[Git][security-tracker-team/security-tracker][master] Add tracking Debian bug for CVE-2019-11690/u-boot
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 05f8adea by Salvatore Bonaccorso at 2019-05-07T04:53:59Z Add tracking Debian bug for CVE-2019-11690/u-boot Add for tracking, the impact security wise for Debian is unclear, but maintainer (Vagrant Cascadian) can hopefully comment. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -237,7 +237,7 @@ CVE-2019-11692 CVE-2019-11691 RESERVED CVE-2019-11690 (gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 la ...) - - u-boot (low) + - u-boot (low; bug #928557) [stretch] - u-boot (Minor issue) NOTE: https://patchwork.ozlabs.org/patch/1092945 CVE-2019-11689 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05f8adea15f383f05b316b9db43959d1682875a4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05f8adea15f383f05b316b9db43959d1682875a4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed fix for CVE-2018-1320 via stretch-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fc73ee7b by Salvatore Bonaccorso at 2019-05-07T04:52:34Z Track proposed fix for CVE-2018-1320 via stretch-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -71,3 +71,5 @@ CVE-2018-20548 [stretch] - libcaca 0.99.beta19-2.1~deb9u1 CVE-2018-20549 [stretch] - libcaca 0.99.beta19-2.1~deb9u1 +CVE-2018-1320 + [stretch] - libthrift-java 0.9.1-2.1~deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc73ee7b814f69a703f71c9698b55af7dab5020f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc73ee7b814f69a703f71c9698b55af7dab5020f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1780-1 for firefox-esr
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
29b7a1f8 by Sylvain Beucler at 2019-05-07T00:19:39Z
Reserve DLA-1780-1 for firefox-esr
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,5 @@
+[07 May 2019] DLA-1780-1 firefox-esr - new upstream version
+ [jessie] - firefox-esr 60.6.2esr-1~deb8u1
[06 May 2019] DLA-1779-1 389-ds-base - security update
{CVE-2019-3883}
[jessie] - 389-ds-base 1.3.3.5-4+deb8u6
=
data/dla-needed.txt
=
@@ -30,8 +30,6 @@ faad2 (Hugo Lefeuvre)
--
filezilla (Markus Koschany)
--
-firefox-esr (Sylvain Beucler)
---
ghostscript (Roberto C. Sánchez)
--
gradle
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/29b7a1f848b1fdebbe8419972f0deb2ac950efa0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/29b7a1f848b1fdebbe8419972f0deb2ac950efa0
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] u-boot no-dsa
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e64a185 by Moritz Muehlenhoff at 2019-05-06T21:32:47Z u-boot no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -237,7 +237,8 @@ CVE-2019-11692 CVE-2019-11691 RESERVED CVE-2019-11690 (gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 la ...) - - u-boot + - u-boot (low) + [stretch] - u-boot (Minor issue) NOTE: https://patchwork.ozlabs.org/patch/1092945 CVE-2019-11689 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0e64a185a6f673455334e8563413f13b4882b866 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0e64a185a6f673455334e8563413f13b4882b866 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 43c2a3ed by Salvatore Bonaccorso at 2019-05-06T20:21:25Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2019-11807 (The WooCommerce Checkout Manager plugin before 4.3 for WordPress allow ...) - TODO: check + NOT-FOR-US: WooCommerce Checkout Manager plugin for WordPress CVE-2019-11806 RESERVED CVE-2019-11805 @@ -16396,7 +16396,7 @@ CVE-2019-5433 (A user having access to the UI of a Revive Adserver instance coul CVE-2019-5432 (A specifically malformed MQTT Subscribe packet crashes MQTT Brokers us ...) TODO: check CVE-2019-5431 (This vulnerability was caused by an incomplete fix to CVE-2017-0911. T ...) - TODO: check + NOT-FOR-US: Twitter Kit for iOS CVE-2019-5430 (In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, i ...) TODO: check CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacke ...) @@ -45694,7 +45694,7 @@ CVE-2018-13985 CVE-2018-13984 RESERVED CVE-2018-13983 (ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.ph ...) - TODO: check + NOT-FOR-US: ImpressCMS CVE-2018-13982 (Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is pro ...) - smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1 [jessie] - smarty3 (vulnerable code not present) @@ -73176,31 +73176,31 @@ CVE-2018-4075 CVE-2018-4074 RESERVED CVE-2018-4073 (An exploitable Permission Assignment vulnerability exists in the ACEMa ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4072 (An exploitable Permission Assignment vulnerability exists in the ACEMa ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4071 (An exploitable Information Disclosure vulnerability exists in the ACEM ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4070 (An exploitable Information Disclosure vulnerability exists in the ACEM ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4069 (An information disclosure vulnerability exists in the ACEManager authe ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4068 (An exploitable information disclosure vulnerability exists in the ACEM ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4067 (An exploitable information disclosure vulnerability exists in the ACEM ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4066 (An exploitable cross-site request forgery vulnerability exists in the ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4065 (An exploitable cross-site scripting vulnerability exists in the ACEMan ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4064 RESERVED CVE-2018-4063 (An exploitable remote code execution vulnerability exists in the uploa ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4062 (A hard-coded credentials vulnerability exists in the snmpd function of ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4061 (An exploitable command injection vulnerability exists in the ACEManage ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4060 RESERVED CVE-2018-4059 (An exploitable unsafe default configuration vulnerability exists in th ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43c2a3ed72412cac684ad7b1f556ce6e78f15928 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43c2a3ed72412cac684ad7b1f556ce6e78f15928 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9a7e2567 by security tracker role at 2019-05-06T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,83 @@
+CVE-2019-11807 (The WooCommerce Checkout Manager plugin before 4.3 for
WordPress allow ...)
