[Git][security-tracker-team/security-tracker][master] Add CVE-2019-14864/ansible
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d1633a52 by Salvatore Bonaccorso at 2019-12-31T07:10:27Z Add CVE-2019-14864/ansible - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24439,7 +24439,7 @@ CVE-2019-14865 (A flaw was found in the grub2-set-bootflag utility of grub2. A l NOTE: Red Hat-specific patch, get added as 0131-Add-grub-set-bootflag-utility.patch in their SRPM CVE-2019-14864 RESERVED - - ansible (low; bug #943768) + - ansible 2.9.2+dfsg-1 (low; bug #943768) [buster] - ansible (Minor issue) [stretch] - ansible (Minor issue) NOTE: https://github.com/ansible/ansible/issues/63522 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d1633a52d85f6a2541a0cf78e8bbfb990d577386 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d1633a52d85f6a2541a0cf78e8bbfb990d577386 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update tracking for CVE-2019-17534/vips
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fc7a59e0 by Salvatore Bonaccorso at 2019-12-31T06:44:05Z Update tracking for CVE-2019-17534/vips Further investigation shows that actually no released version was ever affected by the issue. The too early fetching of map was introduced in a refactoring in a development version, and just noticed by the oss-fuzzer, which got fixed the day after. Thus the initial triage of the affectness was wrong, because in those version for which #942254 was filled, there was not a problem with fetching the map too early. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16673,10 +16673,10 @@ CVE-2019-17536 (Gila CMS through 1.11.4 allows Unrestricted Upload of a File wit CVE-2019-17535 (Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blo ...) NOT-FOR-US: Gila CMS CVE-2019-17534 (vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips befor ...) - - vips 8.8.3-1 (bug #942254) - [jessie] - vips (vulnerable code was introduced later) + - vips (Vulnerable code never in a released version) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16796 - NOTE: https://github.com/libvips/libvips/commit/ce684dd008532ea0bf9d4a1d89bacb35f4a83f4d + NOTE: Introduced by: https://github.com/libvips/libvips/commit/https://github.com/libvips/libvips/commit/25e457736173369dcb0f7c09d07af68aedbdc175 + NOTE: Fixed by: https://github.com/libvips/libvips/commit/ce684dd008532ea0bf9d4a1d89bacb35f4a83f4d CVE-2019-17533 (Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' ch ...) - libmatio (bug #942255) [buster] - libmatio (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc7a59e0f61423b33b93b846c958c0ae87b9c203 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc7a59e0f61423b33b93b846c958c0ae87b9c203 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2052-1 for libbsd
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: afb9c2f6 by Thorsten Alteholz at 2019-12-30T22:35:45Z Reserve DLA-2052-1 for libbsd - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[30 Dec 2019] DLA-2052-1 libbsd - security update + {CVE-2016-2090} + [jessie] - libbsd 0.7.0-2+deb8u1 [30 Dec 2019] DLA-2051-1 intel-microcode - security update {CVE-2019-11135 CVE-2019-11139} [jessie] - intel-microcode 3.20191115.2~deb8u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/afb9c2f6ef0cddca7610194e500571b28ef5d558 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/afb9c2f6ef0cddca7610194e500571b28ef5d558 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] sixel no-dsa
