Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7e605c65 by Moritz Muehlenhoff at 2019-05-22T18:39:16Z
modsecurity-crs unimportant
steam NFU despite the installer package
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2091,20 +2091,30 @@ CVE-2019-11393 (An issue was discovered in
/admin/users/update in M/Monit before
CVE-2019-11392
RESERVED
CVE-2019-11391 (An issue was discovered in OWASP ModSecurity Core Rule Set
(CRS) throu ...)
- - modsecurity-crs <unfixed> (bug #928053)
+ - modsecurity-crs <unfixed> (unimportant; bug #928053)
NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1357
+ NOTE: Negligible security impact, doesn't affect the CRS rule set as
used
+ NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in
non-standard settings
CVE-2019-11390 (An issue was discovered in OWASP ModSecurity Core Rule Set
(CRS) throu ...)
- - modsecurity-crs <unfixed> (bug #928053)
+ - modsecurity-crs <unfixed> (unimportant; bug #928053)
NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1358
+ NOTE: Negligible security impact, doesn't affect the CRS rule set as
used
+ NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in
non-standard settings
CVE-2019-11389 (An issue was discovered in OWASP ModSecurity Core Rule Set
(CRS) throu ...)
- - modsecurity-crs <unfixed> (bug #928053)
+ - modsecurity-crs <unfixed> (unimportant; bug #928053)
NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1356
+ NOTE: Negligible security impact, doesn't affect the CRS rule set as
used
+ NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in
non-standard settings
CVE-2019-11388 (An issue was discovered in OWASP ModSecurity Core Rule Set
(CRS) throu ...)
- - modsecurity-crs <unfixed> (bug #928053)
+ - modsecurity-crs <unfixed> (unimportant; bug #928053)
NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1354
+ NOTE: Negligible security impact, doesn't affect the CRS rule set as
used
+ NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in
non-standard settings
CVE-2019-11387 (An issue was discovered in OWASP ModSecurity Core Rule Set
(CRS) throu ...)
- - modsecurity-crs <unfixed> (bug #928053)
+ - modsecurity-crs <unfixed> (unimportant; bug #928053)
NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1359
+ NOTE: Negligible security impact, doesn't affect the CRS rule set as
used
+ NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in
non-standard settings
CVE-2019-11386
RESERVED
CVE-2019-11385
@@ -51501,7 +51511,9 @@ CVE-2018-12272 (xowl/request.php in Ximdex 4.0 has XSS
via the content parameter
CVE-2018-12271 (** DISPUTED ** An issue was discovered in the
com.getdropbox.Dropbox a ...)
NOT-FOR-US: com.getdropbox.Dropbox app for IOS
CVE-2018-12270 (In Valve Steam 1528829181 BETA, it is possible to perform a
homograph ...)
- TODO: check
+ NOT-FOR-US: Valve Steam
+ NOTE: Debian ships an installer as src:steam, but it auto-updates
whenever Steam
+ NOTE: is started, so nothing really to be updated there
CVE-2018-12269
RESERVED
CVE-2018-12268 (acccheck.pl in acccheck 0.2.1 allows Command Injection via
shell metac ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e605c65679ff860b53fea61247174bace72a8b0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e605c65679ff860b53fea61247174bace72a8b0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
