[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff Fri, 26 Feb 2021 13:57:03 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4a54d1ec by Moritz Mühlenhoff at 2021-02-26T22:56:29+01:00
bullseye triage
remove undetermined entries for intellij-community-idea, the issues are for
  the fullblown IDE, which is ITPd, while this just provides some general 
classes

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61328,19 +61328,19 @@ CVE-2020-13580 (An exploitable heap-based buffer 
overflow vulnerability exists i
 CVE-2020-13579 (An exploitable integer overflow vulnerability exists in the 
PlanMaker  ...)
        NOT-FOR-US: SoftMaker
 CVE-2020-13578 (A denial-of-service vulnerability exists in the WS-Security 
plugin fun ...)
-       - gsoap <unfixed>
+       - gsoap <unfixed> (bug #983596)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1189
 CVE-2020-13577 (A denial-of-service vulnerability exists in the WS-Security 
plugin fun ...)
-       - gsoap <unfixed>
+       - gsoap <unfixed> (bug #983596)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1188
 CVE-2020-13576 (A code execution vulnerability exists in the WS-Addressing 
plugin func ...)
-       - gsoap <unfixed>
+       - gsoap <unfixed> (bug #983596)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1187
 CVE-2020-13575 (A denial-of-service vulnerability exists in the WS-Addressing 
plugin f ...)
-       - gsoap <unfixed>
+       - gsoap <unfixed> (bug #983596)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1186
 CVE-2020-13574 (A denial-of-service vulnerability exists in the WS-Security 
plugin fun ...)
-       - gsoap <unfixed>
+       - gsoap <unfixed> (bug #983596)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1185
 CVE-2020-13573 (A denial-of-service vulnerability exists in the Ethernet/IP 
server fun ...)
        NOT-FOR-US: Rockwell Automation RSLinx Classic
@@ -67106,7 +67106,6 @@ CVE-2020-11691 (In JetBrains Hub before 2020.1.12099, 
content spoofing in the Hu
        NOT-FOR-US: JetBrains Hub
 CVE-2020-11690 (In JetBrains IntelliJ IDEA before 2020.1, the license server 
could be  ...)
        - intellij-idea <itp> (bug #747616)
-       - intellij-community-idea <undetermined>
 CVE-2020-11689 (In JetBrains TeamCity before 2019.2.1, a user without 
appropriate perm ...)
        NOT-FOR-US: JetBrains TeamCity
 CVE-2020-11688 (In JetBrains TeamCity before 2019.2.1, the application state 
is kept a ...)
@@ -77344,7 +77343,6 @@ CVE-2020-7915 (An issue was discovered on Eaton 5P 850 
devices. The Ubicacion SA
        NOT-FOR-US: Eaton devices
 CVE-2020-7914 (In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin 
misconfigur ...)
        - intellij-idea <itp> (bug #747616)
-       - intellij-community-idea <undetermined>
 CVE-2020-7913 (JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to 
XSS vi ...)
        NOT-FOR-US: JetBrains
 CVE-2020-7912 (In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings 
could  ...)
@@ -77363,10 +77361,8 @@ CVE-2020-7906 (In JetBrains Rider versions 2019.3 EAP2 
through 2019.3 EAP7, ther
        NOT-FOR-US: JetBrains
 CVE-2020-7905 (Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were 
expose ...)
        - intellij-idea <itp> (bug #747616)
-       - intellij-community-idea <undetermined>
 CVE-2020-7904 (In JetBrains IntelliJ IDEA before 2019.3, some Maven 
repositories were ...)
        - intellij-idea <itp> (bug #747616)
-       - intellij-community-idea <undetermined>
 CVE-2019-20399 (A timing vulnerability in the Scalar::check_overflow function 
in Parit ...)
        NOT-FOR-US: libsecp256k1-rs (Rust Implementation of secp256k1)
 CVE-2019-20398 (A NULL pointer dereference is present in libyang before 
v1.0-r3 in the ...)
@@ -84056,13 +84052,14 @@ CVE-2020-5238 (The table extension in GitHub Flavored 
Markdown before version 0.
        [buster] - python-cmarkgfm <no-dsa> (Minor issue)
        - ruby-commonmarker 0.21.0-1 (bug #965981)
        [buster] - ruby-commonmarker <no-dsa> (Minor issue)
-       - haskell-cmark-gfm <unfixed> (bug #965982)
+       - haskell-cmark-gfm 0.2.1+ds1-1 (bug #965982)
        [buster] - haskell-cmark-gfm <no-dsa> (Minor issue)
        - r-cran-commonmark <unfixed> (bug #965980)
        [buster] - r-cran-commonmark <no-dsa> (Minor issue)
+       [bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
        NOTE: 
https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
        NOTE: 