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1f996cec by Moritz Muehlenhoff at 2019-12-30T20:56:44Z sixel no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2396,6 +2396,8 @@ CVE-2019-20141 (An XSS issue was discovered in the Laborator Neon theme 2.0 for NOT-FOR-US: Laborator Neon theme for WordPress CVE-2019-20140 (An issue was discovered in libsixel 1.8.4. There is a heap-based buffe ...) - libsixel + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/122 CVE-2019-20139 (In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgrou ...) NOT-FOR-US: Nagios XI @@ -2495,6 +2497,8 @@ CVE-2019-20095 (mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211. NOTE: https://git.kernel.org/linus/003b686ace820ce2d635a83f10f2d7f9c147dabc CVE-2019-20094 (An issue was discovered in libsixel 1.8.4. There is a heap-based buffe ...) - libsixel + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/125 CVE-2019-20093 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...) - libpodofo @@ -2644,14 +2648,20 @@ CVE-2019-20025 RESERVED CVE-2019-20024 (A heap-based buffer overflow was discovered in image_buffer_resize in ...) - libsixel + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/121 NOTE: https://github.com/saitoha/libsixel/commit/6367d2fc8c365c5841d05697200e90c73c4b3c4b CVE-2019-20023 (A memory leak was discovered in image_buffer_resize in fromsixel.c in ...) - libsixel + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/120 NOTE: Proposed fix: https://github.com/saitoha/libsixel/commit/b9a4175c803b50a863b0fbd8b8b49058ca725ea6 CVE-2019-20022 (An invalid memory address dereference was discovered in load_pnm in fr ...) - libsixel + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/108 NOTE: https://github.com/saitoha/libsixel/commit/e17c0765ed708186865f0f8badfed44181063776 CVE-2019-20021 (A heap-based buffer over-read was discovered in canUnpack in p_mach.cp ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f996cecd247d570ed0182db90d97dfa31d74539 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f996cecd247d570ed0182db90d97dfa31d74539 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2019-13465/ros-ros-comm
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ccef3131 by Salvatore Bonaccorso at 2019-12-30T20:45:17Z Add CVE-2019-13465/ros-ros-comm - - - - - b52bdf17 by Salvatore Bonaccorso at 2019-12-30T20:45:43Z Add CVE-2019-13445/ros-ros-comm - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29774,7 +29774,11 @@ CVE-2019-13467 (Description: Western Digital SSD Dashboard before 2.5.1.0 and Sa CVE-2019-13466 (Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard ...) NOT-FOR-US: Western Digital SSD Dashboard and SanDisk SSD Dashboard CVE-2019-13465 (An issue was discovered in the ROS communications-related packages (ak ...) - TODO: check + - ros-ros-comm + [buster] - ros-ros-comm (Minor issue) + [stretch] - ros-ros-comm (Minor issue) + NOTE: https://github.com/ros/ros_comm/issues/1752 + NOTE: https://github.com/ros/ros_comm/pull/1763 CVE-2019-13464 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2 ...) - modsecurity-crs 3.2.0-1 (low; bug #943773) [buster] - modsecurity-crs 3.1.0-1+deb10u1 @@ -29857,7 +29861,11 @@ CVE-2019-13447 (An issue was discovered in Sertek Xpare 3.67. The login form doe CVE-2019-13446 REJECTED CVE-2019-13445 (An issue was discovered in the ROS communications-related packages (ak ...) - TODO: check + - ros-ros-comm + [buster] - ros-ros-comm (Minor issue) + [stretch] - ros-ros-comm (Minor issue) + NOTE: https://github.com/ros/ros_comm/issues/1738 + NOTE: https://github.com/ros/ros_comm/pull/1741 CVE-2019-13444 RESERVED CVE-2019-13443 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/30ca9d392c53bf670f5cb7f3585c2fa6ccd4edb8...b52bdf17c8347f92e3b7ad2b0538d96026ec2100 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/30ca9d392c53bf670f5cb7f3585c2fa6ccd4edb8...b52bdf17c8347f92e3b7ad2b0538d96026ec2100 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: da603d62 by Salvatore Bonaccorso at 2019-12-30T20:33:48Z Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2397,7 +2397,7 @@ CVE-2019-20141 (An XSS issue was discovered in the Laborator Neon theme 2.0 for CVE-2019-20140 (An issue was discovered in libsixel 1.8.4. There is a heap-based