Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: b1be5fdf by Moritz Muehlenhoff at 2019-10-29T07:47:28Z new cpio issue ansible fixed add additional references for PHP FPM issue - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -10958,11 +10958,13 @@ CVE-2019-14867 RESERVED CVE-2019-14866 RESERVED + - cpio <unfixed> + NOTE: https://lists.gnu.org/archive/html/bug-cpio/2019-08/msg00003.html CVE-2019-14865 RESERVED CVE-2019-14864 RESERVED - - ansible <unfixed> (low) + - ansible 2.8.6+dfsg-1 (low) NOTE: https://github.com/ansible/ansible/issues/63522 NOTE: https://github.com/ansible/ansible/pull/63527 CVE-2019-14863 @@ -10991,7 +10993,7 @@ CVE-2019-14859 [DER encoding is not being verified in signatures] NOTE: https://github.com/warner/python-ecdsa/pull/124 NOTE: Fix for CVE-2019-14853 fixes as well CVE-2019-14859. CVE-2019-14858 (A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible ...) - - ansible <unfixed> (bug #942332) + - ansible 2.8.6+dfsg-1 (bug #942332) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760593 NOTE: https://github.com/ansible/ansible/pull/63405 CVE-2019-14857 @@ -11050,7 +11052,7 @@ CVE-2019-14848 CVE-2019-14847 RESERVED CVE-2019-14846 (Ansible, all ansible_engine-2.x versions and ansible_engine-3.x up to ...) - - ansible <unfixed> (low; bug #942188) + - ansible 2.8.6+dfsg-1 (low; bug #942188) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1755373 NOTE: https://github.com/ansible/ansible/pull/63366 CVE-2019-14845 (A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. ...) @@ -22893,6 +22895,8 @@ CVE-2019-11043 (In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x - php5 <removed> NOTE: Fixed in PHP 7.3.11, 7.2.24 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78599 + NOTE: https://www.tenable.com/blog/cve-2019-11043-vulnerability-in-php-fpm-could-lead-to-remote-code-execution-on-nginx + NOTE: http://git.php.net/?p=php-src.git;a=commit;h=ab061f95ca966731b1c84cf5b7b20155c0a1c06a CVE-2019-11042 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...) {DSA-4529-1 DSA-4527-1 DLA-1878-1} - php7.3 7.3.8-1 @@ -25010,7 +25014,7 @@ CVE-2019-10218 RESERVED CVE-2019-10217 RESERVED - - ansible <unfixed> (bug #934128) + - ansible 2.8.6+dfsg-1 (bug #934128) [buster] - ansible <not-affected> (Vulnerable code introduced later) [stretch] - ansible <not-affected> (Vulnerable code introduced later) [jessie] - ansible <not-affected> (vulnerable code introduced later) @@ -25074,7 +25078,7 @@ CVE-2019-14856 [Incomplete fix for CVE-2019-10206] NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760829 CVE-2019-10206 [disclosure data when prompted for password and template characters are passed] RESERVED - - ansible <unfixed> (bug #933005) + - ansible 2.8.6+dfsg-1 (bug #933005) [buster] - ansible <no-dsa> (Minor issue) [stretch] - ansible <no-dsa> (Minor issue) [jessie] - ansible <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1be5fdf265ddd61d147d1c649338a84c2ca5b74 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1be5fdf265ddd61d147d1c649338a84c2ca5b74 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits