Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
90b74669 by Moritz Muehlenhoff at 2019-02-05T22:14:52Z
new catdoc non issue
new openjpeg issue
new node-lodash issue
libsolv no-dsa
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -507,7 +507,8 @@ CVE-2019-7235 (An issue was discovered in idreamsoft iCMS
7.0.13. ...)
CVE-2019-7234 (An issue was discovered in idreamsoft iCMS 7.0.13. ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2019-7233 (In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL
pointer ...)
- TODO: check
+ - catdoc <unfixed> (unimportant)
+ NOTE: Crash in CLI tool, no security impact
CVE-2019-7232
RESERVED
CVE-2019-7231
@@ -1061,7 +1062,9 @@ CVE-2019-1000018 (rssh version 2.3.4 contains a CWE-77:
Improper Neutralization
CVE-2019-6989
RESERVED
CVE-2019-6988 (An issue was discovered in OpenJPEG 2.3.0. It allows remote
attackers ...)
- TODO: check
+ - openjpeg2 <unfixed> (low)
+ [stretch] - openjpeg2 <ignored> (Minor issue)
+ NOTE: https://github.com/uclouvain/openjpeg/issues/1178
CVE-2019-6987
RESERVED
CVE-2019-6986 (SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker
to ...)
@@ -9316,20 +9319,20 @@ CVE-2018-20535 (There is a use-after-free at
asm/preproc.c (function pp_getline)
[jessie] - nasm <no-dsa> (Minor issue)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392530
CVE-2018-20534 (There is an illegal address access at src/pool.h (function ...)
- - libsolv <unfixed>
+ - libsolv <unfixed> (low)
+ [stretch] - libsolv <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652604
NOTE: https://github.com/openSUSE/libsolv/pull/291
- TODO: further check on affected versions
CVE-2018-20533 (There is a NULL pointer dereference at ext/testcase.c
(function ...)
- - libsolv <unfixed>
+ - libsolv <unfixed> (low)
+ [stretch] - libsolv <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652599
NOTE: https://github.com/openSUSE/libsolv/pull/291
- TODO: further check on affected versions
CVE-2018-20532 (There is a NULL pointer dereference at ext/testcase.c
(function ...)
- - libsolv <unfixed>
+ - libsolv <unfixed> (low)
+ [stretch] - libsolv <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652605
NOTE: https://github.com/openSUSE/libsolv/pull/291
- TODO: further check on affected versions
CVE-2018-20531
RESERVED
CVE-2018-20530 (PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a
Profile ...)
@@ -26815,7 +26818,7 @@ CVE-2018-16495
CVE-2018-16494
RESERVED
CVE-2018-16493 (A path traversal vulnerability was found in module ...)
- TODO: check
+ NOT-FOR-US: node static-resource-server
CVE-2018-16492 (A prototype pollution vulnerability was found in module extend
<2.0.2, ...)
- node-extend 3.0.2-1 (unimportant)
NOTE: https://snyk.io/vuln/npm:extend:20180424
@@ -26827,29 +26830,31 @@ CVE-2018-16491 (A prototype pollution vulnerability
was found in node.extend <
NOTE: https://hackerone.com/reports/430831
NOTE: nodejs not covered by security support
CVE-2018-16490 (A prototype pollution vulnerability was found in module mpath
<0.5.1 ...)
- TODO: check
+ NOT-FOR-US: node mpath
CVE-2018-16489 (A prototype pollution vulnerability was found in just-extend
<4.0.0 ...)
- TODO: check
+ NOT-FOR-US: node just-extend
CVE-2018-16488
RESERVED
CVE-2018-16487 (A prototype pollution vulnerability was found in lodash
<4.17.11 where ...)
- TODO: check
+ - node-lodash 4.17.11+dfsg-1 (unimportant)
+ NOTE: https://hackerone.com/reports/380873
+ NOTE: nodejs not covered by security support
CVE-2018-16486 (A prototype pollution vulnerability was found in defaults-deep
<=0.2.4 ...)
