE-2020-1708 (It has been found in openshift-enterprise version 3.11 and all openshi ...) NOT-FOR-US: openshift CVE-2020-1707 RESERVED @@ -17533,8 +17570,7 @@ CVE-2020-1702 CVE-2020-1701 RESERVED NOT-FOR-US: KubeVirt -CVE-2020-1700 - RESERVED +CVE-2020-1700 (A flaw was found in the way the Ceph RGW Beast front-end handles unexp ...) - ceph 14.2.7-1 [stretch] - ceph (Vulnerable code introduced later) [jessie] - ceph (Vulnerable code introduced later) @@ -17585,8 +17621,8 @@ CVE-2019-19358 RESERVED CVE-2019-19357 RESERVED -CVE-2019-19356 - RESERVED +CVE-2019-19356 (Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE ...) + TODO: check CVE-2019-19355 RESERVED NOT-FOR-US: openshift @@ -26474,10 +26510,10 @@ CVE-2019-17138 (This vulnerability allows remote attackers to disclose sensitive NOT-FOR-US: Foxit CVE-2019-17137 RESERVED -CVE-2019-17136 - RESERVED -CVE-2019-17135 - RESERVED +CVE-2019-17136 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2019-17135 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check CVE-2019-17134 (Amphora Images in OpenStack Octavia =0.10.0 2.1.2, =3.0.0 ...) - octavia 4.0.0-6 (bug #941897) [buster] - octavia (Minor issue in regular setups, can be fixed via point release) @@ -39306,10 +39342,10 @@ CVE-2019-13336 (The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote NOT-FOR-US: dbell Wi-Fi Smart Video Doorbell CVE-2019-13335 (SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has ...) NOT-FOR-US: SalesAgility SuiteCRM -CVE-2019-13334 - RESERVED -CVE-2019-1 - RESERVED +CVE-2019-13334 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2019-1 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check CVE-2019-13332 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-13331 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -39803,8 +39839,8 @@ CVE-2019-13164 (qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a networ - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00245.html NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6f5d8671225dc77190647f18a27a0d156d4ca97a -CVE-2019-13163 - RESERVED +CVE-2019-13163 (The Fujitsu TLS library allows a man-in-the-middle attack. This affect ...) + TODO: check CVE-2019-13162 RESERVED CVE-2019-13161 (An issue was discovered in Asterisk Open Source through