[Git][security-tracker-team/security-tracker][master] Add tracking Debian bug for CVE-2019-11690/u-boot
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 05f8adea by Salvatore Bonaccorso at 2019-05-07T04:53:59Z Add tracking Debian bug for CVE-2019-11690/u-boot Add for tracking, the impact security wise for Debian is unclear, but maintainer (Vagrant Cascadian) can hopefully comment. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -237,7 +237,7 @@ CVE-2019-11692 CVE-2019-11691 RESERVED CVE-2019-11690 (gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 la ...) - - u-boot (low) + - u-boot (low; bug #928557) [stretch] - u-boot (Minor issue) NOTE: https://patchwork.ozlabs.org/patch/1092945 CVE-2019-11689 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05f8adea15f383f05b316b9db43959d1682875a4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05f8adea15f383f05b316b9db43959d1682875a4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed fix for CVE-2018-1320 via stretch-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fc73ee7b by Salvatore Bonaccorso at 2019-05-07T04:52:34Z Track proposed fix for CVE-2018-1320 via stretch-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -71,3 +71,5 @@ CVE-2018-20548 [stretch] - libcaca 0.99.beta19-2.1~deb9u1 CVE-2018-20549 [stretch] - libcaca 0.99.beta19-2.1~deb9u1 +CVE-2018-1320 + [stretch] - libthrift-java 0.9.1-2.1~deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc73ee7b814f69a703f71c9698b55af7dab5020f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc73ee7b814f69a703f71c9698b55af7dab5020f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1780-1 for firefox-esr
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 29b7a1f8 by Sylvain Beucler at 2019-05-07T00:19:39Z Reserve DLA-1780-1 for firefox-esr - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,5 @@ +[07 May 2019] DLA-1780-1 firefox-esr - new upstream version + [jessie] - firefox-esr 60.6.2esr-1~deb8u1 [06 May 2019] DLA-1779-1 389-ds-base - security update {CVE-2019-3883} [jessie] - 389-ds-base 1.3.3.5-4+deb8u6 = data/dla-needed.txt = @@ -30,8 +30,6 @@ faad2 (Hugo Lefeuvre) -- filezilla (Markus Koschany) -- -firefox-esr (Sylvain Beucler) --- ghostscript (Roberto C. Sánchez) -- gradle View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/29b7a1f848b1fdebbe8419972f0deb2ac950efa0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/29b7a1f848b1fdebbe8419972f0deb2ac950efa0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] u-boot no-dsa
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e64a185 by Moritz Muehlenhoff at 2019-05-06T21:32:47Z u-boot no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -237,7 +237,8 @@ CVE-2019-11692 CVE-2019-11691 RESERVED CVE-2019-11690 (gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 la ...) - - u-boot + - u-boot (low) + [stretch] - u-boot (Minor issue) NOTE: https://patchwork.ozlabs.org/patch/1092945 CVE-2019-11689 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0e64a185a6f673455334e8563413f13b4882b866 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0e64a185a6f673455334e8563413f13b4882b866 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 43c2a3ed by Salvatore Bonaccorso at 2019-05-06T20:21:25Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2019-11807 (The WooCommerce Checkout Manager plugin before 4.3 for WordPress allow ...) - TODO: check + NOT-FOR-US: WooCommerce Checkout Manager plugin for WordPress CVE-2019-11806 RESERVED CVE-2019-11805 @@ -16396,7 +16396,7 @@ CVE-2019-5433 (A user having access to the UI of a Revive Adserver instance coul CVE-2019-5432 (A specifically malformed MQTT Subscribe packet crashes MQTT Brokers us ...) TODO: check CVE-2019-5431 (This vulnerability was caused by an incomplete fix to CVE-2017-0911. T ...) - TODO: check + NOT-FOR-US: Twitter Kit for iOS CVE-2019-5430 (In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, i ...) TODO: check CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacke ...) @@ -45694,7 +45694,7 @@ CVE-2018-13985 CVE-2018-13984 RESERVED CVE-2018-13983 (ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.ph ...) - TODO: check + NOT-FOR-US: ImpressCMS CVE-2018-13982 (Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is pro ...) - smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1 [jessie] - smarty3 (vulnerable code not present) @@ -73176,31 +73176,31 @@ CVE-2018-4075 CVE-2018-4074 RESERVED CVE-2018-4073 (An exploitable Permission Assignment vulnerability exists in the ACEMa ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4072 (An exploitable Permission Assignment vulnerability exists in the ACEMa ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4071 (An exploitable Information Disclosure vulnerability exists in the ACEM ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4070 (An exploitable Information Disclosure vulnerability exists in the ACEM ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4069 (An information disclosure vulnerability exists in the ACEManager authe ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4068 (An exploitable information disclosure vulnerability exists in the ACEM ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4067 (An exploitable information disclosure vulnerability exists in the ACEM ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4066 (An exploitable cross-site request forgery vulnerability exists in the ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4065 (An exploitable cross-site scripting vulnerability exists in the ACEMan ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4064 RESERVED CVE-2018-4063 (An exploitable remote code execution vulnerability exists in the uploa ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4062 (A hard-coded credentials vulnerability exists in the snmpd function of ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4061 (An exploitable command injection vulnerability exists in the ACEManage ...) - TODO: check + NOT-FOR-US: Sierra Wireless AirLink ES450 firmware CVE-2018-4060 RESERVED CVE-2018-4059 (An exploitable unsafe default configuration vulnerability exists in th ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43c2a3ed72412cac684ad7b1f556ce6e78f15928 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43c2a3ed72412cac684ad7b1f556ce6e78f15928 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a7e2567 by security tracker role at 2019-05-06T20:10:24Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,83 @@ +CVE-2019-11807 (The WooCommerce Checkout Manager plugin before 4.3 for WordPress allow ...) + TODO: check +CVE-2019-11806 + RESERVED +CVE-2019-11805 + RESERVED +CVE-2019-11804 + RESERVED +CVE-2019-11803 + RESERVED +CVE-2019-11802 + RESERVED +CVE-2019-11801 + RESERVED +CVE-2019-11800 + RESERVED +CVE-2019-11799 + RESERVED +CVE-2019-11798 + RESERVED +CVE-2019-11797 + RESERVED +CVE-2019-11796 + RESERVED +CVE-2019-11795 + RESERVED +CVE-2019-11794 + RESERVED +CVE-2019-11793 + RESERVED +CVE-2019-11792 + RESERVED +CVE-2019-11791 + RESERVED +CVE-2019-11790 + RESERVED +CVE-2019-11789 + RESERVED +CVE-2019-11788 + RESERVED +CVE-2019-11787 + RESERVED +CVE-2019-11786 + RESERVED +CVE-2019-11785 + RESERVED +CVE-2019-11784 + RESERVED +CVE-2019-11783 + RESERVED +CVE-2019-11782 + RESERVED +CVE-2019-11781 + RESERVED +CVE-2019-11780 + RESERVED +CVE-2019-11779 + RESERVED +CVE-2019-11778 + RESERVED +CVE-2019-11777 + RESERVED +CVE-2019-11776 + RESERVED +CVE-2019-11775 + RESERVED +CVE-2019-11774 + RESERVED +CVE-2019-11773 + RESERVED +CVE-2019-11772 + RESERVED +CVE-2019-11771 + RESERVED +CVE-2019-11770 + RESERVED +CVE-2019-11769 + RESERVED +CVE-2019-11768 + RESERVED CVE-2019-11767 (Server side request forgery (SSRF) in phpBB before 3.2.6 allows checki ...) - phpbb3 [jessie] - phpbb3 (Minor issue, solution/workaround is to disable the remote avatar function) @@ -2029,6 +2109,7 @@ CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside Se NOTE: https://github.com/matrixssl/matrixssl/issues/26 CVE-2019-10913 RESERVED + {DLA-1778-1} - symfony 3.4.22+dfsg-2 NOTE: https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides CVE-2019-10912 @@ -2038,18 +2119,21 @@ CVE-2019-10912 NOTE: https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized CVE-2019-10911 RESERVED + {DLA-1778-1} - drupal7 (Drupal 7 core not affected) - symfony 3.4.22+dfsg-2 NOTE: https://www.drupal.org/SA-CORE-2019-005 NOTE: https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash CVE-2019-10910 RESERVED + {DLA-1778-1} - drupal7 (Drupal 7 core not affected) - symfony 3.4.22+dfsg-2 NOTE: https://www.drupal.org/SA-CORE-2019-005 NOTE: https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid CVE-2019-10909 RESERVED + {DLA-1778-1} - drupal7 (Drupal 7 core not affected) - symfony 3.4.22+dfsg-2 NOTE: https://www.drupal.org/SA-CORE-2019-005 @@ -3635,8 +3719,8 @@ CVE-2019-1003041 (A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plu NOT-FOR-US: Jenkins plugin CVE-2019-1003040 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 ...) NOT-FOR-US: Jenkins plugin -CVE-2019-10249 - RESERVED +CVE-2019-10249 (All Xtext Xtend versions prior to 2.18.0 were built using HTTP i ...) + TODO: check CVE-2019-10248 (Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts fo ...) NOT-FOR-US: Eclipse Vorto CVE-2019-10247 (In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, ...) @@ -16305,16 +16389,16 @@ CVE-2019-5436 RESERVED CVE-2019-5435 RESERVED -CVE-2019-5434 - RESERVED -CVE-2019-5433 - RESERVED -CVE-2019-5432 - RESERVED -CVE-2019-5431 - RESERVED -CVE-2019-5430 - RESERVED +CVE-2019-5434 (An attacker could send a specifically crafted payload to the XML-RPC i ...) + TODO: check +CVE-2019-5433 (A user having access to the UI of a Revive Adserver instance could be ...) + TODO: check +CVE-2019-5432 (A specifically malformed MQTT Subscribe packet crashes MQTT Brokers us ...) + TODO: check +CVE-2019-5431 (This vulnerability was caused by an incomplete fix to CVE-2017-0911. T ...) + TODO: check +CVE-2019-5430 (In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, i ...) + TODO: check CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacke ...) - filezilla (low; bug #928282) [stretch] - filezilla (Minor issue) @@ -19507,6 +19591,7 @@ CVE-2019-3884 RESERVED NOT-FOR-US: atomic-openshift CVE-2019-3883 (In 389-ds-base up to version
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 75ae3b64 by Salvatore Bonaccorso at 2019-05-06T19:45:02Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20908,7 +20908,7 @@ CVE-2018-20582 CVE-2018-20581 RESERVED CVE-2018-20580 (The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 al ...) - TODO: check + NOT-FOR-US: SmartBear ReadyAPI CVE-2018-20579 (Contiki-NG before 4.2 has a stack-based buffer overflow in the push fu ...) NOT-FOR-US: Contiki-NG CVE-2018-20578 (An issue was discovered in NuttX before 7.27. The function netlib_pars ...) @@ -188439,7 +188439,7 @@ CVE-2015-1342 (LXCFS before 0.12 does not properly enforce directory escapes, wh - lxcfs (Fixed before initial upload to the archive) NOTE: https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1508481 CVE-2015-1341 (Any Python module in sys.path can be imported if the command line of t ...) - TODO: check + NOT-FOR-US: Apport CVE-2015-1340 (LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsa ...) - lxd (bug #768073) CVE-2015-1339 (Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75ae3b64108fa3dc6897ee66910efb6854d8dd87 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75ae3b64108fa3dc6897ee66910efb6854d8dd87 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-11690/u-boot
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bbfb33b2 by Salvatore Bonaccorso at 2019-05-06T19:27:55Z Add CVE-2019-11690/u-boot - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -157,7 +157,8 @@ CVE-2019-11692 CVE-2019-11691 RESERVED CVE-2019-11690 (gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 la ...) - TODO: check + - u-boot + NOTE: https://patchwork.ozlabs.org/patch/1092945 CVE-2019-11689 RESERVED CVE-2019-11688 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbfb33b2cf2f83bf712adf706f0ab631bf0f274e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbfb33b2cf2f83bf712adf706f0ab631bf0f274e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-10255 and CVE-2019-9644 in