Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
65593ea6 by Thorsten Alteholz at 2019-06-20T10:04:20Z
mark CVE-2019-9917 as ignored so that nobody else will have a look at it
- - - - -
c3422e95 by Thorsten Alteholz at 2019-06-20T10:04:21Z
mark CVE-2019-12829 for radare2 as no-dsa
- - - - -
9128a22a by Thorsten Alteholz at 2019-06-20T10:04:22Z
mark CVE-2019-12865 for radare2 as no-dsa
- - - - -
f6f476b4 by Thorsten Alteholz at 2019-06-20T10:04:24Z
mark CVE-2019-12387 for twisted as no-dsa
- - - - -
30a26e30 by Thorsten Alteholz at 2019-06-20T10:04:25Z
mark CVE-2019-12855 for twisted as no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -89,6 +89,7 @@ CVE-2019-12866
CVE-2019-12865 (In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c
has a dou ...)
- radare2 <unfixed> (bug #930704)
[stretch] - radare2 <no-dsa> (Minor issue)
+ [jessie] - radare2 <no-dsa> (Minor issue)
NOTE: https://github.com/radare/radare2/issues/14334
NOTE:
https://github.com/radare/radare2/commit/40453029179d230cf02ffed205f2d63e33981b8f
CVE-2012-6711 (A heap-based buffer overflow exists in GNU Bash before 4.3 when
wide c ...)
@@ -116,6 +117,7 @@ CVE-2019-12856
CVE-2019-12855 (In words.protocols.jabber.xmlstream in Twisted through 19.2.1,
XMPP su ...)
- twisted <unfixed> (bug #930626)
[stretch] - twisted <no-dsa> (Minor issue)
+ [jessie] - twisted <no-dsa> (Minor issue)
NOTE: https://github.com/twisted/twisted/pull/1147
NOTE: https://twistedmatrix.com/trac/ticket/9561
CVE-2019-12854
@@ -173,6 +175,7 @@ CVE-2019-12830 (In MyBB before 1.8.21, an attacker can
exploit a parsing flaw in
CVE-2019-12829 (radare2 through 3.5.1 mishandles the RParse API, which allows
remote a ...)
- radare2 <unfixed> (bug #930590)
[stretch] - radare2 <no-dsa> (Minor issue)
+ [jessie] - radare2 <no-dsa> (Minor issue)
NOTE: https://github.com/radare/radare2/issues/14303
NOTE:
https://github.com/radare/radare2/commit/b282620b7a8818910c42a29b8f0855a2d13eec14
CVE-2019-12828 (An issue was discovered in Electronic Arts Origin before
10.5.39. Due ...)
@@ -1250,6 +1253,7 @@ CVE-2019-12388
CVE-2019-12387 (In Twisted before 19.2.1, twisted.web did not validate or
sanitize URI ...)
- twisted <unfixed> (bug #930389)
[stretch] - twisted <no-dsa> (Minor issue)
+ [jessie] - twisted <no-dsa> (Minor issue)
NOTE:
https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2
CVE-2019-12386
RESERVED
@@ -7464,7 +7468,7 @@ CVE-2019-9918 (An issue was discovered in the Harmis JE
Messenger component 1.2.
CVE-2019-9917 (ZNC before 1.7.3-rc1 allows an existing remote user to cause a
Denial ...)
{DSA-4463-1}
- znc 1.7.2-2 (bug #925285)
- [jessie] - znc <no-dsa> (Minor issue, workaround is to disable
modpython)
+ [jessie] - znc <ignored> (Minor issue, workaround is to disable
modpython)
NOTE:
https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973
NOTE: Every version between 0.096 and 1.7.2 (incl) is vulnerable to the
issue,
NOTE: but earlier versions could not be fixed without a major rewrite.
A workaround
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/d0576ff6b4202ea5dda0b40c362ded2d5ca2b588...30a26e3078d201e773859700e0096df03b8c5568
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/d0576ff6b4202ea5dda0b40c362ded2d5ca2b588...30a26e3078d201e773859700e0096df03b8c5568
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
