Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
18d508c1 by Moritz Muehlenhoff at 2019-03-11T12:49:05Z
NFUs
two php issues unimportant
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2019-9675 (** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27
and ...)
- - php7.3 7.3.3-1
- - php7.0 <removed>
- - php5 <removed>
+ - php7.3 7.3.3-1 (unimportant)
+ - php7.0 <removed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: Fixed in 7.1.27, 7.3.3
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77586
CVE-2019-9674
@@ -29,11 +29,11 @@ CVE-2019-9664
CVE-2019-9663
RESERVED
CVE-2019-9662 (An issue was discovered in JTBC(PHP) 3.0.1.8. Its cache
management ...)
- TODO: check
+ NOT-FOR-US: JTBC(PHP)
CVE-2019-9661 (Stored XSS exists in YzmCMS 5.2 via the ...)
- TODO: check
+ NOT-FOR-US: YzmCMS
CVE-2019-9660 (Stored XSS exists in YzmCMS 5.2 via the
admin/category/edit.html ...)
- TODO: check
+ NOT-FOR-US: YzmCMS
CVE-2019-9659
RESERVED
CVE-2019-9658 (Checkstyle before 8.18 loads external DTDs by default. ...)
@@ -49,11 +49,11 @@ CVE-2019-9654
CVE-2019-9653
RESERVED
CVE-2019-9652 (There is a CSRF in SDCMS V1.7 via an
m=admin&c=theme&a=edit request. It ...)
- TODO: check
+ NOT-FOR-US: SDCMS
CVE-2019-9651 (An issue was discovered in SDCMS V1.7. In the ...)
- TODO: check
+ NOT-FOR-US: SDCMS
CVE-2019-9650 (An XSS issue was discovered in upcoming_events.php in the
Upcoming ...)
- TODO: check
+ NOT-FOR-US: MyBB plugin
CVE-2019-9649
RESERVED
CVE-2019-9648
@@ -106,7 +106,9 @@ CVE-2019-1003030 (A sandbox bypass vulnerability exists in
Jenkins Pipeline: Gro
CVE-2019-1003029 (A sandbox bypass vulnerability exists in Jenkins Script
Security ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-9634 (Go through 1.12 on Windows misuses certain LoadLibrary
functionality, ...)
- TODO: check
+ - golang-1.12 <not-affected> (Only affects Go on Windows)
+ - golang-1.11 <not-affected> (Only affects Go on Windows)
+ - golang-1.10 <not-affected> (Only affects Go on Windows)
CVE-2019-9637 (An issue was discovered in PHP before 7.1.27, 7.2.x before
7.2.16, and ...)
{DSA-4403-1}
- php7.3 7.3.3-1
@@ -130,9 +132,9 @@ CVE-2019-9640 (An issue was discovered in the EXIF
component in PHP before 7.1.2
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77540
CVE-2019-9639 (An issue was discovered in the EXIF component in PHP before
7.1.27, ...)
{DSA-4403-1}
- - php7.3 7.3.3-1
- - php7.0 <removed>
- - php5 <removed>
+ - php7.3 7.3.3-1 (unimportant)
+ - php7.0 <removed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77659
CVE-2019-9638 (An issue was discovered in the EXIF component in PHP before
7.1.27, ...)
@@ -1750,7 +1752,7 @@ CVE-2019-8988
CVE-2019-8987
RESERVED
CVE-2019-8986 (The SOAP API component vulnerability of TIBCO Software Inc.'s
TIBCO ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2019-8985 (On Netis WF2880 and WF2411 2.1.36123 devices, there is a
stack-based ...)
NOT-FOR-US: Netis devices
CVE-2019-8984 (MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue
2 of 2). ...)
@@ -10988,7 +10990,7 @@ CVE-2019-5017
CVE-2019-5016
RESERVED
CVE-2019-5015 (A local privilege escalation vulnerability exists in the Mac OS
X ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-5014
RESERVED
CVE-2019-5013
@@ -13588,15 +13590,15 @@ CVE-2019-3782 (Cloud Foundry CredHub CLI, versions
prior to 2.2.1, inadvertently
CVE-2019-3781 (Cloud Foundry CLI, versions prior to v6.43.0, improperly
exposes ...)
