Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f550ce52 by security tracker role at 2019-04-04T20:10:26Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2019-10867 (An issue was discovered in Pimcore before 5.7.1. An attacker
with clas ...)
+ TODO: check
+CVE-2019-10866
+ RESERVED
+CVE-2019-10865
+ RESERVED
+CVE-2019-10864
+ RESERVED
+CVE-2019-10863 (A command injection vulnerability exists in TeemIp versions
before 2.4 ...)
+ TODO: check
+CVE-2019-10862
+ RESERVED
+CVE-2019-10861
+ RESERVED
+CVE-2019-10860
+ RESERVED
+CVE-2019-10859
+ RESERVED
+CVE-2019-10858
+ RESERVED
+CVE-2019-10857
+ RESERVED
+CVE-2019-10856 (In Jupyter Notebook before 5.7.8, an open redirect can occur
via an em ...)
+ TODO: check
+CVE-2019-10855
+ RESERVED
+CVE-2019-10854
+ RESERVED
+CVE-2019-10853
+ RESERVED
+CVE-2019-10852
+ RESERVED
+CVE-2019-10851
+ RESERVED
+CVE-2019-10850
+ RESERVED
+CVE-2019-10849
+ RESERVED
+CVE-2019-10848
+ RESERVED
+CVE-2019-10847
+ RESERVED
+CVE-2019-10846
+ RESERVED
CVE-2019-10845
RESERVED
CVE-2019-10844 (nbla/logger.cpp in libnnabla.a in Sony Neural Network
Libraries (aka n ...)
@@ -245,104 +289,104 @@ CVE-2019-10724
CVE-2019-10723 (An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache
class i ...)
- libpodofo <unfixed>
NOTE: https://sourceforge.net/p/podofo/tickets/46/
-CVE-2019-1003099
- RESERVED
-CVE-2019-1003098
- RESERVED
-CVE-2019-1003097
- RESERVED
-CVE-2019-1003096
- RESERVED
-CVE-2019-1003095
- RESERVED
-CVE-2019-1003094
- RESERVED
-CVE-2019-1003093
- RESERVED
-CVE-2019-1003092
- RESERVED
-CVE-2019-1003091
- RESERVED
-CVE-2019-1003090
- RESERVED
-CVE-2019-1003089
- RESERVED
-CVE-2019-1003088
- RESERVED
-CVE-2019-1003087
- RESERVED
-CVE-2019-1003086
- RESERVED
-CVE-2019-1003085
- RESERVED
-CVE-2019-1003084
- RESERVED
-CVE-2019-1003083
- RESERVED
-CVE-2019-1003082
- RESERVED
-CVE-2019-1003081
- RESERVED
-CVE-2019-1003080
- RESERVED
-CVE-2019-1003079
- RESERVED
-CVE-2019-1003078
- RESERVED
-CVE-2019-1003077
- RESERVED
-CVE-2019-1003076
- RESERVED
-CVE-2019-1003075
- RESERVED
-CVE-2019-1003074
- RESERVED
-CVE-2019-1003073
- RESERVED
-CVE-2019-1003072
- RESERVED
-CVE-2019-1003071
- RESERVED
-CVE-2019-1003070
- RESERVED
-CVE-2019-1003069
- RESERVED
-CVE-2019-1003068
- RESERVED
-CVE-2019-1003067
- RESERVED
-CVE-2019-1003066
- RESERVED
-CVE-2019-1003065
- RESERVED
-CVE-2019-1003064
- RESERVED
-CVE-2019-1003063
- RESERVED
-CVE-2019-1003062
- RESERVED
-CVE-2019-1003061
- RESERVED
-CVE-2019-1003060
- RESERVED
-CVE-2019-1003059
- RESERVED
-CVE-2019-1003058
- RESERVED
-CVE-2019-1003057
- RESERVED
-CVE-2019-1003056
- RESERVED
-CVE-2019-1003055
- RESERVED
-CVE-2019-1003054
- RESERVED
-CVE-2019-1003053
- RESERVED
-CVE-2019-1003052
- RESERVED
-CVE-2019-1003051
- RESERVED
+CVE-2019-1003099 (A missing permission check in Jenkins openid Plugin in the
OpenIdSsoSe ...)
