[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-1923{2,4}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cf453284 by Salvatore Bonaccorso at 2019-12-23T06:59:14Z
Add Debian bug reference for CVE-2019-1923{2,4}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -6246,14 +6246,14 @@ CVE-2019-19236
CVE-2019-19235 (AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows
10 note ...)
NOT-FOR-US: ASUS
CVE-2019-19234 (In Sudo through 1.8.29, the fact that a user has been blocked
(e.g., b ...)
- - sudo
+ - sudo (bug #947225)
[buster] - sudo (Minor issue)
[stretch] - sudo (Minor issue)
NOTE: https://www.sudo.ws/devel.html#1.8.30b2
CVE-2019-19233
RESERVED
CVE-2019-19232 (In Sudo through 1.8.29, an attacker with access to a Runas ALL
sudoer ...)
- - sudo
+ - sudo (bug #947225)
[buster] - sudo (Minor issue)
[stretch] - sudo (Minor issue)
NOTE: https://www.sudo.ws/devel.html#1.8.30b2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf453284c01bb5ff617b153dc0623b019bfb2ea5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf453284c01bb5ff617b153dc0623b019bfb2ea5
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Several tightvnc issues fixed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7990e1f2 by Salvatore Bonaccorso at 2019-12-23T06:05:24Z
Several tightvnc issues fixed in unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -18783,7 +18783,7 @@ CVE-2019-15681 (LibVNC commit before
d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a co
[stretch] - libvncserver (Minor issue)
- italc
[stretch] - italc (Minor issue)
- - tightvnc
+ - tightvnc 1:1.3.9-9.1
[buster] - tightvnc (Minor issue)
[stretch] - tightvnc (Minor issue)
- vino (bug #945784)
@@ -18792,20 +18792,20 @@ CVE-2019-15681 (LibVNC commit before
d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a co
NOTE:
https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a
CVE-2019-15680 (TightVNC code version 1.3.10 contains null pointer dereference
in Hand ...)
{DLA-2045-1}
- - tightvnc (unimportant; bug #945364)
+ - tightvnc 1:1.3.9-9.1 (unimportant; bug #945364)
- italc (unimportant)
- libvncserver (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
NOTE:
https://github.com/sunweaver/libvncserver/commit/85d00057b5daf71675462c9b175d8cb2d47cd0e1
CVE-2019-15679 (TightVNC code version 1.3.10 contains heap buffer overflow in
Initiali ...)
{DLA-2045-1}
- - tightvnc (bug #945364)
+ - tightvnc 1:1.3.9-9.1 (bug #945364)
NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
NOTE:
https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7
NOTE: part of CVE-2018-20748/libvncserver
CVE-2019-15678 (TightVNC code version 1.3.10 contains heap buffer overflow in
rfbServe ...)
{DLA-2045-1}
- - tightvnc (bug #945364)
+ - tightvnc 1:1.3.9-9.1 (bug #945364)
NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
NOTE:
https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
NOTE: part of CVE-2018-20748/libvnvserver
@@ -42259,7 +42259,7 @@ CVE-2019-8288 (Vulnerability in Online Store v1.0,
Stored XSS in user_view.php w
NOT-FOR-US: Online Store System
CVE-2019-8287 (TightVNC code version 1.3.10 contains global buffer overflow in
Handle ...)
{DLA-2045-1}
- - tightvnc (bug #945364)
+ - tightvnc 1:1.3.9-9.1 (bug #945364)
NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
NOTE: same as CVE-2018-20020/libvncserver
CVE-2019-8286 (Information Disclosure in Kaspersky Anti-Virus, Kaspersky
Internet Sec ...)
