[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-15531/libextractor
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 49c421b9 by Salvatore Bonaccorso at 2019-08-23T21:20:32Z Add Debian bug reference for CVE-2019-15531/libextractor - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,7 +11,7 @@ CVE-2019-15533 CVE-2019-15532 RESERVED CVE-2019-15531 (GNU Libextractor through 1.9 has a heap-based buffer over-read in the ...) - - libextractor + - libextractor (bug #935553) NOTE: https://bugs.gnunet.org/view.php?id=5846 NOTE: https://git.gnunet.org/libextractor.git/commit/?id=d2b032452241708bee68d02aa02092cfbfba951a CVE-2019-15530 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/49c421b9095cfb43bc47dd85a8172ea707ebfa56 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/49c421b9095cfb43bc47dd85a8172ea707ebfa56 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Replace some redirected commit references for libextractor
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
076782cd by Salvatore Bonaccorso at 2019-08-23T20:56:07Z
Replace some redirected commit references for libextractor
The https://gnunet.org/git/libextractor.git/commit/?id=$commit URLs now
redirect to https://git.gnunet.org/libextractor.git/commit/?id=$commit,
thus in case they were dropped in future reference the current location.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -34086,12 +34086,12 @@ CVE-2018-20431 (GNU Libextractor through 1.8 has a
NULL Pointer Dereference vuln
{DSA-4361-1 DLA-1616-1}
- libextractor 1:1.8-2 (bug #917213)
NOTE: https://gnunet.org/bugs/view.php?id=5494
- NOTE:
https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7
+ NOTE:
https://git.gnunet.org/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7
CVE-2018-20430 (GNU Libextractor through 1.8 has an out-of-bounds read
vulnerability i ...)
{DSA-4361-1 DLA-1616-1}
- libextractor 1:1.8-2 (bug #917214)
NOTE: https://gnunet.org/bugs/view.php?id=5493
- NOTE:
https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110
+ NOTE:
https://git.gnunet.org/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110
CVE-2018-20429 (libming 0.4.8 has a NULL pointer dereference in the getName
function o ...)
- ming
NOTE: https://github.com/libming/libming/issues/160
@@ -52000,7 +52000,7 @@ CVE-2018-16430 (GNU Libextractor through 1.7 has an
out-of-bounds read vulnerabi
{DSA-4290-1 DLA-1501-1}
- libextractor 1:1.7-1 (bug #907987)
NOTE: https://gnunet.org/bugs/view.php?id=5405
- NOTE:
https://gnunet.org/git/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7
+ NOTE:
https://git.gnunet.org/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7
CVE-2018-16429 (GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in
g_markup_ ...)
{DLA-1866-1}
- glib2.0 2.58.0-1 (low)
@@ -57525,12 +57525,12 @@ CVE-2018-14347 (GNU Libextractor before 1.7 contains
an infinite loop vulnerabil
- libextractor 1:1.7-1 (bug #904905)
NOTE:
http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg0.html
NOTE: https://gnunet.org/bugs/view.php?id=5399
- NOTE:
https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394
+ NOTE:
https://git.gnunet.org/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394
CVE-2018-14346 (GNU Libextractor before 1.7 has a stack-based buffer overflow
in ec_re ...)
{DSA-4290-1 DLA-1478-1}
- libextractor 1:1.7-1 (bug #904903)
NOTE:
http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg1.html
- NOTE:
https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e
+ NOTE:
https://git.gnunet.org/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e
CVE-2018-14345 (An issue was discovered in SDDM through 0.17.0. If configured
with Reu ...)
- sddm 0.18.0-1
[stretch] - sddm (Re-use session feature introduced in
0.16.0)
@@ -94500,7 +94500,7 @@ CVE-2017-17440 (GNU Libextractor 1.6 allows remote
attackers to cause a denial o
[stretch] - libextractor 1:1.3-4+deb9u1
[jessie] - libextractor 1:1.3-2+deb8u1
[wheezy] - libextractor (Minor issue)
- NOTE: Fixed by:
https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e
+ NOTE: Fixed by:
https://git.gnunet.org/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e
CVE-2017-17439 (In Heimdal through 7.4, remote unauthenticated attackers are
able to c ...)
{DSA-4055-1}
- heimdal 7.5.0+dfsg-1 (bug #878144)
@@ -101965,7 +101965,7 @@ CVE-2017-15922 (In GNU Libextractor 1.4, there is an
out-of-bounds read in the E
[stretch] - libextractor 1:1.3-4+deb9u1
[jessie] - libextractor 1:1.3-2+deb8u1
NOTE:
http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg8.html
- NOTE: Fixed by:
https://gnunet.org/git/libextractor.git/commit/?id=d4d488b0e5ab13dda241d688d87a07816368f117
+ NOTE: Fixed by:
https://git.gnunet.org/libextractor.git/commit/?id=d4d488b0e5ab13dda241d688d87a07816368f117
CVE-2017-15921 (In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro
2.74.186 ...)