+ TODO: check
+CVE-2019-11806
+ RESERVED
+CVE-2019-11805
+ RESERVED
+CVE-2019-11804
+ RESERVED
+CVE-2019-11803
+ RESERVED
+CVE-2019-11802
+ RESERVED
+CVE-2019-11801
+ RESERVED
+CVE-2019-11800
+ RESERVED
+CVE-2019-11799
+ RESERVED
+CVE-2019-11798
+ RESERVED
+CVE-2019-11797
+ RESERVED
+CVE-2019-11796
+ RESERVED
+CVE-2019-11795
+ RESERVED
+CVE-2019-11794
+ RESERVED
+CVE-2019-11793
+ RESERVED
+CVE-2019-11792
+ RESERVED
+CVE-2019-11791
+ RESERVED
+CVE-2019-11790
+ RESERVED
+CVE-2019-11789
+ RESERVED
+CVE-2019-11788
+ RESERVED
+CVE-2019-11787
+ RESERVED
+CVE-2019-11786
+ RESERVED
+CVE-2019-11785
+ RESERVED
+CVE-2019-11784
+ RESERVED
+CVE-2019-11783
+ RESERVED
+CVE-2019-11782
+ RESERVED
+CVE-2019-11781
+ RESERVED
+CVE-2019-11780
+ RESERVED
+CVE-2019-11779
+ RESERVED
+CVE-2019-11778
+ RESERVED
+CVE-2019-11777
+ RESERVED
+CVE-2019-11776
+ RESERVED
+CVE-2019-11775
+ RESERVED
+CVE-2019-11774
+ RESERVED
+CVE-2019-11773
+ RESERVED
+CVE-2019-11772
+ RESERVED
+CVE-2019-11771
+ RESERVED
+CVE-2019-11770
+ RESERVED
+CVE-2019-11769
+ RESERVED
+CVE-2019-11768
+ RESERVED
CVE-2019-11767 (Server side request forgery (SSRF) in phpBB before 3.2.6
allows checki ...)
- phpbb3
[jessie] - phpbb3 (Minor issue, solution/workaround is to
disable the remote avatar function)
@@ -2029,6 +2109,7 @@ CVE-2019-10914 (pubRsaDecryptSignedElementExt in
MatrixSSL, as used in Inside Se
NOTE: https://github.com/matrixssl/matrixssl/issues/26
CVE-2019-10913
RESERVED
+ {DLA-1778-1}
- symfony 3.4.22+dfsg-2
NOTE:
https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides
CVE-2019-10912
@@ -2038,18 +2119,21 @@ CVE-2019-10912
NOTE:
https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized
CVE-2019-10911
RESERVED
+ {DLA-1778-1}
- drupal7 (Drupal 7 core not affected)
- symfony 3.4.22+dfsg-2
NOTE: https://www.drupal.org/SA-CORE-2019-005
NOTE:
https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
CVE-2019-10910
RESERVED
+ {DLA-1778-1}
- drupal7 (Drupal 7 core not affected)
- symfony 3.4.22+dfsg-2
NOTE: https://www.drupal.org/SA-CORE-2019-005
NOTE:
https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
CVE-2019-10909
RESERVED
+ {DLA-1778-1}
- drupal7 (Drupal 7 core not affected)
- symfony 3.4.22+dfsg-2
NOTE: https://www.drupal.org/SA-CORE-2019-005
@@ -3635,8 +3719,8 @@ CVE-2019-1003041 (A sandbox bypass vulnerability in
Jenkins Pipeline: Groovy Plu
NOT-FOR-US: Jenkins plugin
CVE-2019-1003040 (A sandbox bypass vulnerability in Jenkins Script Security
Plugin 1.55 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10249
- RESERVED
+CVE-2019-10249 (All Xtext Xtend versions prior to 2.18.0 were built
using HTTP i ...)
