Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ff3a87d8 by Moritz Muehlenhoff at 2019-12-17T13:45:10Z
new excon issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14762,9 +14762,11 @@ CVE-2019-16781
CVE-2019-16780
RESERVED
CVE-2019-16779 (In RubyGem excon before 0.71.0, there was a race condition
around pers ...)
- TODO: check
+ - ruby-excon <unfixed>
+ NOTE:
https://github.com/excon/excon/security/advisories/GHSA-q58g-455p-8vw9
+ NOTE:
https://github.com/excon/excon/commit/ccb57d7a422f020dc74f1de4e8fb505ab46d8a29
CVE-2019-16778 (In TensorFlow before 1.15, a heap buffer overflow in
UnsortedSegmentSu ...)
- TODO: check
+ - tensorflow <itp> (bug #804612)
CVE-2019-16777 (Versions of the npm CLI prior to 6.13.4 are vulnerable to an
Arbitrary ...)
- npm <unfixed>
NOTE: https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr
@@ -19979,7 +19981,7 @@ CVE-2019-15013
CVE-2019-15012
RESERVED
CVE-2019-15011 (The ListEntityLinksServlet resource in Application Links
before versio ...)
- TODO: check
+ NOT-FOR-US: Application Links
CVE-2019-15010
RESERVED
CVE-2019-15009 (The /json/profile/removeStarAjax.do resource in Atlassian
Fisheye and ...)
@@ -21270,26 +21272,26 @@ CVE-2019-14614
CVE-2019-14613
RESERVED
CVE-2019-14612 (Out of bounds write in firmware for Intel(R) NUC(R) may allow
a privil ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14611 (Integer overflow in firmware for Intel(R) NUC(R) may allow a
privilege ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14610 (Improper access control in firmware for Intel(R) NUC(R) may
allow an a ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14609 (Improper input validation in firmware for Intel(R) NUC(R) may
allow a ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14608 (Improper buffer restrictions in firmware for Intel(R) NUC(R)
may allow ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14607 (Improper conditions check in multiple Intel® Processors
may allow ...)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html
TODO: check, this is likely the issue addressed with
intel-microcode/3.20191115
CVE-2019-14606
RESERVED
CVE-2019-14605 (Improper permissions in the installer for the Intel(R) SCS
Platform Di ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14604 (Null pointer dereference in the FPGA kernel driver for
Intel(R) Quartu ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14603 (Improper permissions in the installer for the License Server
software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14602 (Improper permissions in the installer for the Nuvoton* CIR
Driver vers ...)
NOT-FOR-US: Nuvoton* CIR Driver
CVE-2019-14601
@@ -25652,7 +25654,7 @@ CVE-2019-13535 (In Medtronic Valleylab FT10 Energy
Platform (VLFT10GEN) version
CVE-2019-13534 (Philips IntelliVue WLAN, portable patient monitors, WLAN
Version A, Fi ...)
NOT-FOR-US: Philips
CVE-2019-13533 (In Omron PLC CJ series, all versions, and Omron PLC CS series,
all ver ...)
- TODO: check
+ NOT-FOR-US: Omron
CVE-2019-13532 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows
an atta ...)
NOT-FOR-US: CODESYS
CVE-2019-13531 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN)
version 2.1.0 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff3a87d84d33d108251a1091b7a508f236aabf32
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff3a87d84d33d108251a1091b7a508f236aabf32
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