NOT-FOR-US: Watchdog Anti-Malware
CVE-2017-15920 (In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro
2.74.186 ...)
@@ -102760,14 +102760,14 @@ CVE-2017-15602 (In GNU Libextractor 1.4, there is
an integer signedness error fo
[stretch] - libextractor 1:1.3-4+deb9u1
[jessie] -
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-15531/libextractor
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 484f9eca by Salvatore Bonaccorso at 2019-08-23T20:52:54Z Add CVE-2019-15531/libextractor - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,7 +11,9 @@ CVE-2019-15533 CVE-2019-15532 RESERVED CVE-2019-15531 (GNU Libextractor through 1.9 has a heap-based buffer over-read in the ...) - TODO: check + - libextractor + NOTE: https://bugs.gnunet.org/view.php?id=5846 + NOTE: https://git.gnunet.org/libextractor.git/commit/?id=d2b032452241708bee68d02aa02092cfbfba951a CVE-2019-15530 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...) NOT-FOR-US: D-Link CVE-2019-15529 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/484f9eca502a7b2f374c072f9dd04e54be025111 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/484f9eca502a7b2f374c072f9dd04e54be025111 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] add nghttp2
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 3260a4c1 by Thorsten Alteholz at 2019-08-23T20:41:38Z add nghttp2 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -85,6 +85,8 @@ linux-4.9 (Ben Hutchings) -- mongodb (Abhijith PA) -- +nghttp2 +-- python2.7 (Thorsten Alteholz) NOTE: 20190818: need to check fails with test suite unrelated to this patch; building package takes a long time -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3260a4c15aa603ab214d619333e3d3b8b18f6b38 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3260a4c15aa603ab214d619333e3d3b8b18f6b38 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d4e50f6a by Salvatore Bonaccorso at 2019-08-23T20:47:23Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2019-15537 (The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL I ...) TODO: check CVE-2019-15536 (The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injec ...) - TODO: check + NOT-FOR-US: Acclaim block plugin for Moodle CVE-2019-15535 (Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. ...) TODO: check CVE-2019-15534 @@ -13,15 +13,15 @@ CVE-2019-15532 CVE-2019-15531 (GNU Libextractor through 1.9 has a heap-based buffer over-read in the ...) TODO: check CVE-2019-15530 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...) - TODO: check + NOT-FOR-US: D-Link CVE-2019-15529 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...) - TODO: check + NOT-FOR-US: D-Link CVE-2019-15528 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...) - TODO: check + NOT-FOR-US: D-Link CVE-2019-15527 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...) - TODO: check + NOT-FOR-US: D-Link CVE-2019-15526 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...) - TODO: check + NOT-FOR-US: D-Link CVE-2019-15525 (There is Missing SSL Certificate Validation in the pw3270 terminal emu ...) TODO: check CVE-2019-15524 @@ -47,7 +47,7 @@ CVE-2019-15515 CVE-2019-15514 (The Privacy Phone Number feature in the Telegram app 5.10 for And ...) TODO: check CVE-2019-15513 (An issue was discovered in OpenWrt libuci (aka Library for the Unified ...) - TODO: check + NOT-FOR-US: OpenWrt libuci CVE-2019-15512 RESERVED CVE-2019-15511 @@ -77,7 +77,7 @@ CVE-2019-15500 CVE-2019-15499 (CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element wi ...) TODO: check CVE-2019-15498 (cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows rem ...) - TODO: check + NOT-FOR-US: Vera Edge Home Controller CVE-2019-15497 RESERVED CVE-2019-15496 @@ -85,21 +85,21 @@ CVE-2019-15496 CVE-2019-15495 RESERVED CVE-2019-15494 (openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. ...) - TODO: check + NOT-FOR-US: openITCOCKPIT CVE-2019-15493 (openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21 ...) - TODO: check + NOT-FOR-US: openITCOCKPIT CVE-2019-15492 (openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. ...) - TODO: check + NOT-FOR-US: openITCOCKPIT CVE-2019-15491 (openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. ...) - TODO: check + NOT-FOR-US: openITCOCKPIT CVE-2019-15490 (openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. ...) - TODO: check + NOT-FOR-US: openITCOCKPIT CVE-2019-15489 RESERVED CVE-2019-15488 (Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP se ...) TODO: check CVE-2019-15487 (DfE School Experience before v16333-GA has XSS via a teacher training ...) - TODO: check + NOT-FOR-US: DfE School Experience CVE-2019-15486 (django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_ ...) TODO: check CVE-2019-15485 (Bolt before 3.6.10 has XSS via createFolder or createFile in Controlle ...) @@ -423,7 +423,7 @@ CVE-2019-15327 (The import-users-from-csv-with-meta plugin before 1.14.1.3 for W CVE-2019-15326 (The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPre ...) NOT-FOR-US: import-users-from-csv-with-meta plugin for WordPress CVE-2019-15325 (In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/1 ...) - TODO: check + NOT-FOR-US: GalliumOS CVE-2018-20988 (The wpgform plugin before 0.94 for WordPress has eval injection in the ...) NOT-FOR-US: wpgform plugin for WordPress CVE-2018-20987 (The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP objec ...) @@ -1597,7 +1597,7 @@ CVE-2019-15001 CVE-2019-15000 RESERVED CVE-2019-14999 (The Uninstall REST endpoint in Atlassian Universal Plugin Manager befo ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2019-14998 RESERVED CVE-2019-14997 @@ -7103,7 +7103,7 @@ CVE-2019-13423 (Search Guard Kibana Plugin versions before 5.6.8-7 and before 6. CVE-2019-13422 (Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 ...) TODO: check CVE-2019-13421 (Search Guard versions before 23.1 had an issue that an administrative ...) - TODO: check + NOT-FOR-US: Search Guard
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1895-1 for libmspack
Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
205800cf by Thorsten Alteholz at 2019-08-23T20:36:17Z
Reserve DLA-1895-1 for libmspack
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[23 Aug 2019] DLA-1895-1 libmspack - security update
+ {CVE-2019-1010305}
+ [jessie] - libmspack 0.5-1+deb8u4
[23 Aug 2019] DLA-1894-1 libapache2-mod-auth-openidc - security update
{CVE-2019-1010247}
[jessie] - libapache2-mod-auth-openidc 1.6.0-1+deb8u1
=
data/dla-needed.txt
=
@@ -70,8 +70,6 @@ libmatio (Adrian Bunk)
NOTE: 20190428: older changes seem to also be required for them
NOTE: 20190818: work is ongoing
--
-libmspack (Thorsten Alteholz)
---
libqb
NOTE: 20190616: Upstream patch does not apply at all, but it appears that
NOTE: 20190616: package is still vulnerable in ipc_posix_mq.c etc. or
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/205800cf659fc70ba30a62e2babc05c1de61d2aa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/205800cf659fc70ba30a62e2babc05c1de61d2aa
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1894-1 for libapache2-mod-auth-openidc
Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ae37d377 by Thorsten Alteholz at 2019-08-23T20:32:07Z
Reserve DLA-1894-1 for libapache2-mod-auth-openidc
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[23 Aug 2019] DLA-1894-1 libapache2-mod-auth-openidc - security update
+ {CVE-2019-1010247}
+ [jessie] - libapache2-mod-auth-openidc 1.6.0-1+deb8u1
[22 Aug 2019] DLA-1893-1 cups - security update
{CVE-2019-8675 CVE-2019-8696}
[jessie] - cups 1.7.5-11+deb8u5
=
data/dla-needed.txt
=
@@ -49,8 +49,6 @@ hdf5 (Hugo Lefeuvre)
--
icedtea-web
--
-libapache2-mod-auth-openidc (Thorsten Alteholz)
---
libav
NOTE: 20190529: There are currently 19 CVE issues known for libav in jessie,
NOTE: 20190529: 11 tagged as . These issues have been triaged, no
patch
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ae37d3775471ad927a5032b363236e22db821502
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ae37d3775471ad927a5032b363236e22db821502
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-12400
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7b08b6e6 by Salvatore Bonaccorso at 2019-08-23T20:19:24Z Add Debian bug reference for CVE-2019-12400 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9843,7 +9843,7 @@ CVE-2019-12401 RESERVED CVE-2019-12400 [Apache Santuario potentially loads XML parsing code from an untrusted source] RESERVED - - libxml-security-java + - libxml-security-java (bug #935548) [stretch] - libxml-security-java (Vulnerable code introduced in 2.0.3) NOTE: http://santuario.apache.org/secadv.data/CVE-2019-12400.asc CVE-2019-12399 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b08b6e6bfada439c2a8b56aab912c4f740efcf1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b08b6e6bfada439c2a8b56aab912c4f740efcf1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ffd4ddfc by Salvatore Bonaccorso at 2019-08-23T20:17:34Z Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11784,7 +11784,7 @@ CVE-2019-11656 CVE-2019-11655 RESERVED CVE-2019-11654 (Path traversal vulnerability in Micro Focus Verastream Host Integrator ...) - TODO: check + NOT-FOR-US: Micro Focus CVE-2019-11653 (Remote Access Control Bypass in Micro Focus Content Manager. versions ...) NOT-FOR-US: Micro Focus CVE-2019-11652 (A potential authorization