+ TODO: check
+CVE-2019-1003098 (A cross-site request forgery vulnerability in Jenkins openid
Plugin in ...)
+ TODO: check
+CVE-2019-1003097 (Jenkins Crowd Integration Plugin stores credentials
unencrypted in the ...)
+ TODO: check
+CVE-2019-1003096 (Jenkins TestFairy Plugin stores credentials unencrypted in
job config. ...)
+ TODO: check
+CVE-2019-1003095 (Jenkins Perfecto Mobile Plugin stores credentials
unencrypted in its g ...)
+ TODO: check
+CVE-2019-1003094 (Jenkins Open STF Plugin stores credentials unencrypted in
its global c ...)
+ TODO: check
+CVE-2019-1003093 (A missing permission check in Jenkins Nomad Plugin in the
NomadCloud.D ...)
+ TODO: check
+CVE-2019-1003092 (A cross-site request forgery vulnerability in Jenkins Nomad
Plugin in ...)
+ TODO: check
+CVE-2019-1003091 (A missing permission check in Jenkins SOASTA CloudTest
Plugin in the C ...)
+ TODO: check
+CVE-2019-1003090 (A cross-site request forgery vulnerability in Jenkins SOASTA
CloudTest ...)
+ TODO: check
+CVE-2019-1003089 (Jenkins Upload to pgyer Plugin stores credentials
unencrypted in job c ...)
+ TODO: check
+CVE-2019-1003088 (Jenkins Fabric Beta Publisher Plugin stores credentials
unencrypted in ...)
+ TODO: check
+CVE-2019-1003087 (A missing permission check in Jenkins Chef Sinatra Plugin in
the ChefB ...)
+ TODO: check
+CVE-2019-1003086 (A cross-site request forgery vulnerability in Jenkins Chef
Sinatra Plu ...)
+ TODO: check
+CVE-2019-1003085 (A missing permission check in Jenkins Zephyr Enterprise Test
Managemen ...)
+ TODO: check
+CVE-2019-1003084 (A cross-site request forgery vulnerability in Jenkins Zephyr
Enterpris ...)
+ TODO: check
+CVE-2019-1003083 (A missing permission check in Jenkins Gearman Plugin in the
GearmanPlu ...)
+ TODO: check
+CVE-2019-1003082 (A cross-site request forgery vulnerability in Jenkins
Gearman Plugin i ...)
+ TODO: check
+CVE-2019-1003081 (A missing permission check in Jenkins OpenShift Deployer
Plugin in the ...)
+ TODO: check
+CVE-2019-1003080 (A cross-site request forgery vulnerability in Jenkins
OpenShift Deploy ...)
+ TODO: check
+CVE-2019-1003079 (A missing permission check in Jenkins VMware Lab Manager
Slaves Plugin ...)
+ TODO: check
+CVE-2019-1003078 (A cross-site request forgery vulnerability in Jenkins VMware
Lab Manag ...)
+ TODO: check
+CVE-2019-1003077 (A missing permission check in Jenkins Audit to Database
Plugin in the ...)
+ TODO: check
+CVE-2019-1003076 (A cross-site request forgery vulnerability in Jenkins Audit
to Databas ...)
+ TODO: check
+CVE-2019-1003075 (Jenkins Audit to Database Plugin stores credentials
unencrypted in its ...)
+ TODO: check
+CVE-2019-1003074 (Jenkins Hyper.sh Commons Plugin stores credentials
unencrypted in its ...)
+ TODO: check
+CVE-2019-1003073 (Jenkins VS Team Services Continuous Deployment Plugin stores
credentia ...)
+ TODO: check
+CVE-2019-1003072 (Jenkins WildFly Deployer Plugin stores credentials
unencrypted in job ...)
+ TODO: check
+CVE-2019-1003071 (Jenkins OctopusDeploy Plugin stores credentials unencrypted
in its glo ...)
+ TODO: check
+CVE-2019-1003070 (Jenkins veracode-scanner Plugin stores credentials
unencrypted in its ...)
+ TODO: check
+CVE-2019-1003069 (Jenkins Aqua Security Scanner Plugin stores credentials
unencrypted in ...)
+ TODO: check
+CVE-2019-1003068 (Jenkins VMware vRealize Automation Plugin stores credentials
unencrypt ...)