NOT-FOR-US: Cloud Foundry CLI
CVE-2019-3780 (Cloud Foundry Container Runtime, versions prior to 0.28.0,
deploys K8s ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2019-3779 (Cloud Foundry Container Runtime, versions prior to 0.29.0,
deploys ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2019-3778 (Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2
prior to ...)
TODO: check
CVE-2019-3777 (Pivotal Application Service (PAS), versions 2.2.x prior to
2.2.12, ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2019-3776 (Pivotal Operations Manager, 2.1.x versions prior to 2.1.20,
2.2.x ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2019-3775 (Cloud Foundry UAA, versions prior to v70.0, allows a user to
update ...)
NOT-FOR-US: Cloud Foundry UAA
CVE-2019-3774 (Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older
unsupported ...)
@@ -22950,7 +22952,7 @@ CVE-2019-0743 (A Cross-site Scripting (XSS)
vulnerability exists when Team Found
CVE-2019-0742 (A Cross-site Scripting (XSS) vulnerability exists when Team
Foundation ...)
NOT-FOR-US: Microsoft Team Foundation Server
CVE-2019-0741 (An information disclosure vulnerability exists in the way Azure
IoT ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0740
RESERVED
CVE-2019-0739
@@ -22974,7 +22976,7 @@ CVE-2019-0731
CVE-2019-0730
RESERVED
CVE-2019-0729 (An Elevation of Privilege vulnerability exists in the way Azure
IoT ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0728 (A remote code execution vulnerability exists in Visual Studio
Code ...)
NOT-FOR-US: Microsoft
CVE-2019-0727
@@ -26296,9 +26298,9 @@ CVE-2018-18818
CVE-2018-18817 (The Leostream Agent before Build 7.0.1.0 when used with
Leostream ...)
NOT-FOR-US: Leostream Agent
CVE-2018-18816 (The repository component of TIBCO Software Inc.'s TIBCO
JasperReports ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2018-18815 (The REST API component of TIBCO Software Inc.'s TIBCO
JasperReports ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2018-18814 (The TIBCO Spotfire authentication component of TIBCO Software
Inc.'s ...)
NOT-FOR-US: TIBCO
CVE-2018-18813 (The Spotfire web server component of TIBCO Software Inc.'s
TIBCO ...)
@@ -26310,9 +26312,9 @@ CVE-2018-18811
CVE-2018-18810 (The Administrator Service component of TIBCO Software Inc.'s
TIBCO ...)
NOT-FOR-US: TIBCO
CVE-2018-18809 (The default server implementation of TIBCO Software Inc.'s
TIBCO ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2018-18808 (The domain management component of TIBCO Software Inc.'s TIBCO
...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2018-18807 (The web application of the TIBCO Statistica component of TIBCO
...)
NOT-FOR-US: TIBCO
CVE-2017-18350
@@ -30000,11 +30002,11 @@ CVE-2018-17423
CVE-2018-17422 (dotCMS before 5.0.2 has open redirects via the ...)
NOT-FOR-US: dotCMS
CVE-2018-17421 (An issue was discovered in ZrLog 2.0.3. There is stored XSS in
the file ...)
- TODO: check
+ NOT-FOR-US: ZrLog
CVE-2018-17420 (An issue was discovered in ZrLog 2.0.3. There is a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: ZrLog
CVE-2018-17419 (An issue was discovered in setTA in scan_rr.go in the Miek
Gieben DNS ...)
- TODO: check
+ NOT-FOR-US: Miek Gieben DNS library for Go
CVE-2018-17418 (Monstra CMS 3.0.4 allows remote attackers to execute arbitrary
PHP code ...)
NOT-FOR-US: Monstra CMS
CVE-2018-17417
@@ -37637,7 +37639,7 @@ CVE-2018-14505 (mitmweb in mitmproxy v4.0.3 allows DNS
Rebinding attacks, relate
NOTE: https://github.com/mitmproxy/mitmproxy/issues/3234
NOTE: https://github.com/mitmproxy/mitmproxy/pull/3243
CVE-2018-14499 (An issue was found in HYBBS through 2016-03-08. There is an
XSS ...)
- TODO: check
+ NOT-FOR-US: HYBBS
CVE-2018-14498 (get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and
MozJPEG ...)
- libjpeg-turbo <undetermined>
- mozjpeg <itp> (bug #741487)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/18d508c11fc01dea380106e658f9b03569d7896a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/18d508c11fc01dea380106e658f9b03569d7896a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