+ TODO: check
CVE-2019-10248 (Eclipse Vorto versions prior to 0.11 resolved Maven build
artifacts fo ...)
NOT-FOR-US: Eclipse Vorto
CVE-2019-10247 (In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26
and older, ...)
@@ -16305,16 +16389,16 @@ CVE-2019-5436
RESERVED
CVE-2019-5435
RESERVED
-CVE-2019-5434
- RESERVED
-CVE-2019-5433
- RESERVED
-CVE-2019-5432
- RESERVED
-CVE-2019-5431
- RESERVED
-CVE-2019-5430
- RESERVED
+CVE-2019-5434 (An attacker could send a specifically crafted payload to the
XML-RPC i ...)
+ TODO: check
+CVE-2019-5433 (A user having access to the UI of a Revive Adserver instance
could be ...)
+ TODO: check
+CVE-2019-5432 (A specifically malformed MQTT Subscribe packet crashes MQTT
Brokers us ...)
+ TODO: check
+CVE-2019-5431 (This vulnerability was caused by an incomplete fix to
CVE-2017-0911. T ...)
+ TODO: check
+CVE-2019-5430 (In UniFi Video 3.10.0 and prior, due to the lack of CSRF
protection, i ...)
+ TODO: check
CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an
attacke ...)
- filezilla (low; bug #928282)
[stretch] - filezilla (Minor issue)
@@ -19507,6 +19591,7 @@ CVE-2019-3884
RESERVED
NOT-FOR-US: atomic-openshift
CVE-2019-3883 (In 389-ds-base up to version
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 75ae3b64 by Salvatore Bonaccorso at 2019-05-06T19:45:02Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20908,7 +20908,7 @@ CVE-2018-20582 CVE-2018-20581 RESERVED CVE-2018-20580 (The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 al ...) - TODO: check + NOT-FOR-US: SmartBear ReadyAPI CVE-2018-20579 (Contiki-NG before 4.2 has a stack-based buffer overflow in the push fu ...) NOT-FOR-US: Contiki-NG CVE-2018-20578 (An issue was discovered in NuttX before 7.27. The function netlib_pars ...) @@ -188439,7 +188439,7 @@ CVE-2015-1342 (LXCFS before 0.12 does not properly enforce directory escapes, wh - lxcfs (Fixed before initial upload to the archive) NOTE: https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1508481 CVE-2015-1341 (Any Python module in sys.path can be imported if the command line of t ...) - TODO: check + NOT-FOR-US: Apport CVE-2015-1340 (LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsa ...) - lxd (bug #768073) CVE-2015-1339 (Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75ae3b64108fa3dc6897ee66910efb6854d8dd87 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75ae3b64108fa3dc6897ee66910efb6854d8dd87 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-11690/u-boot
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bbfb33b2 by Salvatore Bonaccorso at 2019-05-06T19:27:55Z Add CVE-2019-11690/u-boot - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -157,7 +157,8 @@ CVE-2019-11692 CVE-2019-11691 RESERVED CVE-2019-11690 (gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 la ...) - TODO: check + - u-boot + NOTE: https://patchwork.ozlabs.org/patch/1092945 CVE-2019-11689 RESERVED CVE-2019-11688 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbfb33b2cf2f83bf712adf706f0ab631bf0f274e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbfb33b2cf2f83bf712adf706f0ab631bf0f274e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-10255 and CVE-2019-9644 in jupyter-notebook fixed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 52d396a1 by Salvatore Bonaccorso at 2019-05-06T19:19:50Z CVE-2019-10255 and CVE-2019-9644 in jupyter-notebook fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3599,7 +3599,7 @@ CVE-2019-10257 CVE-2019-10256 RESERVED CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter Notebook be ...) - - jupyter-notebook (bug #925939) + - jupyter-notebook 5.7.8-1 (bug #925939) NOTE: https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb NOTE: https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b