buffe ...) TODO: check CVE-2019-20139 (In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgrou ...) - TODO: check + NOT-FOR-US: Nagios XI CVE-2019-20138 (The HTTP Authentication library before 2019-12-27 for Nim has weak pas ...) TODO: check CVE-2019-20137 @@ -3870,9 +3870,9 @@ CVE-2019-3467 (Debian-edu-config all versions 2.11.10, a set of configurati CVE-2019-19808 RESERVED CVE-2019-19806 (_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through ...) - TODO: check + NOT-FOR-US: MFScripts YetiShare CVE-2019-19805 (_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through ...) - TODO: check + NOT-FOR-US: MFScripts YetiShare CVE-2019-19804 RESERVED CVE-2019-19803 @@ -5048,21 +5048,21 @@ CVE-2019-19741 CVE-2019-19740 (Octeth Oempro 4.7 allows SQL injection. The parameter CampaignID in Ca ...) NOT-FOR-US: Octeth Oempro CVE-2019-19739 (MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag o ...) - TODO: check + NOT-FOR-US: MFScripts YetiShare CVE-2019-19738 (log_file_viewer.php in MFScripts YetiShare 3.5.2 through 4.5.3 does no ...) - TODO: check + NOT-FOR-US: MFScripts YetiShare CVE-2019-19737 (MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag ...) - TODO: check + NOT-FOR-US: MFScripts YetiShare CVE-2019-19736 (MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag ...) - TODO: check + NOT-FOR-US: MFScripts YetiShare CVE-2019-19735 (class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an ...) - TODO: check + NOT-FOR-US: MFScripts YetiShare CVE-2019-19734 (_account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 dir ...) - TODO: check + NOT-FOR-US: MFScripts YetiShare CVE-2019-19733 (_get_all_file_server_paths.ajax.php (aka get_all_file_server_paths.aja ...) - TODO: check + NOT-FOR-US: MFScripts YetiShare CVE-2019-19732 (translation_manage_text.ajax.php and various *_manage.ajax.php in MFSc ...) - TODO: check + NOT-FOR-US: MFScripts YetiShare CVE-2019-19731 (Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote ...) NOT-FOR-US: Roxy Fileman CVE-2019-19730 @@ -8206,7 +8206,7 @@ CVE-2019-19472 CVE-2019-19471 RESERVED CVE-2019-19470 (An attacker who has already compromised the local system could use Tin ...) - TODO: check + NOT-FOR-US: TinyWall Controller CVE-2019-19469 (In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks ...) NOT-FOR-US: Zmanda Management Console CVE-2019-19468 (Free Photo Viewer 1.3 allows remote attackers to execute arbitrary cod ...) @@ -8624,7 +8624,7 @@ CVE-2019-19391 (** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit befor CVE-2019-19390 RESERVED CVE-2019-19389 (JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP R ...) - TODO: check + NOT-FOR-US: JetBrains Ktor framework CVE-2019-19388 (A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_d ...) NOT-FOR-US: FusionPBX CVE-2019-19387 (A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_inter ...) @@ -16302,7 +16302,7 @@ CVE-2019-17669 (WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) NOTE: https://github.com/WordPress/WordPress/commit/608d39faed63ea212b6c6cdf9fe2bef92e2120ea NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ CVE-2019-17621 (The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.0 ...) - TODO: check + NOT-FOR-US: D-Link CVE-2019-17620 RESERVED CVE-2019-17619 @@ -19305,7 +19305,7 @@ CVE-2019-16537 CVE-2019-16536 RESERVED CVE-2019-16535 (In all versions of ClickHouse before 19.14, an OOB read, OOB write and ...) - TODO: check + NOT-FOR-US: ClickHouse CVE-2019-16534 (On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a c ...) NOT-FOR-US: DrayTek Vigor2925 devices CVE-2019-16533 (On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access C ...) @@ -23900,7 +23900,7 @@ CVE-2014-10375 (handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles CVE-2013-7476 (The simple-fields plugin before 1.2 for WordPress has CSRF in the admi ...) NOT-FOR-US: simple-fields plugin for
