Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f762fa4a by Moritz Muehlenhoff at 2020-04-02T19:33:16+02:00
new gpac issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1267,15 +1267,36 @@ CVE-2020-10882 (This vulnerability allows
network-adjacent attackers to execute
CVE-2020-10881 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: TP-Link
CVE-2019-20632 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as
demonstr ...)
- TODO: check
+ - gpac <unfixed>
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ NOTE:
https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
+ NOTE: https://github.com/gpac/gpac/issues/1271
CVE-2019-20631 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as
demonstr ...)
- TODO: check
+ - gpac <unfixed>
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ NOTE:
https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
+ NOTE: https://github.com/gpac/gpac/issues/1270
CVE-2019-20630 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as
demonstr ...)
- TODO: check
+ - gpac <unfixed>
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ NOTE:
https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
+ NOTE: https://github.com/gpac/gpac/issues/1268
CVE-2019-20629 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as
demonstr ...)
- TODO: check
+ - gpac <unfixed>
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ NOTE:
https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7
+ NOTE: https://github.com/gpac/gpac/issues/1264
CVE-2019-20628 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as
demonstr ...)
- TODO: check
+ - gpac <unfixed>
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ NOTE:
https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
+ NOTE:
https://github.com/gpac/gpac/commit/98b727637e32d1d4824101d8947e2dbd573d4fc8
+ NOTE: https://github.com/gpac/gpac/issues/1269
CVE-2020-10880
RESERVED
CVE-2020-10879 (rConfig before 3.9.5 allows command injection by sending a
crafted GET ...)
@@ -53572,9 +53593,9 @@ CVE-2019-10809
CVE-2019-10808 (utilitify prior to 1.0.3 allows modification of object
properties. The ...)
NOT-FOR-US: utilitify
CVE-2019-10807 (Blamer versions prior to 1.0.1 allows execution of arbitrary
commands. ...)
- TODO: check
+ NOT-FOR-US: Node blamer
CVE-2019-10806 (vega-util prior to 1.13.1 allows manipulation of object
prototype. The ...)
- TODO: check
+ NOT-FOR-US: Node vega-util
CVE-2019-10805 (valib through 2.0.0 allows Internal Property Tampering. A
maliciously ...)
NOT-FOR-US: Node valib
CVE-2019-10804 (serial-number through 1.3.0 allows execution of arbritary
commands. Th ...)
@@ -58317,9 +58338,9 @@ CVE-2019-9503 (The Broadcom brcmfmac WiFi driver prior
to commit a4176ec356c73a4
- linux 4.19.37-4
NOTE:
https://git.kernel.org/linus/a4176ec356c73a46c07c181c6d04039fafa34a9f (5.1-rc1)
CVE-2019-9502 (The Broadcom wl WiFi driver is vulnerable to a heap buffer
overflow. I ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2019-9501 (The Broadcom wl WiFi driver is vulnerable to a heap buffer
overflow. B ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2019-9500 (The Broadcom brcmfmac WiFi driver prior to commit
1b5e2423164b3670e8bc ...)
{DSA-4465-1 DLA-1824-1}
- linux 4.19.37-4
@@ -58404,9 +58425,9 @@ CVE-2019-9476
CVE-2019-9475
RESERVED
CVE-2019-9474 (In Bluetooth, there is a possible out of bounds read due to a
missing ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-9473 (In Bluetooth, there is a possible out of bounds read due to a
missing ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-9472 (In DCRYPTO_equals of compare.c, there is a possible timing
attack due ...)
NOT-FOR-US: Android
CVE-2019-9471 (In set_outbound_iatu of abc-pcie.c, there is a possible out of
bounds ...)
@@ -59160,7 +59181,7 @@ CVE-2019-9165 (SQL injection vulnerability in Nagios XI
before 5.5.11 allows att
CVE-2019-9164 (Command injection in Nagios XI before 5.5.11 allows an
authenticated u ...)