NOTE: When adressing this issue make sure to not open CVE-2019-10856 and apply the @@ -5869,7 +5869,7 @@ CVE-2019-9645 CVE-2019-9646 (The Contact Form Email plugin before 1.2.66 for WordPress allows wp-ad ...) NOT-FOR-US: WordPress plugin contact-form-to-email CVE-2019-9644 (An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook befor ...) - - jupyter-notebook (bug #924515) + - jupyter-notebook 5.7.8-1 (bug #924515) NOTE: https://github.com/jupyter/notebook/commit/cfc335b76466ccf1538ce545b654b29b5ab0097c NOTE: https://github.com/jupyter/notebook/commit/b5105814fc41c6d789b317fa59f786bad7f9d798 NOTE: https://github.com/jupyter/notebook/commit/bfaa61385729ed4fb453863053f9a79141f01119 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/52d396a1b25a75816a4822c93c90c3ba6376d472 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/52d396a1b25a75816a4822c93c90c3ba6376d472 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-9215 and CVE-2019-7314 for liblivemedia fixed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f8ee2712 by Salvatore Bonaccorso at 2019-05-06T19:15:35Z
CVE-2019-9215 and CVE-2019-7314 for liblivemedia fixed in unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -6908,7 +6908,7 @@ CVE-2019-9216
CVE-2019-9215 (In Live555 before 2019.02.27, malformed headers lead to invalid
memory ...)
{DSA-4408-1 DLA-1720-1}
[experimental] - liblivemedia 2019.02.27-1
- - liblivemedia (bug #924655)
+ - liblivemedia 2018.11.26-1.1 (bug #924655)
NOTE: Reporter advisory and analysis:
https://tools.cisco.com/security/center/viewAlert.x?alertId=59708
CVE-2019-9214 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP
dissector c ...)
{DSA-4416-1}
@@ -11647,7 +11647,7 @@ CVE-2019-7315
CVE-2019-7314 (liblivemedia in Live555 before 2019.02.03 mishandles the
termination o ...)
{DSA-4408-1 DLA-1690-1}
[experimental] - liblivemedia 2019.02.03-1
- - liblivemedia (bug #924656)
+ - liblivemedia 2018.11.26-1.1 (bug #924656)
NOTE:
http://lists.live555.com/pipermail/live-devel/2019-February/021143.html
CVE-2019-7313 (www/resource.py in Buildbot before 1.8.1 allows CRLF injection
in the ...)
- buildbot 2.0.0-1 (bug #921271)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8ee271211f16f840b1edffcc767853f5f196b5e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8ee271211f16f840b1edffcc767853f5f196b5e
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add one more CVE fixed with the libcaca upload
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 218bee9e by Salvatore Bonaccorso at 2019-05-06T18:58:15Z Add one more CVE fixed with the libcaca upload - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -59,6 +59,8 @@ CVE-2019-8905 [stretch] - file 1:5.30-1+deb9u3 CVE-2019-11627 [stretch] - signing-party 2.5-1+deb9u1 +CVE-2018-20544 + [stretch] - libcaca 0.99.beta19-2.1~deb9u1 CVE-2018-20545 [stretch] - libcaca 0.99.beta19-2.1~deb9u1 CVE-2018-20546 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/218bee9eb50b1a5909df2fc6b90a00d02f1f5976 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/218bee9eb50b1a5909df2fc6b90a00d02f1f5976 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1779-1 for 389-ds-base
Mike Gabriel pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5d8411f9 by Mike Gabriel at 2019-05-06T18:12:54Z
Reserve DLA-1779-1 for 389-ds-base
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[06 May 2019] DLA-1779-1 389-ds-base - security update
+ {CVE-2019-3883}
+ [jessie] - 389-ds-base 1.3.3.5-4+deb8u6
[06 May 2019] DLA-1778-1 symfony - security update
{CVE-2019-10909 CVE-2019-10910 CVE-2019-10911 CVE-2019-10913}
[jessie] - symfony 2.3.21+dfsg-4+deb8u5
=
data/dla-needed.txt
=
@@ -9,8 +9,6 @@ To pick an issue, simply add your name behind it. To learn more