+ TODO: check
+CVE-2019-1003067 (Jenkins Trac Publisher Plugin stores credentials unencrypted
in job co ...)
+ TODO: check
+CVE-2019-1003066 (Jenkins Bugzilla Plugin stores credentials unencrypted in
its global c ...)
+ TODO: check
+CVE-2019-1003065 (Jenkins CloudShare Docker-Machine Plugin stores credentials
unencrypte ...)
+ TODO: check
+CVE-2019-1003064 (Jenkins aws-device-farm Plugin stores credentials
unencrypted in its g ...)
+ TODO: check
+CVE-2019-1003063 (Jenkins Amazon SNS Build Notifier Plugin stores credentials
unencrypte ...)
+ TODO: check
+CVE-2019-1003062 (Jenkins AWS CloudWatch Logs Publisher Plugin stores
credentials unencr ...)
+ TODO: check
+CVE-2019-1003061 (Jenkins jenkins-cloudformation-plugin Plugin stores
credentials unencr ...)
+ TODO: check
+CVE-2019-1003060 (Jenkins Official OWASP ZAP Plugin stores credentials
unencrypted in it ...)
+ TODO: check
+CVE-2019-1003059 (A missing permission check in Jenkins FTP publisher Plugin
in the FTPP ...)
+ TODO: check
+CVE-2019-1003058 (A cross-site request forgery vulnerability in Jenkins FTP
publisher Pl ...)
+ TODO: check
+CVE-2019-1003057 (Jenkins Bitbucket Approve Plugin stores credentials
unencrypted in its ...)
+ TODO: check
+CVE-2019-1003056 (Jenkins WebSphere Deployer Plugin stores credentials
unencrypted in jo ...)
+ TODO: check
+CVE-2019-1003055 (Jenkins FTP publisher Plugin stores credentials unencrypted
in its glo ...)
+ TODO: check
+CVE-2019-1003054 (Jenkins Jira Issue Updater Plugin stores credentials
unencrypted in jo ...)
+ TODO: check
+CVE-2019-1003053 (Jenkins HockeyApp Plugin stores credentials unencrypted in
job config. ...)
+ TODO: check
+CVE-2019-1003052 (Jenkins AWS Elastic Beanstalk Publisher Plugin stores
credentials unen ...)
+ TODO: check
+CVE-2019-1003051 (Jenkins IRC Plugin stores credentials unencrypted in its
global config ...)
+ TODO: check
CVE-2019-XXXX [Guessing order on field without access]
- tryton-server <unfixed>
NOTE: https://discuss.tryton.org/t/security-release-for-issue8189/1262
@@ -1207,52 +1251,52 @@ CVE-2019-10301
RESERVED
CVE-2019-10300
RESERVED
-CVE-2019-10299
- RESERVED
-CVE-2019-10298
- RESERVED
-CVE-2019-10297
- RESERVED
-CVE-2019-10296
- RESERVED
-CVE-2019-10295
- RESERVED
-CVE-2019-10294
- RESERVED
-CVE-2019-10293
- RESERVED
-CVE-2019-10292
- RESERVED
-CVE-2019-10291
- RESERVED
-CVE-2019-10290
- RESERVED
-CVE-2019-10289
- RESERVED
-CVE-2019-10288
- RESERVED
-CVE-2019-10287
- RESERVED
-CVE-2019-10286
- RESERVED
-CVE-2019-10285
- RESERVED
-CVE-2019-10284
- RESERVED
-CVE-2019-10283
- RESERVED
-CVE-2019-10282
- RESERVED
-CVE-2019-10281
- RESERVED
-CVE-2019-10280
- RESERVED
-CVE-2019-10279
- RESERVED
-CVE-2019-10278
- RESERVED
-CVE-2019-10277
- RESERVED
+CVE-2019-10299 (Jenkins CloudCoreo DeployTime Plugin stores credentials
unencrypted in ...)
+ TODO: check
+CVE-2019-10298 (Jenkins Koji Plugin stores credentials unencrypted in its
global confi ...)
+ TODO: check
+CVE-2019-10297 (Jenkins Sametime Plugin stores credentials unencrypted in its
global c ...)
