Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5f2f7267 by Moritz Muehlenhoff at 2019-06-11T13:15:38Z
new faad, rdesktop issues
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2019-XXXX [faad2 issue fixed in vlc]
+ - faad2 2.8.8-3
+CVE-2019-XXXX [security issues fixed in 1.8.5]
+ - rdesktop 1.8.6-1
CVE-2019-12793
RESERVED
CVE-2019-12792
@@ -75,7 +79,7 @@ CVE-2019-12761 (A code injection issue was discovered in
PyXDG before 0.26 via c
NOTE: https://snyk.io/vuln/SNYK-PYTHON-PYXDG-174562
NOTE: https://gitlab.freedesktop.org/xdg/pyxdg/issues/14
CVE-2019-12760 (A deserialization vulnerability exists in the way parso
through 0.4.0 ...)
- - parso <unfixed>
+ - parso <unfixed> (bug #930356)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1718212
NOTE: https://gist.github.com/dhondta/f71ae7e5c4234f8edfd2f12503a5dcc7
CVE-2019-12759
@@ -7043,8 +7047,8 @@ CVE-2019-9931
CVE-2019-9930
RESERVED
CVE-2019-9929 (Northern.tech CFEngine Enterprise 3.12.1 has Insecure
Permissions. ...)
- - cfengine3 <unfixed>
- TODO: check, older cfengine variants (cfengine2) affected? Only
Enterprise version affected (same version as src:cfengine3)?
+ - cfengine3 <undetermined>
+ NOTE: older cfengine variants (cfengine2) affected? Only Enterprise
version affected (same version as src:cfengine3)?
CVE-2019-9928 (GStreamer before 1.16.0 has a heap-based buffer overflow in the
RTSP c ...)
{DSA-4437-1 DLA-1770-1 DLA-1769-1}
[experimental] - gst-plugins-base1.0 1.15.90-1
@@ -19200,6 +19204,7 @@ CVE-2019-5428
REJECTED
CVE-2019-5427 (c3p0 version < 0.9.5.4 may be exploited by a billion laughs
attack ...)
- c3p0 <unfixed> (low; bug #927936)
+ [buster] - c3p0 <no-dsa> (Minor issue)
[stretch] - c3p0 <no-dsa> (Minor issue)
[jessie] - c3p0 <no-dsa> (Minor issue)
NOTE: https://hackerone.com/reports/509315
@@ -30157,14 +30162,17 @@ CVE-2018-19803
RESERVED
CVE-2018-19802 (aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 2 of 3).
...)
- aubio <unfixed> (bug #930186)
+ [buster] - aubio <no-dsa> (Minor issue)
[stretch] - aubio <no-dsa> (Minor issue)
[jessie] - aubio <no-dsa> (Minor issue)
CVE-2018-19801 (aubio v0.4.0 to v0.4.8 has a NULL pointer dereference (issue 1
of 6). ...)
- aubio <unfixed> (bug #930186)
+ [buster] - aubio <no-dsa> (Minor issue)
[stretch] - aubio <no-dsa> (Minor issue)
[jessie] - aubio <no-dsa> (Minor issue)
CVE-2018-19800 (aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 1 of 3).
...)
- aubio <unfixed> (bug #930186)
+ [buster] - aubio <no-dsa> (Minor issue)
[stretch] - aubio <no-dsa> (Minor issue)
[jessie] - aubio <no-dsa> (Minor issue)
CVE-2018-19799 (Dolibarr ERP/CRM through 8.0.3 has
/exports/export.php?datatoexport= X ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5f2f7267f23336af9a99f5cadc8a3c415730d5c5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5f2f7267f23336af9a99f5cadc8a3c415730d5c5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