about how
this list is updated have a look at
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
---
-389-ds-base (Mike Gabriel)
--
atftp (Thorsten Alteholz)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d8411f9e4f1f4f8473c18d103a006b9edc009d9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d8411f9e4f1f4f8473c18d103a006b9edc009d9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] libcaca spu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3e9ca5af by Moritz Muehlenhoff at 2019-05-06T18:08:46Z libcaca spu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -59,3 +59,13 @@ CVE-2019-8905 [stretch] - file 1:5.30-1+deb9u3 CVE-2019-11627 [stretch] - signing-party 2.5-1+deb9u1 +CVE-2018-20545 + [stretch] - libcaca 0.99.beta19-2.1~deb9u1 +CVE-2018-20546 + [stretch] - libcaca 0.99.beta19-2.1~deb9u1 +CVE-2018-20547 + [stretch] - libcaca 0.99.beta19-2.1~deb9u1 +CVE-2018-20548 + [stretch] - libcaca 0.99.beta19-2.1~deb9u1 +CVE-2018-20549 + [stretch] - libcaca 0.99.beta19-2.1~deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3e9ca5af673848805456e042d0c7f87476a5fa08 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3e9ca5af673848805456e042d0c7f87476a5fa08 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] stretch triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f34b74da by Moritz Muehlenhoff at 2019-05-06T17:59:07Z
stretch triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -2174,10 +2174,11 @@ CVE-2019-10879 (In Teeworlds 0.7.2, there is an integer
overflow in CDataFileRea
NOTE: https://github.com/teeworlds/teeworlds/issues/2070
NOTE:
https://github.com/teeworlds/teeworlds/commit/4d529dcd2d01022e979ebfa0b91167dee37cdb8e
CVE-2019-10878 (In Teeworlds 0.7.2, there is a failed bounds check in
CDataFileReader: ...)
- - teeworlds 0.7.2-4 (bug #927152)
+ - teeworlds 0.7.2-5 (bug #927152)
[jessie] - teeworlds (Not supported in jessie LTS)
NOTE: https://github.com/teeworlds/teeworlds/issues/2073
NOTE:
https://github.com/teeworlds/teeworlds/commit/e086f4b35b1adf7edc35b4ad332dc7ed1edc5988
+ NOTE:
https://github.com/teeworlds/teeworlds/commit/cc3d59ae706752956d6cb8acc4187c8398b61c5c
CVE-2019-10877 (In Teeworlds 0.7.2, there is an integer overflow in
CMap::Load() in en ...)
- teeworlds 0.7.2-4 (bug #927152)
[jessie] - teeworlds (Not supported in jessie LTS)
@@ -16314,7 +16315,8 @@ CVE-2019-5431
CVE-2019-5430
RESERVED
CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an
attacke ...)
- - filezilla (bug #928282)
+ - filezilla (low; bug #928282)
+ [stretch] - filezilla (Minor issue)
NOTE:
https://svn.filezilla-project.org/filezilla?revision=9097=revision
NOTE: https://www.tenable.com/security/research/tra-2019-14
CVE-2019-5428
@@ -31354,6 +31356,7 @@ CVE-2019-0224 (In Apache JSPWiki 2.9.0 to 2.11.0.M2, a
carefully crafted URL cou
- jspwiki
CVE-2019-0223 (While investigating bug PROTON-2014, we discovered that under
some cir ...)
- qpid-proton 0.22.0-1
+ [stretch] - qpid-proton (Minor issue)
NOTE: https://issues.apache.org/jira/browse/PROTON-2014
NOTE: https://qpid.apache.org/cves/CVE-2019-0223.html
NOTE: https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=97c7733
@@ -31474,6 +31477,7 @@ CVE-2019-0188
RESERVED
CVE-2019-0187 (Unauthenticated RCE is possible when JMeter is used in
distributed mod ...)
- jakarta-jmeter
+ [stretch] - jakarta-jmeter (Minor issue)
[jessie] - jakarta-jmeter (Minor issue)
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62743
CVE-2019-0186 (The input fields of the Apache Pluto "Chat Room" demo portlet
3.0.0 an ...)
@@ -32142,6 +32146,7 @@ CVE-2018-19106 (Avi Vantage before 17.2.13 uses an
invalid URL encoding during a
CVE-2018-19105 (LibreCAD 2.1.3 allows remote attackers to cause a denial of
service (0 ...)