@@ -59241,7 +59241,7 @@ CVE-2018-20022 (LibVNC before
2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains
- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
- italc
- ssvnc 1.0.29-5 (bug #945827)
- - tightvnc
+ - tightvnc 1:1.3.9-9.1
- veyon 4.1.4+repack1-1
NOTE: https://github.com/LibVNC/libvncserver/issues/252
NOTE:
https://github.com/LibVNC/libvncserver/commit/2f5b2ad1c6c99b1ac6482c95844a84d66bb52838
@@ -59251,7 +59251,7 @@ CVE-2018-20021 (LibVNC before commit
c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c co
- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
- italc
- ssvnc 1.0.29-5 (bug #945827)
- - tightvnc
+ - tightvnc 1:1.3.9-9.1
- veyon 4.1.4+repack1-1
NOTE: https://github.com/LibVNC/libvncserver/issues/251
NOTE:
https://github.com/LibVNC/libvncserver/commit/c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c
@@ -97832,7 +97832,7 @@ CVE-2018-7225 (An issue was discovered in LibVNCServer
through 0.9.11. rfbProces
{DSA-4221-1 DLA-2045-1 DLA-2014-1 DLA-1979-1 DLA-1332-1}
- libvncserver 0.9.11+dfsg-1.1 (bug #894045)
- italc
- - tightvnc
+ - tightvnc 1:1.3.9-9.1
- vino (bug #945784)
NOTE: https://github.com/LibVNC/libvncserver/issues/218
NOTE:
https://github.com/LibVNC/libvncserver/commit/b0c77391e6bd0a2305bbc9b37a2499af74ddd9ee
@@ -235762,7 +235762,7 @@ CVE-2014-6053 (The rfbProcessClientNormalMessage
function in libvncserver/rfbser
{DSA-3081-1 DLA-2045-1 DLA-2014-1 DLA-1979-1 DLA-197-1}
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
- italc 1:3.0.1+dfsg1-1
- - tightvnc
+ - tightvnc 1:1.3.9-9.1
- vino (bug #945784)
NOTE:
https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
CVE-2014-6052 (The HandleRFBServerMessage function in libvncclient/rfbproto.c
in LibV ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7990e1f212b6b15e09d66daa6f6598b3e072b3a9
--
View it on GitLab:
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19791/lemonldap-ng
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: abf1dbd0 by Salvatore Bonaccorso at 2019-12-23T05:48:55Z Add CVE-2019-19791/lemonldap-ng - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -969,8 +969,13 @@ CVE-2019-19793 (In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 o NOT-FOR-US: Cyxtera AppGate SDP Client CVE-2019-19792 RESERVED -CVE-2019-19791 +CVE-2019-19791 [Apache access rules and SOAP/REST endpoints issue] RESERVED + - lemonldap-ng + [buster] - lemonldap-ng (Minor issue) + [stretch] - lemonldap-ng (Minor issue) + NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1943 + NOTE: https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-0-7-is-out/ CVE-2019-19790 (Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a rem ...) NOT-FOR-US: Telerik UI for ASP.NET AJAX CVE-2019-19789 (3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Tool ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/abf1dbd0fedf6dda04a0c742f67835210b1c689d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/abf1dbd0fedf6dda04a0c742f67835210b1c689d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-16787 confirmed REJECTED and remote notes
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7f3c52c6 by Salvatore Bonaccorso at 2019-12-23T05:19:22Z CVE-2019-16787 confirmed REJECTED and remote notes Should be in MITRE feed in one of the next updates accordingly. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -110,10 +110,8 @@ CVE-2019-19906 (cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write le - cyrus-sasl2 (bug #947043) NOTE: https://github.com/cyrusimap/cyrus-sasl/issues/587 NOTE: https://www.openldap.org/its/index.cgi/Incoming?id=9123 -CVE-2019-16787 (In NatHack between 3.6.0 and 3.6.3, a buffer overflow issue exists whe ...) - NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-3cm7-rgh5-9pq5 - NOTE: Duplicate of CVE-2019-19905 - TODO: wait for MITRE CNA on feedback +CVE-2019-16787 + REJECTED CVE-2019-19905 (NetHack before 3.6.4 is prone to a buffer overflow vulnerability when ...) - nethack (low; bug #947005) [buster] - nethack (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f3c52c6e1a8419d26a039e0fac45da6a669bbf6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f3c52c6e1a8419d26a039e0fac45da6a669bbf6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: still ongoing