bypass issue was found in Micro Focus Self S ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ffd4ddfc6606f37a16c9302a9bc0c1b1e805a9a9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ffd4ddfc6606f37a16c9302a9bc0c1b1e805a9a9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-12400/libxml-security-java as not affected for stretch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dca7e090 by Salvatore Bonaccorso at 2019-08-23T20:12:29Z Mark CVE-2019-12400/libxml-security-java as not affected for stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9844,6 +9844,7 @@ CVE-2019-12401 CVE-2019-12400 [Apache Santuario potentially loads XML parsing code from an untrusted source] RESERVED - libxml-security-java + [stretch] - libxml-security-java (Vulnerable code introduced in 2.0.3) NOTE: http://santuario.apache.org/secadv.data/CVE-2019-12400.asc CVE-2019-12399 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dca7e09000cf0e38cfd4cfed71cd80047670faa5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dca7e09000cf0e38cfd4cfed71cd80047670faa5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 22ab7cee by security tracker role at 2019-08-23T20:10:20Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,51 @@ +CVE-2019-15537 (The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL I ...) + TODO: check +CVE-2019-15536 (The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injec ...) + TODO: check +CVE-2019-15535 (Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. ...) + TODO: check +CVE-2019-15534 + RESERVED +CVE-2019-15533 + RESERVED +CVE-2019-15532 + RESERVED +CVE-2019-15531 (GNU Libextractor through 1.9 has a heap-based buffer over-read in the ...) + TODO: check +CVE-2019-15530 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...) + TODO: check +CVE-2019-15529 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...) + TODO: check +CVE-2019-15528 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...) + TODO: check +CVE-2019-15527 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...) + TODO: check +CVE-2019-15526 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...) + TODO: check +CVE-2019-15525 (There is Missing SSL Certificate Validation in the pw3270 terminal emu ...) + TODO: check +CVE-2019-15524 + RESERVED +CVE-2019-15523 + RESERVED +CVE-2019-15522 + RESERVED +CVE-2019-15521 + RESERVED +CVE-2019-15520 (comelz Quark before 2019-03-26 allows directory traversal to locations ...) + TODO: check +CVE-2019-15519 (Power-Response before 2019-02-02 allows directory traversal (up to the ...) + TODO: check +CVE-2019-15518 (Swoole before 4.2.13 allows directory traversal in swPort_http_static_ ...) + TODO: check +CVE-2019-15517 (jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory trav ...) + TODO: check +CVE-2019-15516 (Cuberite before 2019-06-11 allows webadmin directory traversal via ... ...) + TODO: check +CVE-2019-15515 + RESERVED +CVE-2019-15514 (The Privacy Phone Number feature in the Telegram app 5.10 for And ...) + TODO: check CVE-2019-15513 (An issue was discovered in OpenWrt libuci (aka Library for the Unified ...) TODO: check CVE-2019-15512 @@ -36,44 +84,44 @@ CVE-2019-15496 RESERVED CVE-2019-15495 RESERVED -CVE-2019-15494 - RESERVED -CVE-2019-15493 - RESERVED -CVE-2019-15492 - RESERVED -CVE-2019-15491 - RESERVED -CVE-2019-15490 - RESERVED +CVE-2019-15494 (openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. ...) + TODO: check +CVE-2019-15493 (openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21 ...) + TODO: check +CVE-2019-15492 (openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. ...) + TODO: check +CVE-2019-15491 (openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. ...) + TODO: check +CVE-2019-15490 (openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. ...) + TODO: check CVE-2019-15489 RESERVED -CVE-2019-15488 - RESERVED -CVE-2019-15487 - RESERVED -CVE-2019-15486 - RESERVED -CVE-2019-15485 - RESERVED -CVE-2019-15484 - RESERVED -CVE-2019-15483 - RESERVED -CVE-2019-15482 - RESERVED -CVE-2019-15481 - RESERVED -CVE-2019-15480 - RESERVED +CVE-2019-15488 (Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP se ...) + TODO: check +CVE-2019-15487 (DfE School Experience before v16333-GA has XSS via a teacher training ...) + TODO: check +CVE-2019-15486 (django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_ ...) + TODO: check +CVE-2019-15485 (Bolt before 3.6.10 has XSS via createFolder or createFile in Controlle ...) + TODO: check +CVE-2019-15484 (Bolt before 3.6.10 has XSS via an image's alt or title field. ...) + TODO: check +CVE-2019-15483 (Bolt before 3.6.10 has XSS via a title that is mishandled in the syste ...) + TODO: check +CVE-2019-15482 (selectize-plugin-a11y before 1.1.0 has XSS via the msg field. ...) + TODO: check +CVE-2019-15481 (Kimai v2 before 1.1 has XSS via a timesheet description. ...) + TODO: check +CVE-2019-15480 (Domoticz 4.10717 has XSS via item.Name. ...) + TODO: check CVE-2019-15479 RESERVED CVE-2019-15478 RESERVED -CVE-2019-15477 - RESERVED -CVE-2019-15476 - RESERVED +CVE-2019-15477 (Jooby before 1.6.4 has XSS via the default error handler. ...) + TODO: check +CVE-2019-15476 (Former before 4.2.1 has XSS via a checkbox value. ...) + TODO: check CVE-2019-15475 RESERVED