{DLA-1776-1}
- librecad (bug #928477)
+ [stretch] - librecad (Minor issue)
NOTE: https://code610.blogspot.com/2018/11/crashing-librecad-213.html
NOTE: https://github.com/LibreCAD/LibreCAD/issues/1038
NOTE: Fixed by
https://github.com/LibreCAD/LibreCAD/commit/6da7cc5f7f31afb008f03dbd11e07207ccd82085
@@ -37060,8 +37065,10 @@ CVE-2018-17203
REJECTED
CVE-2018-17202
RESERVED
+ NOTE: Apache Commons Imaging
CVE-2018-17201
RESERVED
+ NOTE: Apache Commons Imaging
CVE-2018-17200
RESERVED
CVE-2018-17199 (In Apache HTTP Server 2.4 release 2.4.37 and prior,
mod_session checks ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f34b74dab39049f2430ec605536cd54982d4eba4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f34b74dab39049f2430ec605536cd54982d4eba4
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: add and claim firefox-esr
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: b05a4261 by Sylvain Beucler at 2019-05-06T17:46:32Z dla: add and claim firefox-esr - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -32,6 +32,8 @@ faad2 (Hugo Lefeuvre) -- filezilla (Markus Koschany) -- +firefox-esr (Sylvain Beucler) +-- ghostscript (Roberto C. Sánchez) -- gradle View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b05a426188c0027803e8e4c6e129dd05a34e5949 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b05a426188c0027803e8e4c6e129dd05a34e5949 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1778-1 for symfony
Jonas Meurer pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
db3f9cc6 by Jonas Meurer at 2019-05-06T17:08:24Z
Reserve DLA-1778-1 for symfony
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[06 May 2019] DLA-1778-1 symfony - security update
+ {CVE-2019-10909 CVE-2019-10910 CVE-2019-10911 CVE-2019-10913}
+ [jessie] - symfony 2.3.21+dfsg-4+deb8u5
[06 May 2019] DLA-1777-1 jquery - security update
{CVE-2019-11358}
[jessie] - jquery 1.7.2+dfsg-3.2+deb8u6
=
data/dla-needed.txt
=
@@ -122,8 +122,6 @@ sox
NOTE: 20190416: CVE-2019-835{4,5,6,7} no upstream patch yet, might take some
time.
NOTE: Check again later. - hle
--
-symfony (Jonas Meurer)
---
wireshark
--
wordpress
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/db3f9cc6dcfe92bd1dee7d0518b4280aa50f732c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/db3f9cc6dcfe92bd1dee7d0518b4280aa50f732c
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-10912 as not-affected in Jessie
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: a0d22f48 by Jonas Meurer at 2019-05-06T13:58:14Z Mark CVE-2019-10912 as not-affected in Jessie - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2033,6 +2033,7 @@ CVE-2019-10913 CVE-2019-10912 RESERVED - symfony 3.4.22+dfsg-2 + [jessie] - symfony (vulnerable code is not present) NOTE: https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized CVE-2019-10911 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0d22f483b7957cce4aeccc77fd2ec1bd3a4a118 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0d22f483b7957cce4aeccc77fd2ec1bd3a4a118 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2019-11498 as not-affected in Jessie
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 6e08b252 by Thorsten Alteholz at 2019-05-06T12:23:57Z mark CVE-2019-11498 as not-affected in Jessie - - - - - b8f065f6 by Thorsten Alteholz at 2019-05-06T12:23:57Z not upload needed for wavpack - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -644,6 +644,7 @@ CVE-2019-11499 [Submission-login crashes when authentication is started over TLS CVE-2019-11498 (WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack t ...) - wavpack 5.1.0-6 (low; bug #927903) [stretch] - wavpack (Minor issue) + [jessie] - wavpack (Vulnerable code not present, introduced in 5.0.0) NOTE: https://github.com/dbry/WavPack/issues/67 NOTE: https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4 CVE-2019-11497 = data/dla-needed.txt = @@ -124,8 +124,6 @@ sox -- symfony (Jonas Meurer) -- -wavpack (Thorsten Alteholz) --- wireshark -- wordpress View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/3f15f9a4a3eaecf6decc04db78af0167c1f9fa94...b8f065f6796d6fb42e2f7a11608c7d917d47991b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/3f15f9a4a3eaecf6decc04db78af0167c1f9fa94...b8f065f6796d6fb42e2f7a11608c7d917d47991b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Sync fixed version for some CVEs for src:linux with kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
128b5963 by Salvatore Bonaccorso at 2019-05-06T11:37:51Z
Sync fixed version for some CVEs for src:linux with kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -393,7 +393,7 @@ CVE-2019-11627 (gpg-key2ps in signing-party 1.1.x and 2.x
before 2.10-1 contains
[stretch] - signing-party (Will be fixed via point release)
NOTE:
https://salsa.debian.org/signing-party-team/signing-party/commit/cd69b6c0426a6160ef3de03fce9c7f112166d5a8
CVE-2019-11599 (The coredump implementation in the Linux kernel before 5.0.10
does not ...)