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: 81bc7576 by Adrian Bunk at 2019-12-22T23:03:11Z dla: still ongoing - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -56,7 +56,7 @@ libmatio (Adrian Bunk) NOTE: 20190428: is likely vulnerable NOTE: 20190428: some CVE testcases still fail after applying the fix, NOTE: 20190428: older changes seem to also be required for them - NOTE: 20191208: work is ongoing + NOTE: 20191223: work is ongoing -- linux (Ben Hutchings) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/81bc757680c2a23663a26517e1200a45c5761e8b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/81bc757680c2a23663a26517e1200a45c5761e8b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a3ab39f by Thorsten Alteholz at 2019-12-22T22:35:06Z update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -77,7 +77,7 @@ nethack (Abhijith PA) NOTE: 20191220: E.g. fixes in proc_wizkit_line() need to go into read_wizkit(), etc. (sunweaver) -- opendmarc (Thorsten Alteholz) - NOTE: 20191208: still testing package, original patch does not seem to be enough, still ongoing + NOTE: 20191222: still testing package, original patch does not seem to be enough, still ongoing -- otrs2 (Abhijith PA) NOTE: otrs2 is in jessie/main so it should be taken care off View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a3ab39f7ca1c3a4333b117c151b366cd7b854c6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a3ab39f7ca1c3a4333b117c151b366cd7b854c6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2047-1 for cups
Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bf16b932 by Thorsten Alteholz at 2019-12-22T22:20:18Z
Reserve DLA-2047-1 for cups
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[22 Dec 2019] DLA-2047-1 cups - security update
+ {CVE-2019-2228}
+ [jessie] - cups 1.7.5-11+deb8u7
[22 Dec 2019] DLA-2038-2 x2goclient - regression update
[jessie] - x2goclient 4.0.3.1-4+deb8u1
[22 Dec 2019] DLA-2046-1 opensc - security update
=
data/dla-needed.txt
=
@@ -22,8 +22,6 @@ apache-log4j1.2 (Chris Lamb)
clamav (Hugo Lefeuvre)
NOTE: 20191216: waiting for 0.102.1 to enter stretch/buster.
--
-cups (Thorsten Alteholz)
---
git (Roberto C. Sánchez)
--
ibus (Emilio)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf16b93267df263eb8fc7a35c6c042694f6587d6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf16b93267df263eb8fc7a35c6c042694f6587d6
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed fixed for npm via buster-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8d4352bd by Salvatore Bonaccorso at 2019-12-22T21:51:30Z Track proposed fixed for npm via buster-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -51,6 +51,12 @@ CVE-2019-3866 [buster] - python-mistral-lib 1.0.0-1+deb10u1 CVE-2019-5429 [buster] - filezilla 3.39.0-2+deb10u1 +CVE-2019-16775 + [buster] - npm 5.8.0+ds6-4+deb10u1 +CVE-2019-16776 + [buster] - npm 5.8.0+ds6-4+deb10u1 +CVE-2019-16777 + [buster] - npm 5.8.0+ds6-4+deb10u1 CVE-2019-14814 [buster] - linux 4.19.87-1 CVE-2019-14815 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d4352bda5127d2aa6b059a4fb77b0b4796f73fd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d4352bda5127d2aa6b059a4fb77b0b4796f73fd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19922/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 08ec72f4 by Salvatore Bonaccorso at 2019-12-22T20:32:36Z Add CVE-2019-19922/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,6 @@ CVE-2019-19922 (kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quo ...) - TODO: check + - linux 5.3.9-1 + NOTE: https://git.kernel.org/linus/de53fd7aedb100f03e5d2231cfce0e4993282425 CVE-2019-19921 RESERVED CVE-2019-19919 (Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Poll ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/08ec72f4548f6e724c781bf802fd250b6a45ffd3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/08ec72f4548f6e724c781bf802fd250b6a45ffd3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Sync pending CVEs for src:linux via buster-pu with kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 