https://github.com/github/cmark-gfm/commit/85d895289c5ab67f988ca659493a64abb5fec7b4
-       NOTE: haskell-cmark-gfm switched to src:cmark-gfm in 0.2.1+ds1-1
+       NOTE: haskell-cmark-gfm switched to src:cmark-gfm in 0.2.1+ds1-1, 
marking that as fixed (despite cmark-gfm not fixed yet)
 CVE-2020-5237 (Multiple relative path traversal vulnerabilities in the 
oneup/uploader ...)
        NOT-FOR-US: oneup/uploader-bundle
 CVE-2020-5236 (Waitress version 1.4.2 allows a DOS attack When waitress 
receives a he ...)
@@ -99633,7 +99630,6 @@ CVE-2019-18362 (JetBrains MPS before 2019.2.2 exposed 
listening ports to the net
        NOT-FOR-US: JetBrains
 CVE-2019-18361 (JetBrains IntelliJ IDEA before 2019.2 allows local user 
privilege esca ...)
        - intellij-idea <itp> (bug #747616)
-       - intellij-community-idea <undetermined>
 CVE-2019-18360 (In JetBrains Hub versions earlier than 2019.1.11738, username 
enumerat ...)
        NOT-FOR-US: JetBrains
 CVE-2019-18359 (A buffer over-read was discovered in ReadMP3APETag in apetag.c 
in MP3G ...)
@@ -110384,7 +110380,6 @@ CVE-2019-14955 (In JetBrains Hub versions earlier 
than 2018.4.11436, there was n
        NOT-FOR-US: JetBrains Hub
 CVE-2019-14954 (JetBrains IntelliJ IDEA before 2019.2 was resolving the 
markdown plant ...)
        - intellij-idea <itp> (bug #747616)
-       - intellij-community-idea <undetermined>
 CVE-2019-14953 (JetBrains YouTrack versions before 2019.2.53938 had a possible 
XSS thr ...)
        NOT-FOR-US: JetBrains YouTrack
 CVE-2019-14952 (JetBrains YouTrack versions before 2019.1.52584 had a possible 
XSS in  ...)
@@ -125908,11 +125903,9 @@ CVE-2019-10105 (CMS Made Simple 2.2.10 has a 
Self-XSS vulnerability via the Layo
        NOT-FOR-US: CMS Made Simple
 CVE-2019-10104 (In several JetBrains IntelliJ IDEA Ultimate versions, an 
Application S ...)
        - intellij-idea <itp> (bug #747616)
-       - intellij-community-idea <undetermined>
 CVE-2019-10103 (JetBrains IntelliJ IDEA projects created using the Kotlin (JS 
Client/J ...)
        - intellij-idea <itp> (bug #747616)
        - intellij-community-idea <undetermined>
-CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE 
template) versi ...)
        NOT-FOR-US: JetBrains
 CVE-2019-10101 (JetBrains Kotlin versions before 1.3.30 were resolving 
artifacts using ...)
        - kotlin <itp> (bug #892842)
@@ -127410,10 +127403,8 @@ CVE-2019-9874 (Deserialization of Untrusted Data in 
the Sitecore.Security.AntiCS
        NOT-FOR-US: Sitecore CMS
 CVE-2019-9873 (In several versions of JetBrains IntelliJ IDEA Ultimate, 
creating Task ...)
        - intellij-idea <itp> (bug #747616)
-       - intellij-community-idea <undetermined>
 CVE-2019-9872 (In several versions of JetBrains IntelliJ IDEA Ultimate, 
creating run  ...)
        - intellij-idea <itp> (bug #747616)
-       - intellij-community-idea <undetermined>
 CVE-2019-9871 (Jector Smart TV FM-K75 devices allow remote code execution 
because the ...)
        NOT-FOR-US: Jector Smart TV FM-K75 devices
 CVE-2019-9870 (plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for 
CKEditor m ...)
@@ -127602,7 +127593,6 @@ CVE-2019-9824 (tcp_emu in slirp/tcp_subr.c (aka 
slirp/src/tcp_subr.c) in QEMU 3.
        NOTE: 
https://github.com/qemu/qemu/commit/d3222975c7d6cda9e25809dea05241188457b113
 CVE-2019-9823 (In several JetBrains IntelliJ IDEA versions, creating remote 
run confi ...)
        - intellij-idea <itp> (bug #747616)
-       - intellij-community-idea <undetermined>
 CVE-2019-9822
        RESERVED
 CVE-2019-9821 (A use-after-free vulnerability can occur in AssertWorkerThread 
due to  ...)
@@ -129537,7 +129527,6 @@ CVE-2019-9187 (ikiwiki before 3.20170111.1 and 
3.2018x and 3.2019x before 3.2019
        NOTE: 
http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9a275b2
 CVE-2019-9186 (In several JetBrains IntelliJ IDEA versions, a Spring Boot run 
configu ...)
        - intellij-idea <itp> (bug #747616)
-       - intellij-community-idea <undetermined>
 CVE-2019-9185 (Controller/Async/FilesystemManager.php in the filemanager in 
Bolt befo ...)
        NOT-FOR-US: Bolt CMS
 CVE-2019-9184 (SQL injection vulnerability in the J2Store plugin 3.x before 
3.3.7 for ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a54d1ec3d0be884f0c1232511b481afff8de450

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a54d1ec3d0be884f0c1232511b481afff8de450
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

Reply via email to