- - linux
+ - linux 4.19.37-1
NOTE: https://marc.info/?l=linux-mm=155355419911404=2
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer
over-read in ...)
@@ -671,11 +671,11 @@ CVE-2019-11489 (Incorrect Access Control in the
Administrative Management Interf
CVE-2019-11488 (Incorrect Access Control in the Account Access / Password
Reset Link i ...)
NOT-FOR-US: SimplyBook.me Enterprise
CVE-2019-11487 (The Linux kernel before 5.1-rc5 allows page-_refcount
reference co ...)
- - linux
+ - linux 4.19.37-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1752
NOTE: https://lwn.net/Articles/786044/
CVE-2019-11486 (The Siemens R3964 line discipline driver in
drivers/tty/n_r3964.c in t ...)
- - linux
+ - linux 4.19.37-1
NOTE:
https://git.kernel.org/linus/c7084edc3f6d67750f50d4183134c4fb5712a5c8
NOTE: Upstream commits marks driver as BROKEN and can be considered
fixed starting
NOTE: from versions including this commit (or backport) or versions
which disable
@@ -3914,7 +3914,7 @@ CVE-2019-10126
CVE-2017-18364 (phpFK lite has XSS via the faq.php, members.php, or search.php
query s ...)
NOT-FOR-US: phpFK
CVE-2019-10125 (An issue was discovered in aio_poll() in fs/aio.c in the Linux
kernel ...)
- - linux
+ - linux 4.19.37-1
[stretch] - linux (Vulnerable code introduced later)
[jessie] - linux (Vulnerable code introduced later)
NOTE: https://patchwork.kernel.org/patch/10828359/
@@ -5258,7 +5258,7 @@ CVE-2019-9848
CVE-2019-9847
RESERVED
CVE-2019-9857 (In the Linux kernel through 5.0.2, the function
inotify_update_existin ...)
- - linux
+ - linux 4.19.37-1
[stretch] - linux (Vulnerable code not present)
[jessie] - linux (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/62c9d2674b31d4c8a674bee86b7edc6da2803aea
@@ -19474,7 +19474,7 @@ CVE-2019-3889
CVE-2019-3888
RESERVED
CVE-2019-3887 (A flaw was found in the way KVM hypervisor handled x2APIC
Machine Spec ...)
- - linux
+ - linux 4.19.37-1
[stretch] - linux (Vulnerability introduced later)
[jessie] - linux (Vulnerability introduced later)
NOTE: Fixed by:
https://git.kernel.org/linus/acff78477b9b4f26ecdf65733a4ed77fe837e9dc
@@ -19509,7 +19509,7 @@ CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2,
requests are handled by wor
NOTE: https://pagure.io/389-ds-base/c/fcf2b5ddb (389-ds-base-1.4.0)
NOTE: https://pagure.io/389-ds-base/c/dd4b69b55 (389-ds-base-1.3.9)
CVE-2019-3882 (A flaw was found in the Linux kernel's vfio interface
implementation t ...)
- - linux
+ - linux 4.19.37-1
NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/1
NOTE:
https://lore.kernel.org/lkml/155414977872.12780.13728555131525362206.st...@gimli.home/T/#u
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1689426
@@ -20677,13 +20677,13 @@ CVE-2019-3461 (Debian tmpreaper version 1.6.13+nmu1
has a race condition when do
- tmpreaper 1.6.14 (bug #918956)
CVE-2019-3460 (A heap data infoleak in multiple locations including
L2CAP_PARSE_CONF_ ...)
{DLA-1771-1}
- - linux
+ - linux 4.19.37-1
[stretch] - linux 4.9.168-1
NOTE:
https://lore.kernel.org/linux-bluetooth/20190110062917.gb15...@kroah.com/
NOTE:
https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0
CVE-2019-3459 (A heap address information leak while using L2CAP_GET_CONF_OPT
was dis ...)