jupyter-notebook fixed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 52d396a1 by Salvatore Bonaccorso at 2019-05-06T19:19:50Z CVE-2019-10255 and CVE-2019-9644 in jupyter-notebook fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3599,7 +3599,7 @@ CVE-2019-10257 CVE-2019-10256 RESERVED CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter Notebook be ...) - - jupyter-notebook (bug #925939) + - jupyter-notebook 5.7.8-1 (bug #925939) NOTE: https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb NOTE: https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b NOTE: When adressing this issue make sure to not open CVE-2019-10856 and apply the @@ -5869,7 +5869,7 @@ CVE-2019-9645 CVE-2019-9646 (The Contact Form Email plugin before 1.2.66 for WordPress allows wp-ad ...) NOT-FOR-US: WordPress plugin contact-form-to-email CVE-2019-9644 (An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook befor ...) - - jupyter-notebook (bug #924515) + - jupyter-notebook 5.7.8-1 (bug #924515) NOTE: https://github.com/jupyter/notebook/commit/cfc335b76466ccf1538ce545b654b29b5ab0097c NOTE: https://github.com/jupyter/notebook/commit/b5105814fc41c6d789b317fa59f786bad7f9d798 NOTE: https://github.com/jupyter/notebook/commit/bfaa61385729ed4fb453863053f9a79141f01119 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/52d396a1b25a75816a4822c93c90c3ba6376d472 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/52d396a1b25a75816a4822c93c90c3ba6376d472 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-9215 and CVE-2019-7314 for liblivemedia fixed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f8ee2712 by Salvatore Bonaccorso at 2019-05-06T19:15:35Z CVE-2019-9215 and CVE-2019-7314 for liblivemedia fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6908,7 +6908,7 @@ CVE-2019-9216 CVE-2019-9215 (In Live555 before 2019.02.27, malformed headers lead to invalid memory ...) {DSA-4408-1 DLA-1720-1} [experimental] - liblivemedia 2019.02.27-1 - - liblivemedia (bug #924655) + - liblivemedia 2018.11.26-1.1 (bug #924655) NOTE: Reporter advisory and analysis: https://tools.cisco.com/security/center/viewAlert.x?alertId=59708 CVE-2019-9214 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector c ...) {DSA-4416-1} @@ -11647,7 +11647,7 @@ CVE-2019-7315 CVE-2019-7314 (liblivemedia in Live555 before 2019.02.03 mishandles the termination o ...) {DSA-4408-1 DLA-1690-1} [experimental] - liblivemedia 2019.02.03-1 - - liblivemedia (bug #924656) + - liblivemedia 2018.11.26-1.1 (bug #924656) NOTE: http://lists.live555.com/pipermail/live-devel/2019-February/021143.html CVE-2019-7313 (www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the ...) - buildbot 2.0.0-1 (bug #921271) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8ee271211f16f840b1edffcc767853f5f196b5e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8ee271211f16f840b1edffcc767853f5f196b5e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add one more CVE fixed with the libcaca upload
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 218bee9e by Salvatore Bonaccorso at 2019-05-06T18:58:15Z Add one more CVE fixed with the libcaca upload - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -59,6 +59,8 @@ CVE-2019-8905 [stretch] - file 1:5.30-1+deb9u3 CVE-2019-11627 [stretch] - signing-party 2.5-1+deb9u1 +CVE-2018-20544 + [stretch] - libcaca 0.99.beta19-2.1~deb9u1 CVE-2018-20545 [stretch] - libcaca 0.99.beta19-2.1~deb9u1 CVE-2018-20546 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/218bee9eb50b1a5909df2fc6b90a00d02f1f5976 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/218bee9eb50b1a5909df2fc6b90a00d02f1f5976 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1779-1 for 389-ds-base
