[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Thu, 25 Jul 2019 13:49:32 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6177c47d by Moritz Muehlenhoff at 2019-07-25T20:48:47Z
NFUs
binutils, tcpdump non issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2019-14268 (In Octopus Deploy versions 3.0.19 to 2019.7.2, 
when a web reques
 CVE-2019-14267
        RESERVED
 CVE-2019-14266 (OpenSNS v6.1.0 allows SQL Injection via the 
index.php?s=/ucenter/Confi ...)
-       TODO: check
+       NOT-FOR-US: OpenSNS
 CVE-2019-14265
        RESERVED
 CVE-2019-14264
@@ -41,7 +41,10 @@ CVE-2019-14252
 CVE-2019-14251
        RESERVED
 CVE-2019-14250 (An issue was discovered in GNU libiberty, as distributed in 
GNU Binuti ...)
-       TODO: check
+       - binutils <unfixed> (unimportant)
+       NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924
+       NOTE: https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html
+       NOTE: binutils not covered by security support
 CVE-2019-14249 (dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows 
attacker ...)
        - dwarfutils <unfixed> (low)
        [buster] - dwarfutils <no-dsa> (Minor issue)
@@ -633,7 +636,7 @@ CVE-2019-13962 (lavc_CopyPicture in 
modules/codec/avcodec/video.c in VideoLAN VL
 CVE-2019-13961 (A CSRF vulnerability was found in flatCore before 1.5, leading 
to the  ...)
        NOT-FOR-US: flatCore
 CVE-2019-13960 (** DISPUTED ** In libjpeg-turbo 2.0.2, a large amount of 
memory can be ...)
-       TODO: check
+       NOT-FOR-US: Disputed libjpeg issue, issue would be in application using 
libjpeg
 CVE-2019-13959 (In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not 
handle reall ...)
        NOT-FOR-US: Bento4
 CVE-2019-13958
@@ -6107,7 +6110,7 @@ CVE-2019-12166
 CVE-2019-12165 (MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and 
earlier,  ...)
        NOT-FOR-US: MiCollab
 CVE-2019-12164 (ubuntu-server.js in Status React Native Desktop before 
v0.57.8_mobile_ ...)
-       TODO: check
+       NOT-FOR-US: Status React Native Desktop
 CVE-2019-12163 (GAT-Ship Web Module through 1.30 allows remote attackers to 
obtain pot ...)
        NOT-FOR-US: GAT-Ship Web Module
 CVE-2019-12162 (Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash 
of the do ...)
@@ -12276,7 +12279,8 @@ CVE-2019-1010222 (aubio 0.4.8 and earlier is affected 
by: null pointer. The impa
 CVE-2019-1010221 (LineageOS 16.0 and earlier is affected by: Incorrect Access 
Control. T ...)
        NOT-FOR-US: LineageOS
 CVE-2019-1010220 (tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer 
Over-read. T ...)
-       TODO: check
+       - tcpdumo <unfixed> (unimportant)
+       NOTE: No security impact
 CVE-2019-1010219
        RESERVED
 CVE-2019-1010218 (Cherokee Webserver Latest Cherokee Web server Upto Version 
1.2.103 (Cu ...)
@@ -12306,9 +12310,11 @@ CVE-2019-1010207 (Genetechsolutions Pie Register 
3.0.15 is affected by: Cross Si
 CVE-2019-1010206 (OSS Http Request (Apache Cordova Plugin) 6 is affected by: 
Missing SSL ...)
        NOT-FOR-US: OSS Http Request (Apache Cordova Plugin)
 CVE-2019-1010205 (LINAGORA hublin latest (commit 
72ead897082403126bf8df9264e70f0a9de247f ...)
-       TODO: check
+       NOT-FOR-US: LINAGORA hublin
 CVE-2019-1010204 (GNU binutils gold gold v1.11-v1.16 (GNU binutils 
v2.21-v2.31.1) is aff ...)
-       TODO: check
+       - binutils <unfixed> (unimportant)
+       NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23765
+       NOTE: binutils not covered by security support
 CVE-2019-1010203
        RESERVED
 CVE-2019-1010202 (Jeesite 1.2.7 is affected by: XML External Entity (XXE). The 
impact is ...)
@@ -12354,7 +12360,7 @@ CVE-2019-1010185
 CVE-2019-1010184
        RESERVED
 CVE-2019-1010183 (serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled 
Recursion ...)
-       TODO: check
+       NOT-FOR-US: serde_yaml
 CVE-2019-1010182 (yaml-rust 0.4.0 and earlier is affected by: Uncontrolled 
Recursion. Th ...)
        - rust-yaml-rust <not-affected> (Fixed before initial release to Debian)
        NOTE: https://github.com/chyh1990/yaml-rust/pull/109
@@ -12369,7 +12375,7 @@ CVE-2019-1010178 (Fred MODX Revolution &lt; 1.0.0-beta5 
is affected by: Incorrec
 CVE-2019-1010177 (Jsish 2.4.70 2.047 is affected by: Use After Free. The 
impact is: deni ...)
        NOT-FOR-US: Jsish
 CVE-2019-1010176 (JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 
is affecte ...)
-       TODO: check
+       NOT-FOR-US: JerryScript
 CVE-2019-1010175
        RESERVED
 CVE-2019-1010174 (CImg The CImg Library v.2.3.3 and earlier is affected by: 
command inje ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6177c47d2516b7862bfe5d1f74049ca7353b9be7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6177c47d2516b7862bfe5d1f74049ca7353b9be7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to