20cbc7ae by Salvatore Bonaccorso at 2019-12-22T20:29:40Z Sync pending CVEs for src:linux via buster-pu with kernel-sec - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -139,6 +139,8 @@ CVE-2019-19534 [buster] - linux 4.19.87-1 CVE-2019-19537 [buster] - linux 4.19.87-1 +CVE-2019-19922 + [buster] - linux 4.19.87-1 CVE-2019-19060 [buster] - linux 4.19.87-1 CVE-2019-19075 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/20cbc7aec8cc2f9d99a0213370a0f80d44e779ee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/20cbc7aec8cc2f9d99a0213370a0f80d44e779ee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d23dfd81 by security tracker role at 2019-12-22T20:10:21Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2019-19922 (kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quo ...) + TODO: check +CVE-2019-19921 + RESERVED CVE-2019-19919 (Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Poll ...) - node-handlebars NOTE: https://www.npmjs.com/advisories/1164 @@ -85087,7 +85091,7 @@ CVE-2018-1000183 (A exposure of sensitive information vulnerability exists in Je NOT-FOR-US: Jenkins plugin CVE-2018-1000182 (A server-side request forgery vulnerability exists in Jenkins Git Plug ...) NOT-FOR-US: Jenkins plugin -CVE-2019-19920 +CVE-2019-19920 (sa-exim 4.2.1 allows attackers to execute arbitrary code if they can w ...) - sa-exim (bug #947198) [buster] - sa-exim (Minor issue; can be fixed via point release) [stretch] - sa-exim (Minor issue; can be fixed via point release) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d23dfd81b523f72e040d58f89939cfbaa141dc74 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d23dfd81b523f72e040d58f89939cfbaa141dc74 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Clarify that sa-exim issues are documented in README.greylisting.gz
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
55c1e2f8 by Salvatore Bonaccorso at 2019-12-22T20:07:11Z
Clarify that sa-exim issues are documented in README.greylisting.gz
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -85096,7 +85096,8 @@ CVE-2019-19920
NOTE: https://marc.info/?l=spamassassin-users=157668305026635=2
NOTE: The issue is "effectively" mitigating due to the CVE-2018-11805
fix in
NOTE: spamassassin, making the Greylisting.pm non-functional (and so a
functional
- NOTE: regression as well as tracked in #946829)
+ NOTE: regression as well as tracked in #946829). The security
implications are
+ NOTE: as well documented in /usr/share/doc/sa-exim/README.greylisting.gz
CVE-2018-11805 (In Apache SpamAssassin before 3.4.3, nefarious CF files can be
configu ...)
{DSA-4584-1 DLA-2037-1}
- spamassassin 3.4.3~rc6-1 (bug #946652)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/55c1e2f83e5b1702a8adbdcf80a495b44ddd897f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/55c1e2f83e5b1702a8adbdcf80a495b44ddd897f
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2019-19920/sa-exim
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
28d182f6 by Salvatore Bonaccorso at 2019-12-22T19:41:27Z
Add CVE-2019-19920/sa-exim
- - - - -
a0978ba4 by Salvatore Bonaccorso at 2019-12-22T19:47:23Z
Add Debian bug reference for CVE-2019-19920/sa-exim
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -85087,6 +85087,16 @@ CVE-2018-1000183 (A exposure of sensitive information
vulnerability exists in Je
NOT-FOR-US: Jenkins plugin
CVE-2018-1000182 (A server-side request forgery vulnerability exists in
Jenkins Git Plug ...)
NOT-FOR-US: Jenkins plugin
+CVE-2019-19920
+ - sa-exim (bug #947198)
+ [buster] - sa-exim (Minor issue; can be fixed via point
release)
+ [stretch] - sa-exim (Minor issue; can be fixed via point
release)
+ NOTE: https://bugs.debian.org/946829#24
+ NOTE: https://marc.info/?l=spamassassin-users=157668107325768=2
+ NOTE: https://marc.info/?l=spamassassin-users=157668305026635=2
+ NOTE: The issue is "effectively" mitigating due to the CVE-2018-11805
fix in
+ NOTE: spamassassin, making the Greylisting.pm non-functional (and so a
functional
+ NOTE: regression as well as tracked in #946829)
CVE-2018-11805 (In Apache SpamAssassin before 3.4.3, nefarious CF files can be
configu ...)