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: 5d8411f9 by Mike Gabriel at 2019-05-06T18:12:54Z Reserve DLA-1779-1 for 389-ds-base - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[06 May 2019] DLA-1779-1 389-ds-base - security update + {CVE-2019-3883} + [jessie] - 389-ds-base 1.3.3.5-4+deb8u6 [06 May 2019] DLA-1778-1 symfony - security update {CVE-2019-10909 CVE-2019-10910 CVE-2019-10911 CVE-2019-10913} [jessie] - symfony 2.3.21+dfsg-4+deb8u5 = data/dla-needed.txt = @@ -9,8 +9,6 @@ To pick an issue, simply add your name behind it. To learn more about how this list is updated have a look at https://wiki.debian.org/LTS/Development#Triage_new_security_issues --- -389-ds-base (Mike Gabriel) -- atftp (Thorsten Alteholz) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d8411f9e4f1f4f8473c18d103a006b9edc009d9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d8411f9e4f1f4f8473c18d103a006b9edc009d9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] libcaca spu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3e9ca5af by Moritz Muehlenhoff at 2019-05-06T18:08:46Z libcaca spu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -59,3 +59,13 @@ CVE-2019-8905 [stretch] - file 1:5.30-1+deb9u3 CVE-2019-11627 [stretch] - signing-party 2.5-1+deb9u1 +CVE-2018-20545 + [stretch] - libcaca 0.99.beta19-2.1~deb9u1 +CVE-2018-20546 + [stretch] - libcaca 0.99.beta19-2.1~deb9u1 +CVE-2018-20547 + [stretch] - libcaca 0.99.beta19-2.1~deb9u1 +CVE-2018-20548 + [stretch] - libcaca 0.99.beta19-2.1~deb9u1 +CVE-2018-20549 + [stretch] - libcaca 0.99.beta19-2.1~deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3e9ca5af673848805456e042d0c7f87476a5fa08 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3e9ca5af673848805456e042d0c7f87476a5fa08 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] stretch triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f34b74da by Moritz Muehlenhoff at 2019-05-06T17:59:07Z stretch triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2174,10 +2174,11 @@ CVE-2019-10879 (In Teeworlds 0.7.2, there is an integer overflow in CDataFileRea NOTE: https://github.com/teeworlds/teeworlds/issues/2070 NOTE: https://github.com/teeworlds/teeworlds/commit/4d529dcd2d01022e979ebfa0b91167dee37cdb8e CVE-2019-10878 (In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader: ...) - - teeworlds 0.7.2-4 (bug #927152) + - teeworlds 0.7.2-5 (bug #927152) [jessie] - teeworlds (Not supported in jessie LTS) NOTE: https://github.com/teeworlds/teeworlds/issues/2073 NOTE: https://github.com/teeworlds/teeworlds/commit/e086f4b35b1adf7edc35b4ad332dc7ed1edc5988 + NOTE: https://github.com/teeworlds/teeworlds/commit/cc3d59ae706752956d6cb8acc4187c8398b61c5c CVE-2019-10877 (In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in en ...) - teeworlds 0.7.2-4 (bug #927152) [jessie] - teeworlds (Not supported in jessie LTS) @@ -16314,7 +16315,8 @@ CVE-2019-5431 CVE-2019-5430 RESERVED CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacke ...) - - filezilla (bug #928282) + - filezilla (low; bug #928282) + [stretch] - filezilla (Minor issue) NOTE: https://svn.filezilla-project.org/filezilla?revision=9097=revision NOTE: https://www.tenable.com/security/research/tra-2019-14 CVE-2019-5428 @@ -31354,6 +31356,7 @@ CVE-2019-0224 (In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL cou - jspwiki CVE-2019-0223 (While investigating bug PROTON-2014, we discovered that under some cir ...) - qpid-proton 0.22.0-1 + [stretch] - qpid-proton (Minor issue) NOTE: https://issues.apache.org/jira/browse/PROTON-2014 NOTE: https://qpid.apache.org/cves/CVE-2019-0223.html NOTE: https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=97c7733 @@ -31474,6 +31477,7 @@ CVE-2019-0188 RESERVED CVE-2019-0187 (Unauthenticated RCE is possible when JMeter is used in distributed mod ...) - jakarta-jmeter + [stretch] - jakarta-jmeter (Minor issue) [jessie] - jakarta-jmeter (Minor issue) NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62743 CVE-2019-0186 (The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 an ...) @@ -32142,6 +32146,7 @@ CVE-2018-19106 (Avi Vantage before 17.2.13 uses an invalid URL encoding during a CVE-2018-19105 (LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0 ...) {DLA-1776-1} - librecad (bug #928477) + [stretch] - librecad (Minor issue) NOTE: https://code610.blogspot.com/2018/11/crashing-librecad-213.html NOTE: https://github.com/LibreCAD/LibreCAD/issues/1038 NOTE: Fixed by https://github.com/LibreCAD/LibreCAD/commit/6da7cc5f7f31afb008f03dbd11e07207ccd82085 @@ -37060,8 +37065,10 @@ CVE-2018-17203 REJECTED CVE-2018-17202 RESERVED + NOTE: Apache Commons Imaging CVE-2018-17201 RESERVED + NOTE: Apache Commons Imaging CVE-2018-17200 RESERVED CVE-2018-17199 (In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f34b74dab39049f2430ec605536cd54982d4eba4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f34b74dab39049f2430ec605536cd54982d4eba4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: add and claim firefox-esr
