[Git][security-tracker-team/security-tracker][master] new radare issue

Moritz Muehlenhoff Fri, 13 Dec 2019 03:01:49 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3a49c93b by Moritz Muehlenhoff at 2019-12-13T11:01:04Z
new radare issue
new potential kopano/cups issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2547,7 +2547,8 @@ CVE-2019-19648 (In the macho_parse_file functionality in 
macho/macho.c of YARA 3
        - yara <unfixed>
        NOTE: https://github.com/VirusTotal/yara/issues/1178
 CVE-2019-19647 (radare2 through 4.0.0 lacks validation of the content variable 
in the  ...)
-       TODO: check
+       - radare2 <unfixed>
+       NOTE: https://github.com/radareorg/radare2/issues/15545
 CVE-2019-19646 (pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an 
integrity_ ...)
        - sqlite3 <not-affected> (Generated column support added later)
        NOTE: 
https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3
@@ -14642,11 +14643,13 @@ CVE-2019-16775 (Versions of the npm CLI prior to 
6.13.3 are vulnerable to an Arb
        NOTE: https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx
        NOTE: 
https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
 CVE-2019-16774 (In phpfastcache before 5.1.3, there is a possible object 
injection vul ...)
-       TODO: check
+       - kopano-webapp-plugin-files <undetermined>
+       TODO: kopano-webapp-plugin-files embeds phpfastcache, needs 
verification whether
+       TODO: actually vulnerable
 CVE-2019-16773
        RESERVED
 CVE-2019-16772 (The serialize-to-js NPM package before version 3.0.1 is 
vulnerable to  ...)
-       TODO: check
+       NOT-FOR-US: serialize-to-js Node package
 CVE-2019-16771 (Versions of Armeria 0.85.0 through and including 0.96.0 are 
vulnerable ...)
        NOT-FOR-US: Armeria
 CVE-2019-16770 (In Puma before version 4.3.2, a poorly-behaved client could 
use keepal ...)
@@ -14656,7 +14659,7 @@ CVE-2019-16770 (In Puma before version 4.3.2, a 
poorly-behaved client could use
        NOTE: 
https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994
        NOTE: 
https://github.com/puma/puma/commit/06053e60908074bb38293d4449ea261cb009b53e
 CVE-2019-16769 (The serialize-javascript npm package before version 2.1.1 is 
vulnerabl ...)
-       TODO: check
+       NOT-FOR-US: serialize-javascript Node package
 CVE-2019-16768 (In affected versions of Sylius, exception messages from 
internal excep ...)
        NOT-FOR-US: Sylius
 CVE-2019-16767 (The admin sys mode is now conditional and dedicated for the 
special ca ...)
@@ -51530,7 +51533,7 @@ CVE-2019-3953 (Stack-based buffer overflow in Advantech 
WebAccess/SCADA 8.4.0 al
 CVE-2019-3952
        RESERVED
 CVE-2019-3951 (Advantech WebAccess before 8.4.3 allows unauthenticated remote 
attacke ...)
-       TODO: check
+       NOT-FOR-US: Advantech WebAccess
 CVE-2019-3950 (Arlo Basestation firmware 1.12.0.1_27940 and prior contain a 
hardcoded ...)
        NOT-FOR-US: Arlo Basestation firmware
 CVE-2019-3949 (Arlo Basestation firmware 1.12.0.1_27940 and prior firmware 
contain a  ...)
@@ -57612,17 +57615,18 @@ CVE-2019-2234
 CVE-2019-2233 (In getUserCount and getCount of UserSwitcherController.java, 
there is  ...)
        NOT-FOR-US: Android
 CVE-2019-2232 (In handleRun of TextLine.java, there is a possible application 
crash d ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2019-2231 (In Blob::Blob of blob.cpp, there is a possible unencrypted 
master key  ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2019-2230 (In nfcManager_routeAid and nfcManager_unrouteAid of 
NativeNfcManager.c ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2019-2229 (In updateWidget of BaseWidgetProvider.java, there is a possible 
leak o ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2019-2228 (In array_find of array.c, there is a possible out-of-bounds 
read due t ...)
-       TODO: check
+       - cups <unfixed>
+       TODO: Might affect cups, needs clarification
 CVE-2019-2227 (In DeepCopy of btif_av.cc, there is a possible out of bounds 
read due  ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2019-2226 (In device_class_to_int of device_class.cc, there is a possible 
out of  ...)
        TODO: check
 CVE-2019-2225 (When pairing with a Bluetooth device, it may be possible to 
pair a mal ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a49c93b5d32b4fc01778b8765613f7f48284fc6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a49c93b5d32b4fc01778b8765613f7f48284fc6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new radare issue

Reply via email to