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-20140/libsixel
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 30ca9d39 by Salvatore Bonaccorso at 2019-12-30T20:34:24Z Add CVE-2019-20140/libsixel - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2395,7 +2395,8 @@ CVE-2019-20142 CVE-2019-20141 (An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPr ...) NOT-FOR-US: Laborator Neon theme for WordPress CVE-2019-20140 (An issue was discovered in libsixel 1.8.4. There is a heap-based buffe ...) - TODO: check + - libsixel + NOTE: https://github.com/saitoha/libsixel/issues/122 CVE-2019-20139 (In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgrou ...) NOT-FOR-US: Nagios XI CVE-2019-20138 (The HTTP Authentication library before 2019-12-27 for Nim has weak pas ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/30ca9d392c53bf670f5cb7f3585c2fa6ccd4edb8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/30ca9d392c53bf670f5cb7f3585c2fa6ccd4edb8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Several tigervnc issues fixed in unstable via new upstream version
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4264da36 by Salvatore Bonaccorso at 2019-12-30T20:20:32Z Several tigervnc issues fixed in unstable via new upstream version - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21732,27 +21732,27 @@ CVE-2019-15697 CVE-2019-15696 RESERVED CVE-2019-15695 (TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflo ...) - - tigervnc (bug #947428) + - tigervnc 1.10.1+dfsg-1 (bug #947428) NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2 NOTE: https://github.com/TigerVNC/tigervnc/commit/05e28490873a861379c943bf616614b78b558b89 (master) NOTE: https://github.com/TigerVNC/tigervnc/commit/6c47340e095258a959c95db9aa2a6c715d62bf7c (v1.10.1) CVE-2019-15694 (TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow ...) - - tigervnc (bug #947428) + - tigervnc 1.10.1+dfsg-1 (bug #947428) NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2 NOTE: https://github.com/TigerVNC/tigervnc/commit/0943c006c7d900dfc0281639e992791d6c567438 (master) NOTE: https://github.com/TigerVNC/tigervnc/commit/f287032d3643a6437f7de0ed35f4c45bb735522d (v1.10.1) CVE-2019-15693 (TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow ...) - - tigervnc (bug #947428) + - tigervnc 1.10.1+dfsg-1 (bug #947428) NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2 NOTE: https://github.com/TigerVNC/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95 (master) NOTE: https://github.com/TigerVNC/tigervnc/commit/46c081926efd83c90a45c0a96b1b5bc1927e1346 (v1.10.1) CVE-2019-15692 (TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow ...) - - tigervnc (bug #947428) + - tigervnc 1.10.1+dfsg-1 (bug #947428) NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2 NOTE: https://github.com/TigerVNC/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821 (master) NOTE: https://github.com/TigerVNC/tigervnc/commit/ff08ca78b24b5a4ed5263245c7ce8744059ff4ad (v1.10.1) CVE-2019-15691 (TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-retu ...) - - tigervnc (bug #947428) + - tigervnc 1.10.1+dfsg-1 (bug #947428) NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2 NOTE: https://github.com/TigerVNC/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40 (master) NOTE: https://github.com/TigerVNC/tigervnc/commit/042de4642293df9b72a08189c249e2da79cbca91 (v1.10.1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4264da364819f32dc6d76441217027e30222c2cc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4264da364819f32dc6d76441217027e30222c2cc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1cd5e028 by Salvatore Bonaccorso at 2019-12-30T20:16:47Z Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2393,7 +2393,7 @@ CVE-2019-20143 CVE-2019-20142 RESERVED CVE-2019-20141 (An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPr ...) - TODO: check + NOT-FOR-US: Laborator Neon theme for WordPress CVE-2019-20140 (An issue was discovered in libsixel 1.8.4. There is a heap-based buffe ...) TODO: check CVE-2019-20139 (In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgrou ...) @@ -54180,7 +54180,7 @@ CVE-2019-4657 CVE-2019-4656 RESERVED CVE-2019-4655 (IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4654 RESERVED CVE-2019-4653 @@ -54244,7 +54244,7 @@ CVE-2019-4625 CVE-2019-4624 RESERVED CVE-2019-4623 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4622 RESERVED CVE-2019-4621 (IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2 ...) @@ -54804,7 +54804,7 @@ CVE-2019-4345 CVE-2019-4344 RESERVED CVE-2019-4343 (IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-orig ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4342 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...) NOT-FOR-US: IBM CVE-2019-4341 @@ -54820,7 +54820,7 @@ CVE-2019-4337 (IBM Robotic Process Automation with Automation Anywhere 11 could CVE-2019-4336 (IBM Robotic Process Automation with Automation Anywhere 11 uses an ina ...) NOT-FOR-US: IBM CVE-2019-4335 (IBM Watson Studio Local 1.2.3 stores key files in the user's home dire ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4334 (IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information ...) NOT-FOR-US: IBM CVE-2019-4333 @@ -116694,7 +116694,7 @@ CVE-2018-1684 (IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQ CVE-2018-1683 (IBM WebSphere Application Server Liberty could allow a remote attacker ...) NOT-FOR-US: IBM CVE-2018-1682 (IBM Watson Studio Local 1.2.3 could disclose sensitive information ove ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-1681 RESERVED CVE-2018-1680 (IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1cd5e0286b7ec0a24d60563060f2f456daf0cb8c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1cd5e0286b7ec0a24d60563060f2f456daf0cb8c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-19590/radare2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 039fe805 by Salvatore Bonaccorso at 2019-12-30T20:15:10Z Add Debian bug reference for CVE-2019-19590/radare2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7713,7 +7713,7 @@ CVE-2019-19592 CVE-2019-19591 RESERVED CVE-2019-19590 (In radare2 through 4.0, there is an integer overflow for the variable ...) - - radare2 + - radare2 (bug #947791) [buster] - radare2 (Minor issue) [stretch] - radare2 (Minor issue) NOTE: https://github.com/radareorg/radare2/issues/15543 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/039fe8052b8b689caac874b4031e88dc6922f5f8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/039fe8052b8b689caac874b4031e88dc6922f5f8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2051-1 for intel-microcode
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: d2bc4ba3 by Markus Koschany at 2019-12-30T20:08:10Z Reserve DLA-2051-1 for intel-microcode - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[30 Dec 2019] DLA-2051-1 intel-microcode - security update + {CVE-2019-11135 CVE-2019-11139} + [jessie] - intel-microcode 3.20191115.2~deb8u1 [29 Dec 2019] DLA-2050-1 php5 - security update {CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050} [jessie] - php5 5.6.40+dfsg-0+deb8u8 = data/dla-needed.txt = @@ -29,9 +29,6 @@ ibus (Emilio) NOTE: 20191210: See https://bugs.debian.org/941018 NOTE: 20191210: See https://gitlab.gnome.org/GNOME/glib/merge_requests/1176 -- -intel-microcode (Markus Koschany) - NOTE: 20191218: Should be based on DSA-4565-2 --- jhead (Adrian Bunk) NOTE: 20191230: work is ongoing -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d2bc4ba339a2c40353235991fccb332db4a67496 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d2bc4ba339a2c40353235991fccb332db4a67496 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixing commit for CVE-2018-1000825/freecol