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: b05a4261 by Sylvain Beucler at 2019-05-06T17:46:32Z dla: add and claim firefox-esr - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -32,6 +32,8 @@ faad2 (Hugo Lefeuvre) -- filezilla (Markus Koschany) -- +firefox-esr (Sylvain Beucler) +-- ghostscript (Roberto C. Sánchez) -- gradle View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b05a426188c0027803e8e4c6e129dd05a34e5949 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b05a426188c0027803e8e4c6e129dd05a34e5949 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1778-1 for symfony
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: db3f9cc6 by Jonas Meurer at 2019-05-06T17:08:24Z Reserve DLA-1778-1 for symfony - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[06 May 2019] DLA-1778-1 symfony - security update + {CVE-2019-10909 CVE-2019-10910 CVE-2019-10911 CVE-2019-10913} + [jessie] - symfony 2.3.21+dfsg-4+deb8u5 [06 May 2019] DLA-1777-1 jquery - security update {CVE-2019-11358} [jessie] - jquery 1.7.2+dfsg-3.2+deb8u6 = data/dla-needed.txt = @@ -122,8 +122,6 @@ sox NOTE: 20190416: CVE-2019-835{4,5,6,7} no upstream patch yet, might take some time. NOTE: Check again later. - hle -- -symfony (Jonas Meurer) --- wireshark -- wordpress View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/db3f9cc6dcfe92bd1dee7d0518b4280aa50f732c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/db3f9cc6dcfe92bd1dee7d0518b4280aa50f732c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-10912 as not-affected in Jessie
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: a0d22f48 by Jonas Meurer at 2019-05-06T13:58:14Z Mark CVE-2019-10912 as not-affected in Jessie - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2033,6 +2033,7 @@ CVE-2019-10913 CVE-2019-10912 RESERVED - symfony 3.4.22+dfsg-2 + [jessie] - symfony (vulnerable code is not present) NOTE: https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized CVE-2019-10911 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0d22f483b7957cce4aeccc77fd2ec1bd3a4a118 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0d22f483b7957cce4aeccc77fd2ec1bd3a4a118 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2019-11498 as not-affected in Jessie
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 6e08b252 by Thorsten Alteholz at 2019-05-06T12:23:57Z mark CVE-2019-11498 as not-affected in Jessie - - - - - b8f065f6 by Thorsten Alteholz at 2019-05-06T12:23:57Z not upload needed for wavpack - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -644,6 +644,7 @@ CVE-2019-11499 [Submission-login crashes when authentication is started over TLS CVE-2019-11498 (WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack t ...) - wavpack 5.1.0-6 (low; bug #927903) [stretch] - wavpack (Minor issue) + [jessie] - wavpack (Vulnerable code not present, introduced in 5.0.0) NOTE: https://github.com/dbry/WavPack/issues/67 NOTE: https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4 CVE-2019-11497 = data/dla-needed.txt = @@ -124,8 +124,6 @@ sox -- symfony (Jonas Meurer) -- -wavpack (Thorsten Alteholz) --- wireshark -- wordpress View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/3f15f9a4a3eaecf6decc04db78af0167c1f9fa94...b8f065f6796d6fb42e2f7a11608c7d917d47991b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/3f15f9a4a3eaecf6decc04db78af0167c1f9fa94...b8f065f6796d6fb42e2f7a11608c7d917d47991b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Sync fixed version for some CVEs for src:linux with kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 128b5963 by Salvatore