[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2019-10071 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3d92fa45 by Salvatore Bonaccorso at 2019-08-23T20:10:44Z Add CVE-2019-10071 as NFU - - - - - 3ce77802 by Salvatore Bonaccorso at 2019-08-23T20:10:45Z Add CVE-2019-12400/libxml-security-java - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9841,8 +9841,10 @@ CVE-2019-12402 RESERVED CVE-2019-12401 RESERVED -CVE-2019-12400 +CVE-2019-12400 [Apache Santuario potentially loads XML parsing code from an untrusted source] RESERVED + - libxml-security-java + NOTE: http://santuario.apache.org/secadv.data/CVE-2019-12400.asc CVE-2019-12399 RESERVED CVE-2019-12398 @@ -16001,6 +16003,7 @@ CVE-2019-10072 (The fix for CVE-2019-0199 was incomplete and did not address HTT NOTE: https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E CVE-2019-10071 RESERVED + NOT-FOR-US: Apache Tapestry CVE-2019-10070 RESERVED CVE-2019-10069 (In Godot through 3.1, remote code execution is possible due to the des ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/22ab7cee1d7e13ebb140755f9f149283cf97...3ce7780200e9797abd0aad6261ee1d41699d3ef3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/22ab7cee1d7e13ebb140755f9f149283cf97...3ce7780200e9797abd0aad6261ee1d41699d3ef3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add nghttp2 to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9d88f217 by Salvatore Bonaccorso at 2019-08-23T19:51:55Z Add nghttp2 to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -38,6 +38,9 @@ linux (carnil) -- mercurial/oldstable -- +nghttp2 + Maintainer proposing debdiff, needs review and ack +-- nodejs -- nss (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d88f2172f29a66dc2b6346ddcb0743961d89b5f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d88f2172f29a66dc2b6346ddcb0743961d89b5f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process several NFUs for WordPress plugins
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3eff7f3f by Salvatore Bonaccorso at 2019-08-23T19:48:07Z Process several NFUs for WordPress plugins - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -367,13 +367,13 @@ CVE-2019-15331 (The wp-support-plus-responsive-ticket-system plugin before 9.1.2 CVE-2019-15330 (The webp-express plugin before 0.14.11 for WordPress has insufficient ...) NOT-FOR-US: webp-express plugin for WordPress CVE-2019-15329 (The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPre ...) - TODO: check + NOT-FOR-US: import-users-from-csv-with-meta plugin for WordPress CVE-2019-15328 (The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPre ...) - TODO: check + NOT-FOR-US: import-users-from-csv-with-meta plugin for WordPress CVE-2019-15327 (The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPre ...) - TODO: check + NOT-FOR-US: import-users-from-csv-with-meta plugin for WordPress CVE-2019-15326 (The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPre ...) - TODO: check + NOT-FOR-US: import-users-from-csv-with-meta plugin for WordPress CVE-2019-15325 (In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/1 ...) TODO: check CVE-2018-20988 (The wpgform plugin before 0.94 for WordPress has eval injection in the ...) @@ -395,7 +395,7 @@ CVE-2015-9338 (The wp-file-upload plugin before 2.5.0 for WordPress has insuffic CVE-2014-10394 (The rich-counter plugin before 1.2.0 for WordPress has JavaScript inje ...) NOT-FOR-US: rich-counter plugin for WordPress CVE-2014-10393 (The cforms2 plugin before 10.5 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: cforms2 plugin for WordPress CVE-2014-10392 (The cforms2 plugin before 10.2 for WordPress has XSS. ...) NOT-FOR-US: cforms2 plugin for WordPress CVE-2014-10391 (The wp-support-plus-responsive-ticket-system plugin before 4.1 for Wor ...) @@ -431,7 +431,7 @@ CVE-2019-15316 (Valve Steam Client for Windows through 2019-08-20 has weak folde CVE-2019-15315 (Valve Steam Client for Windows through 2019-08-16 allows privilege esc ...) NOT-FOR-US: Valve Steam Client for Windows CVE-2018-20986 (The advanced-custom-fields plugin before 5.7.8 for WordPress has XSS b ...) - TODO: check + NOT-FOR-US: advanced-custom-fields plugin for WordPress CVE-2018-20985 (The wp-payeezy-pay plugin before 2.98 for WordPress has local file inc ...) NOT-FOR-US: wp-payeezy-pay plugin for WordPress CVE-2018-20984 (The patreon-connect plugin before 1.2.2 for WordPress has Object Injec ...) @@ -447,7 +447,7 @@ CVE-2018-20980 (The ninja-forms plugin before 3.2.15 for WordPress has parameter CVE-2018-20979 (The contact-form-7 plugin before 5.0.4 for WordPress has privilege esc ...) NOT-FOR-US: contact-form-7 plugin for WordPress CVE-2017-18585 (The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts t ...) - TODO: check + NOT-FOR-US: posts-in-page plugin for WordPress CVE-2017-18584 (The post-pay-counter plugin before 2.731 for WordPress has no permissi ...) NOT-FOR-US: post-pay-counter plugin for WordPress CVE-2017-18583 (The post-pay-counter plugin before 2.731 for WordPress has PHP Object ...) @@ -459,9 +459,9 @@ CVE-2017-18581 (The time-sheets plugin before 1.5.0 for WordPress has XSS via th CVE-2017-18580 (The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote c ...) NOT-FOR-US: shortcodes-ultimate plugin for WordPress CVE-2017-18579 (The corner-ad plugin before 1.0.8 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: corner-ad plugin for WordPress CVE-2017-18578 (The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: crafty-social-buttons plugin for WordPress CVE-2017-18577 (The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the ...) NOT-FOR-US: mailchimp-for-wp plugin for WordPress CVE-2017-18576 (The event-notifier plugin before 1.2.1 for WordPress has XSS via the l ...) @@ -479,9 +479,9 @@ CVE-2017-18571 (The search-everything plugin before 8.1.7 for WordPress has SQL CVE-2017-18570 (The cforms2 plugin before 14.13 for WordPress has SQL injection in the ...) NOT-FOR-US: cforms2 plugin for WordPress CVE-2016-10929 (The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no ...) - TODO: check + NOT-FOR-US: advanced-ajax-page-loader plugin for WordPress CVE-2016-10928 (The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcode ...) - TODO: check + NOT-FOR-US: onelogin-saml-sso plugin for WordPress CVE-2016-10927 (The nelio-ab-testing plugin before 4.5.11
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-15504/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cf5442c1 by Salvatore Bonaccorso at 2019-08-23T19:45:36Z Add CVE-2019-15504/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,7 +17,7 @@ CVE-2019-15506 CVE-2019-15505 (drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through ...) - linux CVE-2019-15504 (drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2 ...) - TODO: check + - linux CVE-2019-15503 RESERVED CVE-2019-15502 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf5442c1babb465e6641d586118b0bf2e8a3690c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf5442c1babb465e6641d586118b0bf2e8a3690c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-15505/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ca975277 by Salvatore Bonaccorso at 2019-08-23T19:44:54Z Add CVE-2019-15505/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15,7 +15,7 @@ CVE-2019-15507 (In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web requ CVE-2019-15506 RESERVED CVE-2019-15505 (drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through ...) - TODO: check + - linux CVE-2019-15504 (drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2 ...) TODO: check CVE-2019-15503 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ca9752776b69ea546dddccd877124ca93ab60bc1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ca9752776b69ea546dddccd877124ca93ab60bc1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] add packages
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: aeca24cd by Thorsten Alteholz at 2019-08-23T19:12:42Z add packages - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -49,6 +49,8 @@ hdf5 (Hugo Lefeuvre) -- icedtea-web -- +libapache2-mod-auth-openidc (Thorsten Alteholz) +-- libav NOTE: 20190529: There are currently 19 CVE issues known for libav in jessie, NOTE: 20190529: 11 tagged as . These issues have been triaged, no patch @@ -70,6 +72,8 @@ libmatio (Adrian Bunk) NOTE: 20190428: older changes seem to also be required for them NOTE: 20190818: work is ongoing -- +libmspack (Thorsten Alteholz) +-- libqb NOTE: 20190616: Upstream patch does not apply at all, but it appears that NOTE: 20190616: package is still vulnerable in ipc_posix_mq.c etc. or View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aeca24cd9ff246df00722462f6cd522d02c32f21 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aeca24cd9ff246df00722462f6cd522d02c32f21 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Correct ordering