- TODO: check
+ NOT-FOR-US: node defaults-deep
CVE-2018-16485 (Path Traversal vulnerability in module m-server <1.4.1
allows ...)
- TODO: check
+ NOT-FOR-US: node m-server
CVE-2018-16484 (A XSS vulnerability was found in module m-server <1.4.2
that allows ...)
- TODO: check
+ NOT-FOR-US: node m-server
CVE-2018-16483 (A deficiency in the access control in module express-cart
<=1.1.5 ...)
- TODO: check
+ NOT-FOR-US: node express-cart
CVE-2018-16482 (A server directory traversal vulnerability was found on node
module ...)
- TODO: check
+ NOT-FOR-US: node mcstatic
CVE-2018-16481 (A XSS vulnerability was found in html-page <=2.1.1 that
allows ...)
- TODO: check
+ NOT-FOR-US: node html-page
CVE-2018-16480 (A XSS vulnerability was found in module public <0.1.4 that
allows ...)
- TODO: check
+ NOT-FOR-US: node public
CVE-2018-16479 (Path traversal vulnerability in http-live-simulator <1.0.7
causes ...)
- TODO: check
+ NOT-FOR-US: node http-live-simulator
CVE-2018-16478 (A Path Traversal in simplehttpserver versions <=0.2.1
allows to list ...)
NOT-FOR-US: simplehttpserver
CVE-2018-16477 (A bypass vulnerability in Active Storage >= 5.2.0 for
Google Cloud ...)
@@ -29044,7 +29049,7 @@ CVE-2018-15619
CVE-2018-15618
RESERVED
CVE-2018-15617 (A vulnerability in the "capro" (Call Processor)
process component of ...)
- TODO: check
+ NOT-FOR-US: Avaya
CVE-2018-15616 (A vulnerability in the Web UI component of Avaya Aura System
Platform ...)
NOT-FOR-US: Avaya Aura System Platform
CVE-2018-15615 (A vulnerability in the Supervisor component of Avaya Call
Management ...)
@@ -36844,7 +36849,7 @@ CVE-2018-12550
CVE-2018-12549
RESERVED
CVE-2018-12548 (In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public
...)
- TODO: check
+ NOT-FOR-US: OpenJDK + Eclipse OpenJ9
CVE-2018-12547
RESERVED
CVE-2018-12546
@@ -56880,7 +56885,7 @@ CVE-2018-5562
CVE-2018-5561
RESERVED
CVE-2018-5560 (A reliance on a static, hard-coded credential in the design of
the ...)
- TODO: check
+ NOT-FOR-US: Guardzilla
CVE-2018-5559 (In Rapid7 Komand version 0.41.0 and prior, certain endpoints
that are ...)
NOT-FOR-US: Rapid7 Komand
CVE-2018-5558
@@ -60993,7 +60998,7 @@ CVE-2018-3958 (A use-after-free vulnerability exists in
the JavaScript engine of
CVE-2018-3957 (A use-after-free vulnerability exists in the JavaScript engine
of ...)
NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3956 (An exploitable out-of-bounds read vulnerability exists in the
handling ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2018-3955 (An exploitable operating system command injection exists in the
...)
NOT-FOR-US: Linksys
CVE-2018-3954 (Devices in the Linksys ESeries line of routers (Linksys E1200
Firmware ...)
@@ -71534,7 +71539,7 @@ CVE-2018-0724 (Cross-site scripting (XSS) vulnerability
in Q'center Virtual Appl
CVE-2018-0723 (Cross-site scripting (XSS) vulnerability in Q'center Virtual
Appliance ...)
NOT-FOR-US: Q'center Virtual Appliance
CVE-2018-0722 (Path Traversal vulnerability in Photo Station versions: 5.7.2
and ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2018-0721 (Buffer Overflow vulnerability in QNAP QTS 4.2.6 build 20180711
and ...)
NOT-FOR-US: QNAP QTS
CVE-2018-0720
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/90b74669902211c9fed0b9d87fdb187801ee8228
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/90b74669902211c9fed0b9d87fdb187801ee8228
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