Bonaccorso at 2019-05-06T11:37:51Z Sync fixed version for some CVEs for src:linux with kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -393,7 +393,7 @@ CVE-2019-11627 (gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains [stretch] - signing-party (Will be fixed via point release) NOTE: https://salsa.debian.org/signing-party-team/signing-party/commit/cd69b6c0426a6160ef3de03fce9c7f112166d5a8 CVE-2019-11599 (The coredump implementation in the Linux kernel before 5.0.10 does not ...) - - linux + - linux 4.19.37-1 NOTE: https://marc.info/?l=linux-mm=155355419911404=2 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1790 CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in ...) @@ -671,11 +671,11 @@ CVE-2019-11489 (Incorrect Access Control in the Administrative Management Interf CVE-2019-11488 (Incorrect Access Control in the Account Access / Password Reset Link i ...) NOT-FOR-US: SimplyBook.me Enterprise CVE-2019-11487 (The Linux kernel before 5.1-rc5 allows page-_refcount reference co ...) - - linux + - linux 4.19.37-1 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1752 NOTE: https://lwn.net/Articles/786044/ CVE-2019-11486 (The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in t ...) - - linux + - linux 4.19.37-1 NOTE: https://git.kernel.org/linus/c7084edc3f6d67750f50d4183134c4fb5712a5c8 NOTE: Upstream commits marks driver as BROKEN and can be considered fixed starting NOTE: from versions including this commit (or backport) or versions which disable @@ -3914,7 +3914,7 @@ CVE-2019-10126 CVE-2017-18364 (phpFK lite has XSS via the faq.php, members.php, or search.php query s ...) NOT-FOR-US: phpFK CVE-2019-10125 (An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel ...) - - linux + - linux 4.19.37-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://patchwork.kernel.org/patch/10828359/ @@ -5258,7 +5258,7 @@ CVE-2019-9848 CVE-2019-9847 RESERVED CVE-2019-9857 (In the Linux kernel through 5.0.2, the function inotify_update_existin ...) - - linux + - linux 4.19.37-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/62c9d2674b31d4c8a674bee86b7edc6da2803aea @@ -19474,7 +19474,7 @@ CVE-2019-3889 CVE-2019-3888 RESERVED CVE-2019-3887 (A flaw was found in the way KVM hypervisor handled x2APIC Machine Spec ...) - - linux + - linux 4.19.37-1 [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: Fixed by: https://git.kernel.org/linus/acff78477b9b4f26ecdf65733a4ed77fe837e9dc @@ -19509,7 +19509,7 @@ CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by wor NOTE: https://pagure.io/389-ds-base/c/fcf2b5ddb (389-ds-base-1.4.0) NOTE: https://pagure.io/389-ds-base/c/dd4b69b55 (389-ds-base-1.3.9) CVE-2019-3882 (A flaw was found in the Linux kernel's vfio interface implementation t ...) - - linux + - linux 4.19.37-1 NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/1 NOTE: https://lore.kernel.org/lkml/155414977872.12780.13728555131525362206.st...@gimli.home/T/#u NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1689426 @@ -20677,13 +20677,13 @@ CVE-2019-3461 (Debian tmpreaper version 1.6.13+nmu1 has a race condition when do - tmpreaper 1.6.14 (bug #918956) CVE-2019-3460 (A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_ ...) {DLA-1771-1} - - linux + - linux 4.19.37-1 [stretch] - linux 4.9.168-1 NOTE: https://lore.kernel.org/linux-bluetooth/20190110062917.gb15...@kroah.com/ NOTE: https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0 CVE-2019-3459 (A heap address information leak while using L2CAP_GET_CONF_OPT was dis ...) {DLA-1771-1} - - linux + - linux 4.19.37-1 [stretch] - linux 4.9.168-1 NOTE: https://lore.kernel.org/linux-bluetooth/20190110062833.ga15...@kroah.com/ NOTE: https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69 @@ -47959,11 +47959,11 @@ CVE-2018-12932 (PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attack NOTE: https://source.winehq.org/git/wine.git/commit/8d2676fd14f130f9e8f06744743423168bf8d18d NOTE:
