Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9b94fda7 by Moritz Muehlenhoff at 2019-12-06T16:12:38Z
tnef fixed
libonig no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2523,7 +2523,9 @@ CVE-2019-19247
RESERVED
CVE-2019-19246 (Oniguruma through 6.9.3, as used in PHP 7.3.x and other
products, has ...)
{DLA-2020-1}
- - libonig <unfixed>
+ - libonig <unfixed> (low)
+ [buster] - libonig <no-dsa> (Minor issue)
+ [stretch] - libonig <no-dsa> (Minor issue)
NOTE: https://bugs.php.net/bug.php?id=78559
NOTE:
https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b
CVE-2019-19245 (NAPC Xinet Elegant 6 Asset Library 6.1.655 allows
Pre-Authentication S ...)
@@ -3133,8 +3135,15 @@ CVE-2019-19013 (A CSRF vulnerability in Pagekit 1.0.17
allows an attacker to upl
NOT-FOR-US: Pagekit CMS
CVE-2019-19012 (An integer overflow in the search_in_range function in
regexec.c in On ...)
{DLA-2020-1}
- - libonig <unfixed> (bug #944959)
+ - libonig <unfixed> (low; bug #944959)
+ [buster] - libonig <no-dsa> (Minor issue)
+ [stretch] - libonig <no-dsa> (Minor issue)
NOTE: https://github.com/kkos/oniguruma/issues/164
+ NOTE:
https://github.com/kkos/oniguruma/commit/0463e21432515631a9bc925ce5eb95b097c73719
+ NOTE:
https://github.com/kkos/oniguruma/commit/778a43dd56925ed58bbe26e3a7bb8202d72c3f3f
+ NOTE:
https://github.com/kkos/oniguruma/commit/b6cb7580a7e0c56fc325fe9370b9d34044910aed
+ NOTE:
https://github.com/kkos/oniguruma/commit/bfc36d3d8139b8be4d3df630d625c58687b0c7d4
+ NOTE:
https://github.com/kkos/oniguruma/commit/db64ef3189f54917a5008a02bdb000adc514a90a
CVE-2019-19011 (MiniUPnP ngiflib 0.4 has a NULL pointer dereference in
GifIndexToTrueC ...)
NOT-FOR-US: ngiflib
CVE-2019-19010 (Eval injection in the Math plugin of Limnoria (before
2019.11.09) and ...)
@@ -3513,7 +3522,7 @@ CVE-2019-18850 (TrevorC2 v1.1/v1.2 fails to prevent
fingerprinting primarily via
TODO: check
CVE-2019-18849 (In tnef before 1.4.18, an attacker may be able to write to the
victim' ...)
{DLA-2005-1}
- - tnef <unfixed> (bug #944851)
+ - tnef 1.4.18-1 (bug #944851)
[buster] - tnef <no-dsa> (Minor issue; can be fixed via point release)
[stretch] - tnef <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://github.com/verdammelt/tnef/pull/40
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b94fda78cc68f38c42ad862971433c41f1b7f46
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b94fda78cc68f38c42ad862971433c41f1b7f46
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