+ TODO: check
+CVE-2019-10296 (Jenkins Serena SRA Deploy Plugin stores credentials
unencrypted in its ...)
+ TODO: check
+CVE-2019-10295 (Jenkins crittercism-dsym Plugin stores credentials unencrypted
in job ...)
+ TODO: check
+CVE-2019-10294 (Jenkins Kmap Plugin stores credentials unencrypted in job
config.xml f ...)
+ TODO: check
+CVE-2019-10293 (A missing permission check in Jenkins Kmap Plugin in
KmapJenkinsBuilde ...)
+ TODO: check
+CVE-2019-10292 (A cross-site request forgery vulnerability in Jenkins Kmap
Plugin in K ...)
+ TODO: check
+CVE-2019-10291 (Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored
credential ...)
+ TODO: check
+CVE-2019-10290 (A missing permission check in Jenkins Netsparker Cloud Scan
Plugin 1.1 ...)
+ TODO: check
+CVE-2019-10289 (A cross-site request forgery vulnerability in Jenkins
Netsparker Cloud ...)
+ TODO: check
+CVE-2019-10288 (Jenkins Jabber Server Plugin stores credentials unencrypted in
its glo ...)
+ TODO: check
+CVE-2019-10287 (Jenkins youtrack-plugin Plugin 0.7.1 and older stored
credentials unen ...)
+ TODO: check
+CVE-2019-10286 (Jenkins DeployHub Plugin stores credentials unencrypted in job
config. ...)
+ TODO: check
+CVE-2019-10285 (Jenkins Minio Storage Plugin stores credentials unencrypted in
its glo ...)
+ TODO: check
+CVE-2019-10284 (Jenkins Diawi Upload Plugin stores credentials unencrypted in
job conf ...)
+ TODO: check
+CVE-2019-10283 (Jenkins mabl Plugin stores credentials unencrypted in job
config.xml f ...)
+ TODO: check
+CVE-2019-10282 (Jenkins Klaros-Testmanagement Plugin stores credentials
unencrypted in ...)
+ TODO: check
+CVE-2019-10281 (Jenkins Relution Enterprise Appstore Publisher Plugin stores
credentia ...)
+ TODO: check
+CVE-2019-10280 (Jenkins Assembla Auth Plugin stores credentials unencrypted in
the glo ...)
+ TODO: check
+CVE-2019-10279 (A missing permission check in Jenkins jenkins-reviewbot Plugin
in the ...)
+ TODO: check
+CVE-2019-10278 (A cross-site request forgery vulnerability in Jenkins
jenkins-reviewbo ...)
+ TODO: check
+CVE-2019-10277 (Jenkins StarTeam Plugin stores credentials unencrypted in job
config.x ...)
+ TODO: check
CVE-2019-XXXX [insecure handling of /tmp/VMwareDnD]
- open-vm-tools 2:10.3.10-1 (bug #925959; unimportant)
NOTE:
https://github.com/vmware/open-vm-tools/commit/e88f91b00a715b79255de6576506d80ecfdb064c
@@ -1263,8 +1307,8 @@ CVE-2019-10275
RESERVED
CVE-2019-10274
RESERVED
-CVE-2019-10273
- RESERVED
+CVE-2019-10273 (Information leakage vulnerability in the /mc login page in
ManageEngin ...)
+ TODO: check
CVE-2019-10272
RESERVED
CVE-2019-10271
@@ -9935,8 +9979,8 @@ CVE-2019-7003
RESERVED
CVE-2019-7002
RESERVED
-CVE-2019-7001
- RESERVED
+CVE-2019-7001 (A SQL injection vulnerability in the WebUI component of IP
Office Cont ...)
+ TODO: check
CVE-2019-7000
RESERVED
CVE-2019-6999
@@ -10968,8 +11012,8 @@ CVE-2019-6555 (Cscape, 9.80 SP4 and prior. An improper
input validation vulnerab
NOT-FOR-US: Cscape
CVE-2019-6554
RESERVED
-CVE-2019-6553
- RESERVED
+CVE-2019-6553 (A vulnerability was found in Rockwell Automation RSLinx Classic
versio ...)
+ TODO: check
CVE-2019-6552
RESERVED
CVE-2019-6551 (Pangea Communications Internet FAX ATA all Versions 3.1.8 and
prior al ...)
@@ -14659,7 +14703,7 @@ CVE-2019-5024
CVE-2019-5023
RESERVED
CVE-2019-5022
- RESERVED
+ REJECTED
CVE-2019-5021
RESERVED
CVE-2019-5020
@@ -16973,8 +17017,8 @@ CVE-2019-3888
RESERVED
CVE-2019-3887
RESERVED
-CVE-2019-3886
- RESERVED
+CVE-2019-3886 (An incorrect permissions check was discovered in libvirt 4.8.0
and abo ...)
+ TODO: check
CVE-2019-3885
RESERVED
CVE-2019-3884
@@ -17018,7 +17062,7 @@ CVE-2019-3873
CVE-2019-3872
RESERVED
CVE-2019-3871 (A vulnerability was found in PowerDNS Authoritative Server
before 4.0. ...)
- {DLA-1737-1}
+ {DSA-4424-1 DLA-1737-1}
- pdns 4.1.6-2 (bug #924966)
NOTE: https://github.com/PowerDNS/pdns/issues/7573
NOTE:
https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html
@@ -18811,8 +18855,7 @@ CVE-2018-20450 (The read_MSAT function in ole.c in
libxls 1.4.0 has a double fre
- r-cran-readxl 1.2.0.9000-1 (bug #919324)
[stretch] - r-cran-readxl 0.1.1-1+deb9u2
NOTE: https://github.com/evanmiller/libxls/issues/34
-CVE-2018-20449
- RESERVED
+CVE-2018-20449 (The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c
in the L ...)
- linux <unfixed>
NOTE:
https://lists.debian.org/debian-security-tracker/2019/01/msg00029.html
CVE-2018-20448 (Frog CMS 0.9.5 has XSS via the Database name field to the
/install/ind ...)
@@ -19567,8 +19610,7 @@ CVE-2018-20230 (An issue was discovered in PSPP 1.2.0.
There is a heap-based buf
[jessie] - pspp <no-dsa> (Crash cannot be observed under normal
conditions)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1660318
NOTE:
https://git.savannah.gnu.org/cgit/pspp.git/commit/?id=abd1f816ca3b4f382bddf4564ad092aa934f0ccc
-CVE-2018-20229
- RESERVED
+CVE-2018-20229 (GitLab Community and Enterprise Edition before 11.3.14, 11.4.x
before ...)
- gitlab 11.5.5+dfsg-1
NOTE:
https://about.gitlab.com/2018/12/20/critical-security-release-gitlab-11-dot-5-dot-5-released/
CVE-2018-20228 (Subsonic V6.1.5 allows internetRadioSettings.view streamUrl
CSRF, with ...)
@@ -19583,8 +19625,8 @@ CVE-2018-20224
RESERVED
CVE-2018-20223
RESERVED
-CVE-2018-20222
- RESERVED
+CVE-2018-20222 (XXE issue in Airsonic before 10.1.2 during parse. ...)
+ TODO: check
CVE-2018-20221 (Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and
prior are ...)
NOT-FOR-US: Deltek
CVE-2018-20220 (An issue was discovered on Teracue ENC-400 devices with
firmware 2.56 ...)
@@ -23245,8 +23287,8 @@ CVE-2018-19983 (An issue was discovered on Sigma Design
Z-Wave S0 through S2 dev
NOT-FOR-US: Sigma Design Z-Wave devices
CVE-2018-19982 (An issue was discovered on KT MC01507L Z-Wave S0 devices. It
occurs be ...)
NOT-FOR-US: KT MC01507L Z-Wave S0 devices
-CVE-2018-19981
- RESERVED
+CVE-2018-19981 (Amazon AWS SDK <=2.8.5 for Android uses Android
SharedPreferences t ...)
+ TODO: check
CVE-2018-19980 (Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow
attackers to cau ...)
NOT-FOR-US: Anker Nebula Capsule Pro devices
CVE-2018-19979
@@ -23666,10 +23708,10 @@ CVE-2019-1830
RESERVED
CVE-2019-1829
RESERVED
-CVE-2019-1828
- RESERVED
-CVE-2019-1827
- RESERVED
+CVE-2019-1828 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
+CVE-2019-1827 (A vulnerability in the Online Help web service of Cisco Small
Business ...)
