Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3819aa86 by Moritz Muehlenhoff at 2019-09-09T16:15:05Z
buster/stretch triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -112,6 +112,8 @@ CVE-2019-16097 (core/api/user.go in Harbor 1.7.0 through
1.8.2 allows non-admin
TODO: check
CVE-2016-10937 (IMAPFilter through 2.6.12 does not validate the hostname in an
SSL cer ...)
- imapfilter <unfixed> (bug #939702)
+ [buster] - imapfilter <no-dsa> (Minor issue)
+ [stretch] - imapfilter <no-dsa> (Minor issue)
NOTE: https://github.com/lefcha/imapfilter/issues/142
CVE-2019-16096 (Kilo 0.0.1 has a heap-based buffer overflow because there is
an intege ...)
NOT-FOR-US: Kilo
@@ -429,9 +431,13 @@ CVE-2019-15947 (In Bitcoin Core 0.18.0, bitcoin-qt stores
wallet.dat data unencr
- bitcoin <unfixed> (bug #939608)
CVE-2019-15946 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an
ASN.1 Octet ...)
- opensc <unfixed> (bug #939669)
+ [buster] - opensc <no-dsa> (Minor issue)
+ [stretch] - opensc <no-dsa> (Minor issue)
NOTE:
https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740
CVE-2019-15945 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an
ASN.1 Bitst ...)
- opensc <unfixed> (bug #939668)
+ [buster] - opensc <no-dsa> (Minor issue)
+ [stretch] - opensc <no-dsa> (Minor issue)
NOTE:
https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68
CVE-2019-15944 (In Counter-Strike: Global Offensive before 8/29/2019,
community game s ...)
NOT-FOR-US: Counter-Strike: Global Offensive
@@ -3307,7 +3313,9 @@ CVE-2019-14974 (SugarCRM Enterprise 9.0.0 allows
mobile/error-not-supported-plat
NOT-FOR-US: SugarCRM
CVE-2019-14973 (_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF
through ...)
{DLA-1897-1}
- - tiff 4.0.10+git190814-1 (bug #934780)
+ - tiff 4.0.10+git190814-1 (low; bug #934780)
+ [buster] - tiff <no-dsa> (Minor issue)
+ [stretch] - tiff <no-dsa> (Minor issue)
- tiff3 <removed>
NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/90
NOTE:
https://gitlab.com/libtiff/libtiff/commit/1b5e3b6a23827c33acf19ad50ce5ce78f12b3773
@@ -3977,6 +3985,8 @@ CVE-2019-14746 (A issue was discovered in KuaiFanCMS 5.0.
It allows eval injecti
NOT-FOR-US: KuaiFanCMS
CVE-2019-14745 (In radare2 before 3.7.0, a command injection vulnerability
exists in b ...)
- radare2 <unfixed> (bug #934204)
+ [buster] - radare2 <no-dsa> (Minor issue)
+ [stretch] - radare2 <no-dsa> (Minor issue)
NOTE: https://github.com/radare/radare2/pull/14690
CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop
files and c ...)
{DSA-4494-1 DLA-1890-1}
@@ -8596,7 +8606,6 @@ CVE-2019-13510 (Rockwell Automation Arena Simulation
Software versions 16.00.00
NOT-FOR-US: Rockwell Automation Arena Simulation Software
CVE-2019-13509 (In Docker CE and EE before 18.09.8 (as well as Docker EE
before 17.06. ...)
- docker.io 18.09.1+dfsg1-8 (bug #932673)
- [buster] - docker.io <no-dsa> (Minor issue)
CVE-2019-13508
RESERVED
CVE-2019-13507 (hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection.
...)
@@ -9577,7 +9586,6 @@ CVE-2019-13140
CVE-2019-13139 (In Docker before 18.09.4, an attacker who is capable of
supplying or m ...)
[experimental] - docker.io 18.09.5+dfsg1-1
- docker.io 18.09.1+dfsg1-8 (bug #933002)
- [buster] - docker.io <no-dsa> (Minor issue)
NOTE: https://github.com/moby/moby/pull/38944
NOTE:
https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/
CVE-2019-13138
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3819aa863451de0087dcdf49684b64fa747ed91c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3819aa863451de0087dcdf49684b64fa747ed91c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