{DLA-1771-1}
- - linux
+ - linux 4.19.37-1
[stretch] - linux 4.9.168-1
NOTE:
https://lore.kernel.org/linux-bluetooth/20190110062833.ga15...@kroah.com/
NOTE:
https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69
@@ -47959,11 +47959,11 @@ CVE-2018-12932 (PlayEnhMetaFileRecord in
enhmetafile.c in Wine 3.7 allows attack
NOTE:
https://source.winehq.org/git/wine.git/commit/8d2676fd14f130f9e8f06744743423168bf8d18d
NOTE:
[Git][security-tracker-team/security-tracker][master] gitlab issues fixed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e694f82 by Salvatore Bonaccorso at 2019-05-06T10:48:16Z gitlab issues fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -513,19 +513,19 @@ CVE-2019-11550 RESERVED CVE-2019-11549 [Improper Sanitation of Credentials in Gitaly] RESERVED - - gitlab (bug #928221) + - gitlab 11.8.9+dfsg-1 (bug #928221) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ CVE-2019-11548 [Unauthorized Comments on Confidential Issues] RESERVED - - gitlab (bug #928221) + - gitlab 11.8.9+dfsg-1 (bug #928221) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ CVE-2019-11547 [Unsanitized Branch Names on New Merge Request Notification Emails] RESERVED - - gitlab (bug #928221) + - gitlab 11.8.9+dfsg-1 (bug #928221) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ CVE-2019-11546 [Merge Request Approval Count Inflation] RESERVED - - gitlab (bug #928221) + - gitlab 11.8.9+dfsg-1 (bug #928221) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ CVE-2019-11545 [Moving an Issue to Private Repo Leaks Project Namespace] RESERVED @@ -533,7 +533,7 @@ CVE-2019-11545 [Moving an Issue to Private Repo Leaks Project Namespace] NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ CVE-2019-11544 [Notification Emails Sent to Restricted Users] RESERVED - - gitlab (bug #928221) + - gitlab 11.8.9+dfsg-1 (bug #928221) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ CVE-2019-11543 (XSS exists in the admin web console in Pulse Secure Pulse Connect Secu ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0e694f820ccfde605da3f3dce51bd15e79d93cbc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0e694f820ccfde605da3f3dce51bd15e79d93cbc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-0226/apache-karaf
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e91af891 by Salvatore Bonaccorso at 2019-05-06T08:18:32Z Add CVE-2019-0226/apache-karaf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31345,6 +31345,7 @@ CVE-2019-0227 (A Server Side Request Forgery (SSRF) vulnerability affected the A NOTE: https://github.com/apache/axis1-java/commit/35511b872a6460129cfc0cd35baaccbd820977b5 CVE-2019-0226 RESERVED + - apache-karaf (bug #881297) CVE-2019-0225 (A specially crafted url could be used to access files under the ROOT d ...) - jspwiki CVE-2019-0224 (In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could ex ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e91af89196933394200ee86807442ae3b27a755e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e91af89196933394200ee86807442ae3b27a755e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7d4734e2 by security tracker role at 2019-05-06T08:10:12Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1199,7 +1199,7 @@ CVE-2019-11269
CVE-2019-11268
RESERVED
CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and
other produc ...)
- {DSA-4434-1}
+ {DSA-4434-1 DLA-1777-1}
- drupal7 (bug #927330)
- jquery 3.3.1~dfsg-2 (bug #927385)
[stretch] - jquery 3.1.1-2+deb9u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d4734e2213a2a74aa9ef298b17ee258b801183e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d4734e2213a2a74aa9ef298b17ee258b801183e
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1777-1 for jquery
Brian May pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1a725576 by Brian May at 2019-05-06T07:13:35Z
Reserve DLA-1777-1 for jquery
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[06 May 2019] DLA-1777-1 jquery - security update
+ {CVE-2019-11358}
+ [jessie] - jquery 1.7.2+dfsg-3.2+deb8u6
[05 May 2019] DLA-1776-1 librecad - security update
{CVE-2018-19105}
[jessie] - librecad 2.0.4-1+deb8u1
=
data/dla-needed.txt
=
@@ -54,9 +54,6 @@ imagemagick (Hugo Lefeuvre)
NOTE: Stretch. (apo)
NOTE: 20190408: Still waiting on security team response to inquiries from
(apo) and (roberto)
--
-jquery (Brian May)
- NOTE: 20190425: probably embedded versions need to be checked as well
---
jruby
--
kdepim
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1a7255768546c44390734a30966a745a254a7256
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1a7255768546c44390734a30966a745a254a7256
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
