[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2019-11499/dovecot

Tue, 30 Apr 2019 06:55:44 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d062c535 by Salvatore Bonaccorso at 2019-04-30T13:54:50Z
Add CVE-2019-11499/dovecot

- - - - -
7330dcde by Salvatore Bonaccorso at 2019-04-30T13:55:09Z
Add CVE-2019-11494/dovecot

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -240,8 +240,12 @@ CVE-2019-11501
        RESERVED
 CVE-2019-11500
        RESERVED
-CVE-2019-11499
+CVE-2019-11499 [Submission-login crashes when authentication is started over 
TLS secured channel and invalid authentication message is sent]
        RESERVED
+       - dovecot <unfixed>
+       [stretch] - dovecot <not-affected> (Vulnerable code not present, 
introduced in 2.3)
+       [jessie] - dovecot <not-affected> (Vulnerable code not present, 
introduced in 2.3)
+       NOTE: https://dovecot.org/pipermail/dovecot/2019-April/115758.html
 CVE-2019-11498 (WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in 
WavPack t ...)
        - wavpack 5.1.0-6 (low; bug #927903)
        [stretch] - wavpack <no-dsa> (Minor issue)
@@ -253,8 +257,12 @@ CVE-2019-11496
        RESERVED
 CVE-2019-11495
        RESERVED
-CVE-2019-11494
+CVE-2019-11494 [Submission-login crashes with signal 11 due to null pointer 
access when authentication is aborted by disconnecting.]
        RESERVED
+       - dovecot <unfixed>
+       [stretch] - dovecot <not-affected> (Vulnerable code not present, 
introduced in 2.3)
+       [jessie] - dovecot <not-affected> (Vulnerable code not present, 
introduced in 2.3)
+       NOTE: https://dovecot.org/pipermail/dovecot/2019-April/115757.html
 CVE-2019-11493 (VeryPDF 4.1 has a Memory Overflow leading to Code Execution 
because pd ...)
        NOT-FOR-US: VeryPDF
 CVE-2019-11492 (ProjectSend before r1070 writes user passwords to the server 
logs. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/126b98b97495deaffbb6978344506362809d5283...7330dcdeda8aff5c7df5e73ea31e8467bf3bdbde

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/126b98b97495deaffbb6978344506362809d5283...7330dcdeda8aff5c7df5e73ea31e8467bf3bdbde
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to