[Git][security-tracker-team/security-tracker][master] gitlab issues fixed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e694f82 by Salvatore Bonaccorso at 2019-05-06T10:48:16Z gitlab issues fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -513,19 +513,19 @@ CVE-2019-11550 RESERVED CVE-2019-11549 [Improper Sanitation of Credentials in Gitaly] RESERVED - - gitlab (bug #928221) + - gitlab 11.8.9+dfsg-1 (bug #928221) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ CVE-2019-11548 [Unauthorized Comments on Confidential Issues] RESERVED - - gitlab (bug #928221) + - gitlab 11.8.9+dfsg-1 (bug #928221) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ CVE-2019-11547 [Unsanitized Branch Names on New Merge Request Notification Emails] RESERVED - - gitlab (bug #928221) + - gitlab 11.8.9+dfsg-1 (bug #928221) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ CVE-2019-11546 [Merge Request Approval Count Inflation] RESERVED - - gitlab (bug #928221) + - gitlab 11.8.9+dfsg-1 (bug #928221) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ CVE-2019-11545 [Moving an Issue to Private Repo Leaks Project Namespace] RESERVED @@ -533,7 +533,7 @@ CVE-2019-11545 [Moving an Issue to Private Repo Leaks Project Namespace] NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ CVE-2019-11544 [Notification Emails Sent to Restricted Users] RESERVED - - gitlab (bug #928221) + - gitlab 11.8.9+dfsg-1 (bug #928221) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ CVE-2019-11543 (XSS exists in the admin web console in Pulse Secure Pulse Connect Secu ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0e694f820ccfde605da3f3dce51bd15e79d93cbc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0e694f820ccfde605da3f3dce51bd15e79d93cbc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-0226/apache-karaf
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e91af891 by Salvatore Bonaccorso at 2019-05-06T08:18:32Z Add CVE-2019-0226/apache-karaf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31345,6 +31345,7 @@ CVE-2019-0227 (A Server Side Request Forgery (SSRF) vulnerability affected the A NOTE: https://github.com/apache/axis1-java/commit/35511b872a6460129cfc0cd35baaccbd820977b5 CVE-2019-0226 RESERVED + - apache-karaf (bug #881297) CVE-2019-0225 (A specially crafted url could be used to access files under the ROOT d ...) - jspwiki CVE-2019-0224 (In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could ex ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e91af89196933394200ee86807442ae3b27a755e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e91af89196933394200ee86807442ae3b27a755e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d4734e2 by security tracker role at 2019-05-06T08:10:12Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1199,7 +1199,7 @@ CVE-2019-11269 CVE-2019-11268 RESERVED CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other produc ...) - {DSA-4434-1} + {DSA-4434-1 DLA-1777-1} - drupal7 (bug #927330) - jquery 3.3.1~dfsg-2 (bug #927385) [stretch] - jquery 3.1.1-2+deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d4734e2213a2a74aa9ef298b17ee258b801183e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d4734e2213a2a74aa9ef298b17ee258b801183e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1777-1 for jquery
Brian May pushed to branch master at Debian Security Tracker / security-tracker Commits: 1a725576 by Brian May at 2019-05-06T07:13:35Z Reserve DLA-1777-1 for jquery - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[06 May 2019] DLA-1777-1 jquery - security update + {CVE-2019-11358} + [jessie] - jquery 1.7.2+dfsg-3.2+deb8u6 [05 May 2019] DLA-1776-1 librecad - security update {CVE-2018-19105} [jessie] - librecad 2.0.4-1+deb8u1 = data/dla-needed.txt = @@ -54,9 +54,6 @@ imagemagick (Hugo Lefeuvre) NOTE: Stretch. (apo) NOTE: 20190408: Still waiting on security team response to inquiries from (apo) and (roberto) -- -jquery (Brian May) - NOTE: 20190425: probably embedded versions need to be checked as well --- jruby -- kdepim View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1a7255768546c44390734a30966a745a254a7256 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1a7255768546c44390734a30966a745a254a7256 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits