Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2597c14d by Moritz Muehlenhoff at 2019-01-10T11:55:16Z
NFUs
irssi n/a in stable/oldstable
busybox no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -267,54 +267,57 @@ CVE-2018-20681 (mate-screensaver before 1.20.2 in MATE
Desktop Environment allow
NOTE: https://github.com/mate-desktop/mate-screensaver/issues/170
NOTE: https://github.com/mate-desktop/mate-screensaver/pull/167
CVE-2018-1000426 (A cross-site scripting vulnerability exists in Jenkins Git
Changelog ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000425 (An insufficiently protected credentials vulnerability exists
in ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000424 (An insufficiently protected credentials vulnerability exists
in ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000423 (An insufficiently protected credentials vulnerability exists
in ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000422 (An improper authorization vulnerability exists in Jenkins
Crowd 2 ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000421 (An improper authorization vulnerability exists in Jenkins
Mesos Plugin ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000420 (An improper authorization vulnerability exists in Jenkins
Mesos Plugin ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000419 (An improper authorization vulnerability exists in Jenkins
HipChat ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000418 (An improper authorization vulnerability exists in Jenkins
HipChat ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000417 (A cross-site request forgery vulnerability exists in Jenkins
Email ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000416 (A reflected cross-site scripting vulnerability exists in
Jenkins Job ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000415 (A cross-site scripting vulnerability exists in Jenkins
Rebuilder ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000414 (A cross-site request forgery vulnerability exists in Jenkins
Config ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000413 (A cross-site scripting vulnerability exists in Jenkins
Config File ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000412 (An improper authorization vulnerability exists in Jenkins
Jira Plugin ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000411 (A cross-site request forgery vulnerability exists in Jenkins
JUnit ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000410 (An information exposure vulnerability exists in Jenkins
2.145 and ...)
- TODO: check
+ NOT-FOR-US: Jenkins
CVE-2018-1000409 (A session fixation vulnerability exists in Jenkins 2.145 and
earlier, ...)
- TODO: check
+ NOT-FOR-US: Jenkins
CVE-2018-1000408 (A denial of service vulnerability exists in Jenkins 2.145
and earlier, ...)
- TODO: check
+ NOT-FOR-US: Jenkins
CVE-2018-1000407 (A cross-site scripting vulnerability exists in Jenkins 2.145
and ...)
- TODO: check
+ NOT-FOR-US: Jenkins
CVE-2018-1000406 (A path traversal vulnerability exists in Jenkins 2.145 and
earlier, ...)
- TODO: check
+ NOT-FOR-US: Jenkins
CVE-2016-10736 (The "Social Pug - Easy Social Share Buttons" plugin
before 1.2.6 for ...)
NOT-FOR-US: WordPress plugin social-pug
CVE-2019-5882 (Irssi 1.1.x before 1.1.2 has a use after free when hidden lines
are ...)
- irssi <unfixed> (bug #918865)
+ [stretch] - irssi <not-affected> (Vulnerable code not present)
+ [jessie] - irssi <not-affected> (Vulnerable code not present)
NOTE: https://irssi.org/security/irssi_sa_2019_01.txt
NOTE: https://github.com/irssi/irssi/pull/948
NOTE:
https://github.com/irssi/irssi//commit/8684ccb45c267fdeaaa779fce9323047aa5a9e38
+ NOTE: Introduced with support for hidden lines in
https://github.com/irssi/irssi/commit/8dfeca57ede1e726de07522a87203ce13676882d
CVE-2018-20683 (commands/rsync in Gitolite before 3.6.11, if .gitolite.rc
enables ...)
- gitolite3 <unfixed> (bug #918849)
[stretch] - gitolite3 <no-dsa> (Minor issue)
@@ -361,7 +364,8 @@ CVE-2019-5737
CVE-2018-20680 (Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field.
...)
NOT-FOR-US: Frog CMS
CVE-2018-20679 (An issue was discovered in BusyBox before 1.30.0. An out of
bounds read ...)
- - busybox <unfixed> (bug #918846)
+ - busybox <unfixed> (low; bug #918846)
+ [stretch] - busybox <no-dsa> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=11506
NOTE:
https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c
NOTE: When fixing this issue make sure to not open CVE-2019-5747 by only
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2597c14d1169ec96e6c6ee3e0533160a4b5a2bc2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2597c14d1169ec96e6c6ee3e0533160a4b5a2bc2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
