Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8d658bdb by Moritz Muehlenhoff at 2019-09-06T10:50:15Z
Add Exim upstream commit
ffmpeg n/a
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -30,7 +30,8 @@ CVE-2019-15944 (In Counter-Strike: Global Offensive before
8/29/2019, community
CVE-2019-15943
RESERVED
CVE-2019-15942 (FFmpeg through 4.2 has a "Conditional jump or move depends on
uninitia ...)
- TODO: check
+ - ffmpeg <not-affected> (Only affects 4.2)
+ NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=af70bfbeadc0c9b9215cf045ff2a6a31e8ac3a71
CVE-2019-15941
RESERVED
CVE-2019-15940
@@ -270,7 +271,7 @@ CVE-2019-15850
CVE-2019-15849
RESERVED
CVE-2019-15848 (JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site
scripting (XS ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2019-15847 (The POWER9 backend in GNU Compiler Collection (GCC) before
version 10 ...)
TODO: check
CVE-2015-9383 (FreeType before 2.6.2 has a heap-based buffer over-read in
tt_cmap14_v ...)
@@ -292,6 +293,7 @@ CVE-2019-15846 [local or remote attacker can execute
programs with root privileg
RESERVED
- exim4 <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/09/04/1
+ NOTE:
https://git.exim.org/exim.git/commit/2600301ba6dbac5c9d640c87007a07ee6dcea1f4
CVE-2019-XXXX [rust image: Flaw in interface may drop uninitialized instance
of arbitrary types]
- rust-image <not-affected> (Fixed before initial upload)
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0014.html
@@ -2613,7 +2615,7 @@ CVE-2019-15031
CVE-2019-15030
RESERVED
CVE-2019-15029 (FusionPBX 4.4.8 allows an attacker to execute arbitrary system
command ...)
- TODO: check
+ NOT-FOR-US: FusionPBX
CVE-2019-15028 (In Joomla! before 3.9.11, inadequate checks in com_contact
could allow ...)
NOT-FOR-US: Joomla!
CVE-2019-15027 (The MediaTek Embedded Multimedia Card (eMMC) subsystem for
Android on ...)
@@ -2752,7 +2754,7 @@ CVE-2019-14995
CVE-2019-14994
RESERVED
CVE-2019-14993 (Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular
expressi ...)
- TODO: check
+ NOT-FOR-US: Istio
CVE-2019-14992
REJECTED
CVE-2019-14991
@@ -5106,7 +5108,7 @@ CVE-2019-14341
CVE-2019-14340
RESERVED
CVE-2019-14339 (The ContentProvider in the Canon PRINT
jp.co.canon.bsd.ad.pixmaprint 2 ...)
- TODO: check
+ NOT-FOR-US: CANON
CVE-2019-14338 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax
4.2.0.14 2 ...)
NOT-FOR-US: D-Link
CVE-2019-14337 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax
4.2.0.14 2 ...)
@@ -5146,7 +5148,7 @@ CVE-2019-14321
CVE-2019-14320
RESERVED
CVE-2019-14319 (The TikTok (formerly Musical.ly) application 12.2.0 for
Android and iO ...)
- TODO: check
+ NOT-FOR-US: TikTok
CVE-2019-14318 (Crypto++ 8.3.0 and earlier contains a timing side channel in
ECDSA sig ...)
[experimental] - libcrypto++ 8.2.0-2
- libcrypto++ 5.6.4-9 (low; bug #934326)
@@ -5170,9 +5172,9 @@ CVE-2019-14310
CVE-2019-14309
RESERVED
CVE-2019-14308 (Several Ricoh printers have multiple buffer overflows parsing
LPD pack ...)
- TODO: check
+ NOT-FOR-US: Ricoh
CVE-2019-14307 (Several Ricoh printers have multiple buffer overflows parsing
HTTP par ...)
- TODO: check
+ NOT-FOR-US: Ricoh
CVE-2019-14306
RESERVED
CVE-2019-14305 (Several Ricoh printers have multiple buffer overflows parsing
HTTP par ...)
@@ -29905,7 +29907,7 @@ CVE-2019-5592 (Multiple padding oracle vulnerabilities
(Zombie POODLE, GOLDENDOO
CVE-2019-5591
RESERVED
CVE-2019-5590 (The URL part of the report message is not encoded in Fortinet
FortiWeb ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2019-5589 (An Unsafe Search Path vulnerability in FortiClient Online
Installer (W ...)
NOT-FOR-US: FortiGuard
CVE-2019-5588 (A reflected Cross-Site-Scripting (XSS) vulnerability in
Fortinet Forti ...)
@@ -30025,7 +30027,7 @@ CVE-2019-5532
CVE-2019-5531
RESERVED
CVE-2019-5530 (Windows binaries generated with InstallBuilder versions earlier
than 1 ...)
- TODO: check
+ NOT-FOR-US: InstallBuilder
CVE-2019-5529
RESERVED
CVE-2019-5528 (VMware ESXi 6.5 suffers from partial denial of service
vulnerability i ...)
@@ -30140,9 +30142,9 @@ CVE-2019-5477 (A command injection vulnerability in
Nokogiri v1.10.3 and earlier
NOTE:
https://github.com/tenderlove/rexical/commit/a652474dbc66be350055db3e8f9b3a7b3fd75926
NOTE: Change in rexical is covered by the scope of this CVE.
CVE-2019-5476 (An SQL Injection in the Nextcloud Lookup-Server < v0.3.0
(running o ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Lookup-Server
CVE-2019-5475 (The Nexus Yum Repository Plugin in v2 is vulnerable to Remote
Code Exe ...)
- TODO: check
+ NOT-FOR-US: Nexus Yum Repository Plugin
CVE-2019-5474 [Override Merge Request Approval Rules]
RESERVED
- gitlab <not-affected> (Only affects Gitlab EE 11.8 and later)
@@ -31030,7 +31032,7 @@ CVE-2019-5071
CVE-2019-5070 (An exploitable SQL injection vulnerability exists in the
unauthenticat ...)
TODO: check
CVE-2019-5069 (A code execution vulnerability exists in Epignosis eFront LMS
v5.2.12. ...)
- TODO: check
+ NOT-FOR-US: Epignosis eFront LMS
CVE-2019-5068
RESERVED
CVE-2019-5067
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d658bdbe958d00217868e5d8ed33e76f5cb7d64
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d658bdbe958d00217868e5d8ed33e76f5cb7d64
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
