Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b1be5fdf by Moritz Muehlenhoff at 2019-10-29T07:47:28Z
new cpio issue
ansible fixed
add additional references for PHP FPM issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10958,11 +10958,13 @@ CVE-2019-14867
RESERVED
CVE-2019-14866
RESERVED
+ - cpio <unfixed>
+ NOTE: https://lists.gnu.org/archive/html/bug-cpio/2019-08/msg00003.html
CVE-2019-14865
RESERVED
CVE-2019-14864
RESERVED
- - ansible <unfixed> (low)
+ - ansible 2.8.6+dfsg-1 (low)
NOTE: https://github.com/ansible/ansible/issues/63522
NOTE: https://github.com/ansible/ansible/pull/63527
CVE-2019-14863
@@ -10991,7 +10993,7 @@ CVE-2019-14859 [DER encoding is not being verified in
signatures]
NOTE: https://github.com/warner/python-ecdsa/pull/124
NOTE: Fix for CVE-2019-14853 fixes as well CVE-2019-14859.
CVE-2019-14858 (A vulnerability was found in Ansible engine 2.x up to 2.8 and
Ansible ...)
- - ansible <unfixed> (bug #942332)
+ - ansible 2.8.6+dfsg-1 (bug #942332)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760593
NOTE: https://github.com/ansible/ansible/pull/63405
CVE-2019-14857
@@ -11050,7 +11052,7 @@ CVE-2019-14848
CVE-2019-14847
RESERVED
CVE-2019-14846 (Ansible, all ansible_engine-2.x versions and
ansible_engine-3.x up to ...)
- - ansible <unfixed> (low; bug #942188)
+ - ansible 2.8.6+dfsg-1 (low; bug #942188)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1755373
NOTE: https://github.com/ansible/ansible/pull/63366
CVE-2019-14845 (A vulnerability was found in OpenShift builds, versions 4.1 up
to 4.3. ...)
@@ -22893,6 +22895,8 @@ CVE-2019-11043 (In PHP versions 7.1.x below 7.1.33,
7.2.x below 7.2.24 and 7.3.x
- php5 <removed>
NOTE: Fixed in PHP 7.3.11, 7.2.24
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78599
+ NOTE:
https://www.tenable.com/blog/cve-2019-11043-vulnerability-in-php-fpm-could-lead-to-remote-code-execution-on-nginx
+ NOTE:
http://git.php.net/?p=php-src.git;a=commit;h=ab061f95ca966731b1c84cf5b7b20155c0a1c06a
CVE-2019-11042 (When PHP EXIF extension is parsing EXIF information from an
image, e.g ...)
{DSA-4529-1 DSA-4527-1 DLA-1878-1}
- php7.3 7.3.8-1
@@ -25010,7 +25014,7 @@ CVE-2019-10218
RESERVED
CVE-2019-10217
RESERVED
- - ansible <unfixed> (bug #934128)
+ - ansible 2.8.6+dfsg-1 (bug #934128)
[buster] - ansible <not-affected> (Vulnerable code introduced later)
[stretch] - ansible <not-affected> (Vulnerable code introduced later)
[jessie] - ansible <not-affected> (vulnerable code introduced later)
@@ -25074,7 +25078,7 @@ CVE-2019-14856 [Incomplete fix for CVE-2019-10206]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760829
CVE-2019-10206 [disclosure data when prompted for password and template
characters are passed]
RESERVED
- - ansible <unfixed> (bug #933005)
+ - ansible 2.8.6+dfsg-1 (bug #933005)
[buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <no-dsa> (Minor issue)
[jessie] - ansible <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1be5fdf265ddd61d147d1c649338a84c2ca5b74
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1be5fdf265ddd61d147d1c649338a84c2ca5b74
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