NOT-FOR-US: Nagios XI
CVE-2019-9163 (The connection initiation process in March Networks Command
Client bef ...)
- TODO: check
+ NOT-FOR-US: March Networks
CVE-2019-9161 (WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and
earlier ...)
NOT-FOR-US: Sangfor Sundray WLAN Controller
CVE-2019-9160 (WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and
earlier ...)
@@ -72856,7 +72877,7 @@ CVE-2019-3696 (A Improper Limitation of a Pathname to a
Restricted Directory vul
CVE-2019-3695 (A Improper Control of Generation of Code vulnerability in the
packagin ...)
NOT-FOR-US: SAP
CVE-2019-3694 (A Symbolic Link (Symlink) Following vulnerability in the
packaging of ...)
- TODO: check
+ NOT-FOR-US: SuSE packaging of munin
CVE-2019-3693 (A symlink following vulnerability in the packaging of mailman
in SUSE ...)
TODO: check
CVE-2019-3692 (The packaging of inn on SUSE Linux Enterprise Server 11;
openSUSE Fact ...)
@@ -72875,7 +72896,7 @@ CVE-2019-3688 (The /usr/sbin/pinger binary packaged
with squid in SUSE Linux Ent
- squid <not-affected> (/usr/lib/squid/pinger permissions are root:root)
- squid3 <not-affected> (/usr/lib/squid/pinger permissions are
root:root)
CVE-2019-3687 (The permission package in SUSE Linux Enterprise Server allowed
all loc ...)
- TODO: check
+ NOT-FOR-US: SuSE
CVE-2019-3686 (openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b
was vuln ...)
- openqa <itp> (bug #840253)
CVE-2019-3685 (Open Build Service before version 0.165.4 diddn't validate TLS
certifi ...)
@@ -78151,7 +78172,7 @@ CVE-2019-2218 (In createSessionInternal of
PackageInstallerService.java, there i
CVE-2019-2217 (In setCpuVulkanInUse of GpuStats.cpp, there is possible memory
corrupt ...)
NOT-FOR-US: Android
CVE-2019-2216 (In overlay notifications, there is a possible hidden
notification due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-2215 (A use-after-free in binder.c allows an elevation of privilege
from an ...)
{DLA-2114-1 DLA-2068-1}
- linux 4.15.4-1
@@ -78449,9 +78470,9 @@ CVE-2019-2091 (In
GetPermittedAccessibilityServicesForUser of DevicePolicyManage
CVE-2019-2090 (In isPackageDeviceAdminOnAnyUser of PackageManagerService.java,
there ...)
NOT-FOR-US: Android
CVE-2019-2089 (In app uninstallation, there is a possible set of permissions
that may ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-2088 (In StatsService, there is a possible out of bounds read. This
could le ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-2087 (In libxaac, there is a possible out of bounds write due to a
missing b ...)
NOT-FOR-US: Android
CVE-2019-2086 (In libxaac, there is a possible out of bounds write due to a
missing b ...)
@@ -78511,7 +78532,7 @@ CVE-2019-2060 (In libxaac, there is a possible out of
bounds read due to a missi
CVE-2019-2059 (In libxaac, there is a possible out of bounds write due to a
missing b ...)
NOT-FOR-US: Android
CVE-2019-2058 (In libAACdec, there is a possible out of bounds read. This
could lead ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-2057
RESERVED
CVE-2019-2056
@@ -80639,7 +80660,7 @@ CVE-2018-19660 (An exploitable authenticated
command-injection vulnerability exi
CVE-2018-19659 (An exploitable authenticated command-injection vulnerability
exists in ...)
NOT-FOR-US: Moxa
CVE-2018-19658 (The Markdown editor in YXBJ before 8.3.2 on macOS has stored
XSS. This ...)
- TODO: check
+ NOT-FOR-US: YXBJ
CVE-2018-19657
RESERVED
CVE-2018-19656
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f762fa4a8699e21c4f913e3640a551498616f2ea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f762fa4a8699e21c4f913e3640a551498616f2ea
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
