[Git][security-tracker-team/security-tracker][master] new librabbitmq issue

Moritz Muehlenhoff Mon, 02 Dec 2019 02:07:09 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
17c21eb7 by Moritz Muehlenhoff at 2019-12-02T10:05:39Z
new librabbitmq issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,19 +3,19 @@ CVE-2019-19498
 CVE-2019-19497
        RESERVED
 CVE-2019-19496 (Alfresco Enterprise 5.2.4 allows stored XSS via an uploaded 
HTML docum ...)
-       TODO: check
+       NOT-FOR-US: Alfresco
 CVE-2019-19495
        RESERVED
 CVE-2019-19494
        RESERVED
 CVE-2019-19493 (Kentico before 12.0.50 allows file uploads in which the 
Content-Type h ...)
-       TODO: check
+       NOT-FOR-US: Kentico
 CVE-2019-19492 (FreeSWITCH 1.6.10 through 1.10.1 has a default password in 
event_socke ...)
        - freeswitch <itp> (bug #389591)
 CVE-2019-19491 (TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php 
edit par ...)
-       TODO: check
+       NOT-FOR-US: TestLink
 CVE-2019-19490 (LiteManager 4.5.0 has weak permissions (Everyone: Full 
Control) in the ...)
-       TODO: check
+       NOT-FOR-US: LiteManager
 CVE-2019-19489 (SMPlayer 19.5.0 has a buffer overflow via a long .m3u file. 
...)
        TODO: check
 CVE-2019-19488
@@ -63,9 +63,9 @@ CVE-2019-19471
 CVE-2019-19470
        RESERVED
 CVE-2019-19469 (In Zmanda Management Console 3.3.9, 
ZMC_Admin_Advanced?form=adminTasks ...)
-       TODO: check
+       NOT-FOR-US: Zmanda Management Console
 CVE-2019-19468 (Free Photo Viewer 1.3 allows remote attackers to execute 
arbitrary cod ...)
-       TODO: check
+       NOT-FOR-US: Free Photo Viewer
 CVE-2019-19467
        RESERVED
 CVE-2020-1884
@@ -414,7 +414,7 @@ CVE-2019-19398
 CVE-2019-19397
        RESERVED
 CVE-2019-19396 (illumos, as used in OmniOS Community Edition before r151030y, 
allows a ...)
-       TODO: check
+       NOT-FOR-US: illumos
 CVE-2019-19395
        RESERVED
 CVE-2013-7484 (Zabbix before 5.0 represents passwords in the users table with 
unsalte ...)
@@ -674,7 +674,7 @@ CVE-2019-19364
 CVE-2019-19363
        RESERVED
 CVE-2019-19362 (An issue was discovered in the Chat functionality of the 
TeamViewer de ...)
-       TODO: check
+       NOT-FOR-US: TeamViewer
 CVE-2019-19361
        RESERVED
 CVE-2019-19360
@@ -1786,7 +1786,7 @@ CVE-2019-18924 (Systematic IRIS WebForms 5.4 is 
vulnerable to directory traversa
 CVE-2019-18923 (Insufficient content type validation of proxied resources in 
go-camo b ...)
        NOT-FOR-US: go-camo
 CVE-2019-18922 (A Directory Traversal in the Web interface of the Allied 
Telesis AT-GS ...)
-       TODO: check
+       NOT-FOR-US: Allied Telesis
 CVE-2019-18921
        RESERVED
 CVE-2019-18920
@@ -4717,7 +4717,9 @@ CVE-2019-18610 (An issue was discovered in manager.c in 
Sangoma Asterisk through
        NOTE: https://downloads.asterisk.org/pub/security/AST-2019-007.html
        NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28580
 CVE-2019-18609 (An issue was discovered in amqp_handle_input in 
amqp_connection.c in r ...)
-       TODO: check
+       - librabbitmq <unfixed>
+       NOTE: 
https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a
+       NOTE: https://github.com/alanxz/rabbitmq-c/blob/master/ChangeLog.md
 CVE-2019-18608 (Cezerin v0.33.0 allows unauthorized order-information 
modification bec ...)
        NOT-FOR-US: Cezerin
 CVE-2019-18607
@@ -10325,9 +10327,9 @@ CVE-2019-16769
 CVE-2019-16768
        RESERVED
 CVE-2019-16767 (The admin sys mode is now conditional and dedicated for the 
special ca ...)
-       TODO: check
+       NOT-FOR-US: ezmaster
 CVE-2019-16766 (When using wagtail-2fa before 1.3.0, if someone gains access 
to someon ...)
-       TODO: check
+       NOT-FOR-US: wagtail-2fa
 CVE-2019-16765 (If an attacker can get a user to open a specially prepared 
directory t ...)
        NOT-FOR-US: Vscode
 CVE-2019-16764 (The use of `String.to_atom/1` in PowAssent is susceptible to 
denial of ...)
@@ -13546,9 +13548,9 @@ CVE-2019-15633
 CVE-2019-15632
        RESERVED
 CVE-2019-15631 (Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x 
and API ...)
-       TODO: check
+       NOT-FOR-US: MuleSoft
 CVE-2019-15630 (Directory Traversal in APIkit, HTTP connector, and OAuth2 
Provider com ...)
-       NOT-FOR-US: Mulesoft
+       NOT-FOR-US: MuleSoft
 CVE-2019-15629 (Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for 
Android is ...)
        NOT-FOR-US: Trend Micro
 CVE-2019-15628
@@ -44413,7 +44415,7 @@ CVE-2019-5265
 CVE-2019-5264
        RESERVED
 CVE-2019-5263 (HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) 
and ear ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2019-5262
        RESERVED
 CVE-2019-5261



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/17c21eb7c02d8db89e910f89fd4a29f90e3b8879

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/17c21eb7c02d8db89e910f89fd4a29f90e3b8879
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new librabbitmq issue

Reply via email to