Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 68265060 by Moritz Muehlenhoff at 2019-04-05T12:27:55Z new teeworlds, poppler, neutron issues NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,21 +1,34 @@ CVE-2019-10879 (In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::O ...) - TODO: check + - teeworlds <unfixed> + NOTE: https://github.com/teeworlds/teeworlds/issues/2070 + NOTE: https://github.com/teeworlds/teeworlds/commit/4d529dcd2d01022e979ebfa0b91167dee37cdb8e CVE-2019-10878 (In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader: ...) - TODO: check + - teeworlds <unfixed> + NOTE: https://github.com/teeworlds/teeworlds/issues/2073 + NOTE: https://github.com/teeworlds/teeworlds/commit/e086f4b35b1adf7edc35b4ad332dc7ed1edc5988 CVE-2019-10877 (In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in en ...) - TODO: check + - teeworlds <unfixed> + NOTE: https://github.com/teeworlds/teeworlds/issues/2071 + NOTE: https://github.com/teeworlds/teeworlds/commit/d25869626a8cfbdd320929ba93ce73abed1402ce + NOTE: https://github.com/teeworlds/teeworlds/commit/e086f4b35b1adf7edc35b4ad332dc7ed1edc5988 CVE-2019-10876 (An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x ...) - TODO: check + - neutron <unfixed> + NOTE: https://bugs.launchpad.net/ossa/+bug/1813007 + NOTE: https://review.openstack.org/#/q/topic:bug/1813007 CVE-2019-10875 RESERVED CVE-2019-10874 (Cross Site Request Forgery (CSRF) in the bolt/upload File Upload featu ...) - TODO: check + NOT-FOR-US: Bolt CMS CVE-2019-10873 (An issue was discovered in Poppler 0.74.0. There is a NULL pointer der ...) - TODO: check + - poppler <unfixed> + NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/748 + NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8dbe2e6c480405dab9347075cf4be626f90f1d05 CVE-2019-10872 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...) - TODO: check + - poppler <unfixed> + NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/750 CVE-2019-10871 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...) - TODO: check + - poppler <unfixed> + NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/751 CVE-2019-10870 RESERVED CVE-2019-10869 @@ -69,7 +82,7 @@ CVE-2019-10846 CVE-2019-10845 RESERVED CVE-2019-10844 (nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka n ...) - TODO: check + NOT-FOR-US: Sony CVE-2019-10843 RESERVED CVE-2019-10842 (Arbitrary code execution (via backdoor code) was discovered in bootstr ...) @@ -340,77 +353,77 @@ CVE-2019-1003088 (Jenkins Fabric Beta Publisher Plugin stores credentials unencr CVE-2019-1003087 (A missing permission check in Jenkins Chef Sinatra Plugin in the ChefB ...) NOT-FOR-US: Jenkins Chef Sinatra Plugin CVE-2019-1003086 (A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plu ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003085 (A missing permission check in Jenkins Zephyr Enterprise Test Managemen ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003084 (A cross-site request forgery vulnerability in Jenkins Zephyr Enterpris ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003083 (A missing permission check in Jenkins Gearman Plugin in the GearmanPlu ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003082 (A cross-site request forgery vulnerability in Jenkins Gearman Plugin i ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003081 (A missing permission check in Jenkins OpenShift Deployer Plugin in the ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003080 (A cross-site request forgery vulnerability in Jenkins OpenShift Deploy ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003079 (A missing permission check in Jenkins VMware Lab Manager Slaves Plugin ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003078 (A cross-site request forgery vulnerability in Jenkins VMware Lab Manag ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003077 (A missing permission check in Jenkins Audit to Database Plugin in the ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003076 (A cross-site request forgery vulnerability in Jenkins Audit to Databas ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003075 (Jenkins Audit to Database Plugin stores credentials unencrypted in its ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003074 (Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003073 (Jenkins VS Team Services Continuous Deployment Plugin stores credentia ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003072 (Jenkins WildFly Deployer Plugin stores credentials unencrypted in job ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003071 (Jenkins OctopusDeploy Plugin stores credentials unencrypted in its glo ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003070 (Jenkins veracode-scanner Plugin stores credentials unencrypted in its ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003069 (Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003068 (Jenkins VMware vRealize Automation Plugin stores credentials unencrypt ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003067 (Jenkins Trac Publisher Plugin stores credentials unencrypted in job co ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003066 (Jenkins Bugzilla Plugin stores credentials unencrypted in its global c ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003065 (Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypte ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003064 (Jenkins aws-device-farm Plugin stores credentials unencrypted in its g ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003063 (Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypte ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003062 (Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencr ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003061 (Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencr ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003060 (Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in it ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003059 (A missing permission check in Jenkins FTP publisher Plugin in the FTPP ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003058 (A cross-site request forgery vulnerability in Jenkins FTP publisher Pl ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003057 (Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003056 (Jenkins WebSphere Deployer Plugin stores credentials unencrypted in jo ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003055 (Jenkins FTP publisher Plugin stores credentials unencrypted in its glo ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003054 (Jenkins Jira Issue Updater Plugin stores credentials unencrypted in jo ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003053 (Jenkins HockeyApp Plugin stores credentials unencrypted in job config. ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003052 (Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unen ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-1003051 (Jenkins IRC Plugin stores credentials unencrypted in its global config ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2019-10868 (In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 befo ...) - tryton-server <unfixed> NOTE: https://discuss.tryton.org/t/security-release-for-issue8189/1262 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6826506007799321ff7f68ed33ef5bf91b83a97b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6826506007799321ff7f68ed33ef5bf91b83a97b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
