Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f87193fe by Salvatore Bonaccorso at 2020-02-27T23:06:05+01:00
Remove doubled note
- - - - -
7b9943e8 by Salvatore Bonaccorso at 2020-02-27T23:06:53+01:00
Remove no-dsa tagged entry which got an update
- - - - -
d911927a by Salvatore Bonaccorso at 2020-02-27T23:12:06+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -217,8 +217,7 @@ CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the
Admin Dashboard -> Set
CVE-2020-6802 [mutation XSS vulnerability]
RESERVED
- python-bleach 3.1.1-1 (bug #951907)
- [jessie] - python-bleach <ignored> (Fix too invasive in jessie)
- NOTE: Jessie version uses an external html5 parser making a fix
invasive.
+ [jessie] - python-bleach <ignored> (Fix too invasive in jessie; uses
external html5 parser)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 (not public)
NOTE:
https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r
NOTE:
https://github.com/mozilla/bleach/commit/f77e0f6392177a06e46a49abd61a4d9f035e57fd
@@ -63919,13 +63918,13 @@ CVE-2019-5328
CVE-2019-5327
RESERVED
CVE-2019-5326 (An administrative application user of or application user with
write a ...)
- TODO: check
+ NOT-FOR-US: Aruba Airwave VisualRF
CVE-2019-5325
RESERVED
CVE-2019-5324
RESERVED
CVE-2019-5323 (There are command injection vulnerabilities present in the
AirWave app ...)
- TODO: check
+ NOT-FOR-US: Aruba Airwave
CVE-2019-5322 (A remotely exploitable information disclosure vulnerability is
present ...)
NOT-FOR-US: Edge Switch models
CVE-2019-5321
@@ -133871,7 +133870,7 @@ CVE-2017-16902 (On the Vonage VDV-23 115
3.2.11-0.9.40 home router, sending a lo
CVE-2017-16901
RESERVED
CVE-2017-16900 (Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200
allows the ...)
- TODO: check
+ NOT-FOR-US: Hunesion i-oneNet
CVE-2017-16899 (An array index error in the fig2dev program in Xfig 3.2.6a
allows remo ...)
- fig2dev 1:3.2.6a-5 (bug #881143)
[stretch] - fig2dev 1:3.2.6a-2+deb9u1
@@ -199601,7 +199600,6 @@ CVE-2016-5104 (The socket_create function in
common/socket.c in libimobiledevice
[wheezy] - libimobiledevice <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e
- libusbmuxd 1.0.10-3 (bug #825554)
- [jessie] - libusbmuxd <no-dsa> (Minor issue)
NOTE:
https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196
CVE-2016-4552 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail
before 1 ...)
- roundcube 1.2.0+dfsg.1-1
@@ -258440,7 +258438,7 @@ CVE-2014-2729 (Cross-site scripting (XSS)
vulnerability in content.aspx in Ektro
CVE-2014-2728
RESERVED
CVE-2014-2727 (The STARTTLS implementation in MailMarshal before 7.2 allows
plaintext ...)
- TODO: check
+ NOT-FOR-US: MailMarshal
CVE-2012-6641 (Cross-site scripting (XSS) vulnerability in redirect.php in the
Socoli ...)
NOT-FOR-US: PrestaShop
CVE-2012-6640 (Cross-site scripting (XSS) vulnerability in Horde Internet Mail
Progra ...)
@@ -259803,7 +259801,7 @@ CVE-2014-2230 (Open redirect vulnerability in the
header function in adclick.php
CVE-2014-2229
RESERVED
CVE-2014-2228 (The XStream extension in HP Fortify SCA before 2.2 RC3 allows
remote a ...)
- TODO: check
+ NOT-FOR-US: HP Fortify SCA
CVE-2014-2227 (The default Flash cross-domain policy (crossdomain.xml) in
Ubiquiti Ne ...)
NOT-FOR-US: Ubiquiti Networks
CVE-2014-2226 (Ubiquiti UniFi Controller before 3.2.1 logs the administrative
passwor ...)
@@ -275594,7 +275592,7 @@ CVE-2013-3495 (The Intel VT-d Interrupt Remapping
engine in Xen 3.3.x through 4.
- xen 4.4.1-3 (unimportant)
NOTE: Hardware design flaw, no software solution
CVE-2013-3494 (A Code Execution Vulnerability exists in UMPlayer 0.98 in
wintab32.dll ...)
- TODO: check
+ NOT-FOR-US: UMPlayer
CVE-2013-3493 (XnView 2.03 has an integer overflow vulnerability ...)
NOT-FOR-US: XnView
CVE-2013-3492 (XnView 2.03 has a stack-based buffer overflow vulnerability ...)
@@ -293809,7 +293807,7 @@ CVE-2012-3553 (chan_skinny.c in the Skinny (aka SCCP)
channel driver in Asterisk
CVE-2012-3352
RESERVED
CVE-2012-3351 (Multiple cross-site scripting (XSS) vulnerabilities in LongTail
Video ...)
- TODO: check
+ NOT-FOR-US: LongTail Video JW Player
CVE-2012-3350 (SQL injection vulnerability in index.php in Webmatic 3.1.1
allows remo ...)
NOT-FOR-US: WebMatic
NOTE: http://seclists.org/bugtraq/2012/Jul/25
@@ -295557,7 +295555,7 @@ CVE-2012-2631 (Cross-site scripting (XSS)
vulnerability in WEBLOGIC @WEB Shoppin
CVE-2012-2630 (The Puella Magi Madoka Magica iP application 1.05 and earlier
for Andr ...)
NOT-FOR-US: Puella Magi Madoka Magica iP (Android application)
CVE-2012-2629 (Multiple cross-site request forgery (CSRF) and cross-site
scripting (X ...)
- TODO: check
+ NOT-FOR-US: Axous
CVE-2012-2628
RESERVED
CVE-2012-2627 (d4d/uploader.php in the web console in Plixer Scrutinizer (aka
Dell So ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ffd4520e4a576c03cd7636846aba4f64aa3a1829...d911927a7f57a8a7d3157c9655319a6ed5b204bf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ffd4520e4a576c03cd7636846aba4f64aa3a1829...d911927a7f57a8a7d3157c9655319a6ed5b204bf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