{DSA-4584-1 DLA-2037-1}
- spamassassin 3.4.3~rc6-1 (bug #946652)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/608c1e324e9949553b9d6ef57302fbbc89b21b4b...a0978ba4edfea846f64a7182e7149ec26a84b508
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/608c1e324e9949553b9d6ef57302fbbc89b21b4b...a0978ba4edfea846f64a7182e7149ec26a84b508
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-14870/heimdal
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 071a9dd4 by Salvatore Bonaccorso at 2019-12-22T13:59:18Z Add fixed version for CVE-2019-14870/heimdal - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21378,7 +21378,7 @@ CVE-2019-14870 (All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 an [buster] - samba (Minor issue) [stretch] - samba (Minor issue) [jessie] - samba (Minor issue) - - heimdal (bug #946786) + - heimdal 7.7.0+dfsg-1 (bug #946786) [buster] - heimdal (Minor issue) [stretch] - heimdal (Minor issue) [jessie] - heimdal (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/071a9dd4df78b7794ca75e53b21c7461839f5b34 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/071a9dd4df78b7794ca75e53b21c7461839f5b34 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim apache-log4j1.2 with the intention to investigate EOLing it.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 6d93d77c by Chris Lamb at 2019-12-22T13:15:25Z data/dla-needed.txt: Claim apache-log4j1.2 with the intention to investigate EOLing it. (Avoiding potential for duplicate work) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -15,7 +15,7 @@ ansible NOTE: CVE-2019-14846 should be an easy fix. NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly. (utkarsh2102) -- -apache-log4j1.2 +apache-log4j1.2 (Chris Lamb) NOTE: 20191221: Someone with more Java knowledge, please consider eol'ing this package NOTE: 20191221: as recommended for oldstable by the secteam. (sunweaver) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d93d77c1317621c4d77689e0070bc651c68744a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d93d77c1317621c4d77689e0070bc651c68744a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-1923{2,4}/sudo
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
df0ba219 by Salvatore Bonaccorso at 2019-12-22T10:47:31Z
Add CVE-2019-1923{2,4}/sudo
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -6238,11 +6238,17 @@ CVE-2019-19236
CVE-2019-19235 (AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows
10 note ...)
NOT-FOR-US: ASUS
CVE-2019-19234 (In Sudo through 1.8.29, the fact that a user has been blocked
(e.g., b ...)
- TODO: check
+ - sudo
+ [buster] - sudo (Minor issue)
+ [stretch] - sudo (Minor issue)
+ NOTE: https://www.sudo.ws/devel.html#1.8.30b2
CVE-2019-19233
RESERVED
CVE-2019-19232 (In Sudo through 1.8.29, an attacker with access to a Runas ALL
sudoer ...)
- TODO: check
+ - sudo
+ [buster] - sudo (Minor issue)
+ [stretch] - sudo (Minor issue)
+ NOTE: https://www.sudo.ws/devel.html#1.8.30b2
CVE-2019-19231 (An insecure file access vulnerability exists in CA Client
Automation 1 ...)
NOT-FOR-US: CA Client Automation
CVE-2019-19230 (An unsafe deserialization vulnerability exists in CA Release
Automatio ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/df0ba219fcc09d0aebeaff29bec6e8c417f44e83
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/df0ba219fcc09d0aebeaff29bec6e8c417f44e83
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-19630/htmldoc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d463cb32 by Salvatore Bonaccorso at 2019-12-22T10:34:35Z
Add fixed version for CVE-2019-19630/htmldoc
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -3600,7 +3600,7 @@ CVE-2019-19631
RESERVED
CVE-2019-19630 (HTMLDOC 1.9.7 allows a stack-based buffer overflow in the
hd_strlcpy() ...)
{DLA-2026-1}
- - htmldoc (low)
+ - htmldoc 1.9.7-1 (low)
[buster] - htmldoc (Minor issue)
[stretch] - htmldoc (Minor issue)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/370
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d463cb32dc7d456b43b064292aec4980926e3c2d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d463cb32dc7d456b43b064292aec4980926e3c2d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