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 91a2836c by Chris Lamb at 2019-08-23T12:52:06Z data/dla-needed.txt: Correct ordering - - - - - f35cf4fa by Chris Lamb at 2019-08-23T12:54:06Z data/dla-needed.txt: Claim commons-beanutils. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -24,12 +24,12 @@ clamav (Hugo Lefeuvre) NOTE: 20190822: upstream has released 0.101.4, wait for stretch update (see bug NOTE: report) (hle) -- -commons-beanutils --- -dnsmasq (Mike Gabriel) +commons-beanutils (Chris Lamb) -- djvulibre (Thorsten Alteholz) -- +dnsmasq (Mike Gabriel) +-- faad2 (Hugo Lefeuvre) NOTE: 20190823: Last PR pending review: https://github.com/knik0/faad2/pull/38 NOTE: Upload with last batch of patches will happen soon. @@ -120,12 +120,12 @@ slurm-llnl (Abhijith PA) subversion (Roberto C. Sánchez) NOTE: 20190804: For (at least) CVE-2018-11782 the svn_err_trace that is in the diff has not been added yet. (lamby) -- +tiff (Thorsten Alteholz) +-- tika (Hugo Lefeuvre) NOTE: 20190823: found commit links and reproducers. NOTE: currently having difficulties to reproduce issues. Asked maintainer for help (c.f. debian-lts ML) -- -tiff (Thorsten Alteholz) --- wordpress NOTE: 20190614: No upstream fix yet. (apo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/112970dd727ac552ddacf036f5a3567103633f7b...f35cf4fa52f91de2726626a9ebe37f3f7654f960 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/112970dd727ac552ddacf036f5a3567103633f7b...f35cf4fa52f91de2726626a9ebe37f3f7654f960 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla-needed: update faad2, tika and xymon notes
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker Commits: 112970dd by Hugo Lefeuvre at 2019-08-23T12:49:41Z dla-needed: update faad2, tika and xymon notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -31,10 +31,8 @@ dnsmasq (Mike Gabriel) djvulibre (Thorsten Alteholz) -- faad2 (Hugo Lefeuvre) - NOTE: 20190820: Last PR pending review: https://github.com/knik0/faad2/pull/38 - NOTE: Upload with recent patches will happen soon. - NOTE: Still many open duplicates, currently triaging. - NOTE: Requested CVE number for temporary entry. (hpe) + NOTE: 20190823: Last PR pending review: https://github.com/knik0/faad2/pull/38 + NOTE: Upload with last batch of patches will happen soon. -- freeimage NOTE: Maintainer will take care of the update. @@ -123,7 +121,7 @@ subversion (Roberto C. Sánchez) NOTE: 20190804: For (at least) CVE-2018-11782 the svn_err_trace that is in the diff has not been added yet. (lamby) -- tika (Hugo Lefeuvre) - NOTE: 20190813: found commit links and reproducers. + NOTE: 20190823: found commit links and reproducers. NOTE: currently having difficulties to reproduce issues. Asked maintainer for help (c.f. debian-lts ML) -- tiff (Thorsten Alteholz) @@ -138,4 +136,5 @@ xtrlock (Chris Lamb) NOTE: 20190822: WIP on #830726 (lamby) -- xymon (Hugo Lefeuvre) + NOTE: 20190823: 4.3.29 introduced regressions, wait for 4.3.30. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/112970dd727ac552ddacf036f5a3567103633f7b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/112970dd727ac552ddacf036f5a3567103633f7b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2019-14751 as no-dsa for Jessie
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: d88c7168 by Thorsten Alteholz at 2019-08-23T11:13:35Z mark CVE-2019-14751 as no-dsa for Jessie - - - - - bbd80e0e by Thorsten Alteholz at 2019-08-23T11:45:07Z add common-beanutils - - - - - 55851d1e by Thorsten Alteholz at 2019-08-23T11:46:06Z add icedtea-web - - - - - 0c9c524d by Thorsten Alteholz at 2019-08-23T11:56:13Z add libcrypto++ - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -2233,6 +2233,7 @@ CVE-2019-14752 RESERVED CVE-2019-14751 (NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, a ...) - nltk (bug #935201) + [jessie] - nltk (Minor issue; user has to configure a compromised server) NOTE: https://salvatoresecurity.com/zip-slip-in-nltk-cve-2019-14751/ NOTE: https://github.com/nltk/nltk/commit/f59d7ed8df2e0e957f7f247fe218032abdbe9a10 CVE-2019-14750 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...) = data/dla-needed.txt = @@ -24,6 +24,8 @@ clamav (Hugo Lefeuvre) NOTE: 20190822: upstream has released 0.101.4, wait for stretch update (see bug NOTE: report) (hle) -- +commons-beanutils +-- dnsmasq (Mike Gabriel) -- djvulibre (Thorsten Alteholz) @@ -47,6 +49,8 @@ hdf5 (Hugo Lefeuvre) NOTE: wait for the next HDF5 point release and either do full package upgrade NOTE: or cherry pick fixes (hle) -- +icedtea-web +-- libav NOTE: 20190529: There are currently 19 CVE issues known for libav in jessie, NOTE: 20190529: 11 tagged as . These issues have been triaged, no patch @@ -54,6 +58,8 @@ libav NOTE: 20190529: out patches yourself. NOTE: 20190731: New CVEs occurred, need to be triaged. -- +libcrypto++ +-- libmatio (Adrian Bunk) NOTE: fairly high number of open issues. Not sure why we never had a look at them. NOTE: triage work needed, help security team for fixes if needed. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e8e4c7f3b207eadb5204aa3324ee019b036c16c0...0c9c524d171da74eef4f92e12429009a7ae4cdc1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e8e4c7f3b207eadb5204aa3324ee019b036c16c0...0c9c524d171da74eef4f92e12429009a7ae4cdc1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e8e4c7f3 by security tracker role at 2019-08-23T08:10:13Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,17 +1,381 @@ -CVE-2019-15331 (The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for W ...) - NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress -CVE-2019-15330 (The webp-express plugin before 0.14.11 for WordPress has insufficient ...) - NOT-FOR-US: webp-express plugin for WordPress -CVE-2019-15329 +CVE-2019-15513 (An issue was discovered in OpenWrt libuci (aka Library for the Unified ...) + TODO: check +CVE-2019-15512 + RESERVED +CVE-2019-15511 + RESERVED +CVE-2019-15510 + RESERVED +CVE-2019-15509 + RESERVED +CVE-2019-15508 (In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy ...) + TODO: check +CVE-2019-15507 (In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request pr ...) + TODO: check +CVE-2019-15506 + RESERVED +CVE-2019-15505 (drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through ...) + TODO: check +CVE-2019-15504 (drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2 ...) + TODO: check +CVE-2019-15503 + RESERVED +CVE-2019-15502 + RESERVED +CVE-2019-15501 + RESERVED +CVE-2019-15500 + RESERVED +CVE-2019-15499 (CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element wi ...) + TODO: check +CVE-2019-15498 (cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows rem ...) + TODO: check +CVE-2019-15497 + RESERVED +CVE-2019-15496 + RESERVED +CVE-2019-15495 + RESERVED +CVE-2019-15494 + RESERVED +CVE-2019-15493 + RESERVED +CVE-2019-15492 + RESERVED +CVE-2019-15491 + RESERVED +CVE-2019-15490 + RESERVED +CVE-2019-15489 + RESERVED +CVE-2019-15488 + RESERVED +CVE-2019-15487 + RESERVED +CVE-2019-15486 + RESERVED +CVE-2019-15485 + RESERVED +CVE-2019-15484 + RESERVED +CVE-2019-15483 + RESERVED +CVE-2019-15482 + RESERVED +CVE-2019-15481 + RESERVED +CVE-2019-15480 + RESERVED +CVE-2019-15479 + RESERVED +CVE-2019-15478 + RESERVED +CVE-2019-15477 + RESERVED +CVE-2019-15476 + RESERVED +CVE-2019-15475 + RESERVED +CVE-2019-15474 + RESERVED +CVE-2019-15473 + RESERVED +CVE-2019-15472 + RESERVED +CVE-2019-15471 + RESERVED +CVE-2019-15470 + RESERVED +CVE-2019-15469 + RESERVED +CVE-2019-15468 + RESERVED +CVE-2019-15467 + RESERVED +CVE-2019-15466 + RESERVED +CVE-2019-15465 + RESERVED +CVE-2019-15464 + RESERVED +CVE-2019-15463 + RESERVED +CVE-2019-15462 + RESERVED +CVE-2019-15461 + RESERVED +CVE-2019-15460 + RESERVED +CVE-2019-15459 + RESERVED +CVE-2019-15458 + RESERVED +CVE-2019-15457 + RESERVED +CVE-2019-15456 + RESERVED +CVE-2019-15455 + RESERVED +CVE-2019-15454 + RESERVED +CVE-2019-15453 + RESERVED +CVE-2019-15452 + RESERVED +CVE-2019-15451 + RESERVED +CVE-2019-15450 + RESERVED +CVE-2019-15449 + RESERVED +CVE-2019-15448 + RESERVED +CVE-2019-15447 + RESERVED +CVE-2019-15446 + RESERVED +CVE-2019-15445 + RESERVED +CVE-2019-15444 + RESERVED +CVE-2019-15443 + RESERVED +CVE-2019-15442 + RESERVED +CVE-2019-15441 + RESERVED +CVE-2019-15440 + RESERVED +CVE-2019-15439 + RESERVED +CVE-2019-15438 + RESERVED +CVE-2019-15437 + RESERVED +CVE-2019-15436 + RESERVED +CVE-2019-15435 + RESERVED +CVE-2019-15434 + RESERVED +CVE-2019-15433 + RESERVED +CVE-2019-15432 + RESERVED +CVE-2019-15431 + RESERVED +CVE-2019-15430 + RESERVED +CVE-2019-15429 + RESERVED +CVE-2019-15428 + RESERVED +CVE-2019-15427 + RESERVED +CVE-2019-15426 + RESERVED +CVE-2019-15425 + RESERVED +CVE-2019-15424 + RESERVED +CVE-2019-15423 + RESERVED +CVE-2019-15422 + RESERVED +CVE-2019-15421 + RESERVED +CVE-2019-15420 + RESERVED +CVE-2019-15419 + RESERVED +CVE-2019-15418 + RESERVED +CVE-2019-15417 + RESERVED +CVE-2019-15416 + RESERVED +CVE-2019-15415 + RESERVED +CVE-2019-15414 + RESERVED +CVE-2019-15413 + RESERVED +CVE-2019-15412 + RESERVED +CVE-2019-15411 RESERVED -CVE-2019-15328 +CVE-2019-15410 RESERVED -CVE-2019-15327 +CVE-2019-15409 RESERVED -CVE-2019-15326 +CVE-2019-15408 RESERVED -CVE-2019-15325 +CVE-2019-15407 RESERVED +CVE-2019-15406 + RESERVED +CVE-2019-15405 + RESERVED +CVE-2019-15404 + RESERVED +CVE-2019-15403 + RESERVED +CVE-2019-15402