+ TODO: check
CVE-2019-1826
RESERVED
CVE-2019-1825
@@ -43087,8 +43129,7 @@ CVE-2018-13920
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13919
RESERVED
-CVE-2018-13918
- RESERVED
+CVE-2018-13918 (kernel could return a received message length higher than
expected, wh ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13917
RESERVED
@@ -48165,11 +48206,9 @@ CVE-2018-11973
RESERVED
CVE-2018-11972
RESERVED
-CVE-2018-11971
- RESERVED
+CVE-2018-11971 (Interrupt exit code flow may undermine access control policy
set forth ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11970
- RESERVED
+CVE-2018-11970 (TZ App dynamic allocations not protected from XBL loader in
Snapdragon ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11969
RESERVED
@@ -48179,8 +48218,7 @@ CVE-2018-11968
CVE-2018-11967
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11966
- RESERVED
+CVE-2018-11966 (Undefined behavior in UE while processing unknown IEI in OTA
message i ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11965 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD Andro ...)
NOT-FOR-US: CodeAurora components for Android
@@ -48196,8 +48234,7 @@ CVE-2018-11960 (In all android releases(Android for
MSM, Firefox OS for MSM, QRD
NOT-FOR-US: CodeAurora components for Android
CVE-2018-11959
RESERVED
-CVE-2018-11958
- RESERVED
+CVE-2018-11958 (Insufficient protection of keys in keypad can lead HLOS to
gain access ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11957
RESERVED
@@ -48465,8 +48502,8 @@ CVE-2018-11832 (In all android releases (Android for
MSM, Firefox OS for MSM, QR
NOT-FOR-US: Android kernel, code not in mainline
CVE-2018-11831
RESERVED
-CVE-2018-11830
- RESERVED
+CVE-2018-11830 (Improper input validation in QCPE create function may lead to
integer ...)
+ TODO: check
CVE-2018-11829
RESERVED
CVE-2018-11828 (When FW tries to get random mac address generated from new SW
RNG and ...)
@@ -53001,12 +53038,12 @@ CVE-2018-10246
CVE-2018-10245 (A Full Path Disclosure vulnerability in AWStats through 7.6
allows rem ...)
- awstats <unfixed> (unimportant)
NOTE: Path disclosure for awstats negligible within Debian
-CVE-2018-10244
- RESERVED
-CVE-2018-10243
- RESERVED
-CVE-2018-10242
- RESERVED
+CVE-2018-10244 (Suricata version 4.0.4 incorrectly handles the parsing of an
EtherNet/ ...)
+ TODO: check
+CVE-2018-10243 (htp_parse_authorization_digest in htp_parsers.c in LibHTP
0.5.26 allow ...)
+ TODO: check
+CVE-2018-10242 (Suricata version 4.0.4 incorrectly handles the parsing of the
SSH bann ...)
+ TODO: check
CVE-2014-10073 (The create_response function in server/server.c in Psensor
before 1.1. ...)
{DLA-1361-1}
- psensor 1.1.5-1 (low; bug #896195)
@@ -205205,8 +205242,7 @@ CVE-2014-3605
CVE-2014-3604 (Certificates.java in Not Yet Commons SSL before 0.3.15 does not
proper ...)
- not-yet-commons-ssl 0.3.15-1 (bug #759526)
NOTE:
http://lists.juliusdavies.ca/pipermail/not-yet-commons-ssl-juliusdavies.ca/2014-August/000832.html
-CVE-2014-3603 [HTTPS Connections Via HTTP Resources Do Not Perform Hostname
Verification]
- RESERVED
+CVE-2014-3603 (The (1) HttpResource and (2) FileBackedHttpResource
implementations in ...)
- libopensaml2-java 2.6.2-1 (bug #759470)
NOTE: http://shibboleth.net/community/advisories/secadv_20140813.txt
NOTE:
http://svn.shibboleth.net/view/java-opensaml2/branches/REL_2/src/main/java/org/opensaml/DefaultBootstrap.java?r1=1622&r2=1666&pathrev=1666
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f550ce522e39d59322229c206f9dd1a17009162c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f550ce522e39d59322229c206f9dd1a17009162c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