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5898ce06 by Salvatore Bonaccorso at 2019-12-30T20:00:26Z Track fixing commit for CVE-2018-1000825/freecol - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -55788,6 +55788,7 @@ CVE-2018-1000825 (FreeCol version = nightly-2018-08-22 contains a XML Extern [stretch] - freecol (Minor issue) [jessie] - freecol (Games are not supported) NOTE: https://github.com/FreeCol/freecol/issues/26 + NOTE: https://github.com/FreeCol/freecol/commit/8963506897e3270a75b062f28486934bcb79b1e3 CVE-2018-1000824 (MegaMek version v0.45.1 contains a Other/Unknown vulnerability in ...) NOT-FOR-US: MegaMek CVE-2018-1000823 (exist version = 5.0.0-RC4 contains a XML External Entity (XXE) vul ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5898ce065e9375a5cc962f05046d9fb8ed657b90 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5898ce065e9375a5cc962f05046d9fb8ed657b90 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2016-1000021 confirmed to be rejected
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3762ed4b by Salvatore Bonaccorso at 2019-12-30T19:56:27Z CVE-2016-121 confirmed to be rejected This was a duplication reservation for CVE-2016-10538. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -181452,10 +181452,8 @@ CVE-2016-122 (negotiator before 0.6.1 is vulnerable to a regular expression NOTE: https://nodesecurity.io/advisories/106 NOTE: https://github.com/distributedweaknessfiling/DWF-Database/commit/5e607a0cad2769db2be5aafc4d9b1ec49bd7bbbc NOTE: nodejs not covered by security support -CVE-2016-121 (An issue exists in node-cli 0.1.0 through 0.11.3 due to predictable te ...) - - node-cli (unimportant) - NOTE: https://nodesecurity.io/advisories/95 - NOTE: nodejs not covered by security support +CVE-2016-121 + REJECTED CVE-2016-120 RESERVED CVE-2016-119 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3762ed4b78b925e055590913b60fbc5be2e6ed24 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3762ed4b78b925e055590913b60fbc5be2e6ed24 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] this had been fixed
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: e487030d by Thorsten Alteholz at 2019-12-30T15:55:10Z this had been fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -181491,7 +181491,6 @@ CVE-2016-6905 (The read_image_tga function in gd_tga.c in the GD Graphics Librar CVE-2016-6352 (The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows ...) {DLA-2043-1} - gdk-pixbuf 2.35.4-1 (bug #832496) - [jessie] - gdk-pixbuf (Minor issue, can be fixed along in a future DSA) [wheezy] - gdk-pixbuf (Fails with ENOMEM, no crash) NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/11 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769170 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e487030d4da353e91a8e4952b46ea65659602bf2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e487030d4da353e91a8e4952b46ea65659602bf2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Reference upstream fix for CVE-2019-19590/radare2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 627600c5 by Salvatore Bonaccorso at 2019-12-30T13:45:23Z Reference upstream fix for CVE-2019-19590/radare2 - - - - - 3534fc62 by Salvatore Bonaccorso at 2019-12-30T13:47:13Z Mark CVE-2019-19590/radare2 as no-dsa for stretch and buster - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5230,8 +5230,10 @@ CVE-2019-19591 RESERVED CVE-2019-19590 (In radare2 through 4.0, there is an integer overflow for the variable ...) - radare2 + [buster] - radare2 (Minor issue) + [stretch] - radare2 (Minor issue) NOTE: https://github.com/radareorg/radare2/issues/15543 - TODO: check details + NOTE: https://github.com/radareorg/radare2/commit/9bbc63ffa0e93aa054e262cdfb973326935a2d70 CVE-2019-19589 (The Lever PDF Embedder plugin 4.4 for WordPress does not block the dis ...) NOT-FOR-US: Lever PDF Embedder plugin for WordPress CVE-2019-19588 (The validators package 0.12.2 through 0.12.5 for Python enters an infi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4e26ce0956411fd275479abb1ca1c5857985c34c...3534fc62aa96f5bc497e0eb699bdd8b4cb518fba -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4e26ce0956411fd275479abb1ca1c5857985c34c...3534fc62aa96f5bc497e0eb699bdd8b4cb518fba You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-19919 as no-dsa for stretch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4e26ce09 by Salvatore Bonaccorso at 2019-12-30T13:04:10Z Mark CVE-2019-19919 as no-dsa for stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17692,6 +17692,7 @@ CVE-2019-16378 (OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone t CVE-2019-16275 (hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect ...) {DSA-4538-1 DLA-1922-1} - wpa 2:2.9-2 (bug #940080) + [stretch] - wpa (Minor issue; can be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2019/09/11/7 NOTE: https://w1.fi/security/2019-7/ CVE-2019-16238 (Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e26ce0956411fd275479abb1ca1c5857985c34c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e26ce0956411fd275479abb1ca1c5857985c34c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Correctly indent entries with tabs for consistency
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e4911664 by Salvatore Bonaccorso at 2019-12-30T11:03:39Z Correctly indent entries with tabs for consistency - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -64,23 +64,23 @@ CVE-2019-10740 CVE-2018-171 [buster] - roundcube 1.3.10+dfsg.1-1~deb10u1 CVE-2014-6053 - [buster] - tightvnc 1:1.3.9-9deb10u1 + [buster] - tightvnc 1:1.3.9-9deb10u1 CVE-2019-8287 - [buster] - tightvnc 1:1.3.9-9deb10u1 + [buster] - tightvnc 1:1.3.9-9deb10u1 CVE-2018-20021 - [buster] - tightvnc 1:1.3.9-9deb10u1 + [buster] - tightvnc 1:1.3.9-9deb10u1 CVE-2018-20022 - [buster] - tightvnc 1:1.3.9-9deb10u1 + [buster] - tightvnc 1:1.3.9-9deb10u1 CVE-2018-7225 - [buster] - tightvnc 1:1.3.9-9deb10u1 + [buster] - tightvnc 1:1.3.9-9deb10u1 CVE-2019-15678 - [buster] - tightvnc 1:1.3.9-9deb10u1 + [buster] - tightvnc 1:1.3.9-9deb10u1 CVE-2019-15679 - [buster] - tightvnc 1:1.3.9-9deb10u1 + [buster] - tightvnc 1:1.3.9-9deb10u1 CVE-2019-15680 - [buster] - tightvnc 1:1.3.9-9deb10u1 + [buster] - tightvnc 1:1.3.9-9deb10u1 CVE-2019-15681 - [buster] - tightvnc 1:1.3.9-9deb10u1 + [buster] - tightvnc 1:1.3.9-9deb10u1 CVE-2019-19919 [buster] - node-handlebars 3:4.1.0-1+deb10u1 CVE-2019-14814 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e49116642d21b555ab57df1a6b9eadd83f36477c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e49116642d21b555ab57df1a6b9eadd83f36477c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: Mark CVE-2019-19919/node-handlebars as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 68658915 by Salvatore Bonaccorso at 2019-12-30T11:00:01Z Mark CVE-2019-19919/node-handlebars as no-dsa - - - - - d6be9048 by Salvatore Bonaccorso at 2019-12-30T11:00:40Z Track fixed version for CVE-2019-19919/node-handlebars via unstable - - - - - 606bb522 by Salvatore Bonaccorso at 2019-12-30T11:01:28Z Track proposed update for node-handlebars via buster-pu - - - - - 2 changed files: - data/CVE/list - data/next-point-update.txt Changes: = data/CVE/list = @@ -433,7 +433,8 @@ CVE-2019-19922 (kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.c CVE-2019-19921 RESERVED CVE-2019-19919 (Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Poll ...) - - node-handlebars + - node-handlebars 3:4.5.3-1 + [buster] - node-handlebars (Minor issue; will be fixed via point release) NOTE: https://www.npmjs.com/advisories/1164 CVE-2019-19918 (Lout 3.40 has a heap-based buffer overflow in the srcnext() function i ...) - lout (bug #947113) = data/next-point-update.txt = @@ -81,6 +81,8 @@ CVE-2019-15680 [buster] - tightvnc 1:1.3.9-9deb10u1 CVE-2019-15681 [buster] - tightvnc 1:1.3.9-9deb10u1 +CVE-2019-19919 + [buster] - node-handlebars 3:4.1.0-1+deb10u1 CVE-2019-14814 [buster] - linux 4.19.87-1 CVE-2019-14815 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/eeb3197c3b0b405318ca720483b7f39b481293a2...606bb522e7dec71506f7680d275a3dfe481d9b92 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/eeb3197c3b0b405318ca720483b7f39b481293a2...606bb522e7dec71506f7680d275a3dfe481d9b92 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark tightvnc issues as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eeb3197c by Salvatore Bonaccorso at 2019-12-30T10:54:27Z Mark tightvnc issues as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19313,12 +19313,16 @@ CVE-2019-15680 (TightVNC code version 1.3.10 contains null pointer dereference i CVE-2019-15679 (TightVNC code version 1.3.10 contains heap buffer overflow in Initiali ...) {DLA-2045-1} - tightvnc 1:1.3.9-9.1 (bug #945364) + [buster] - tightvnc (Minor issue; will be fixed via point release) + [stretch] - tightvnc (Minor issue; will be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5 NOTE: https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7 NOTE: part of CVE-2018-20748/libvncserver CVE-2019-15678 (TightVNC code version 1.3.10 contains heap buffer overflow in rfbServe ...) {DLA-2045-1} - tightvnc 1:1.3.9-9.1 (bug #945364) + [buster] - tightvnc (Minor issue; will be fixed via point release) + [stretch] - tightvnc (Minor issue; will be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5 NOTE: https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a NOTE: part of CVE-2018-20748/libvnvserver @@ -42779,6 +42783,8 @@ CVE-2019-8288 (Vulnerability in Online Store v1.0, Stored XSS in user_view.php w CVE-2019-8287 (TightVNC code version 1.3.10 contains global buffer overflow in Handle ...) {DLA-2045-1} - tightvnc 1:1.3.9-9.1 (bug #945364) + [buster] - tightvnc (Minor issue; will be fixed via point release) + [stretch] - tightvnc (Minor issue; will be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5 NOTE: same as CVE-2018-20020/libvncserver CVE-2019-8286 (Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Sec ...) @@ -59764,6 +59770,8 @@ CVE-2018-20022 (LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains - italc - ssvnc 1.0.29-5 (bug #945827) - tightvnc 1:1.3.9-9.1 + [buster] - tightvnc (Minor issue; will be fixed via point release) + [stretch] - tightvnc (Minor issue; will be fixed via point release) - veyon 4.1.4+repack1-1 NOTE: https://github.com/LibVNC/libvncserver/issues/252 NOTE: https://github.com/LibVNC/libvncserver/commit/2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 @@ -59774,6 +59782,8 @@ CVE-2018-20021 (LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c co - italc - ssvnc 1.0.29-5 (bug #945827) - tightvnc 1:1.3.9-9.1 + [buster] - tightvnc (Minor issue; will be fixed via point release) + [stretch] - tightvnc (Minor issue; will be fixed via point release) - veyon 4.1.4+repack1-1 NOTE: https://github.com/LibVNC/libvncserver/issues/251 NOTE: https://github.com/LibVNC/libvncserver/commit/c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c @@ -98354,6 +98364,8 @@ CVE-2018-7225 (An issue was discovered in LibVNCServer through 0.9.11. rfbProces - libvncserver 0.9.11+dfsg-1.1 (bug #894045) - italc - tightvnc 1:1.3.9-9.1 + [buster] - tightvnc (Minor issue; will be fixed via point release) + [stretch] - tightvnc (Minor issue; will be fixed via point release) - vino (bug #945784) NOTE: https://github.com/LibVNC/libvncserver/issues/218 NOTE: https://github.com/LibVNC/libvncserver/commit/b0c77391e6bd0a2305bbc9b37a2499af74ddd9ee @@ -236286,6 +236298,8 @@ CVE-2014-6053 (The rfbProcessClientNormalMessage function in libvncserver/rfbser - libvncserver 0.9.9+dfsg-6.1 (bug #762745) - italc 1:3.0.1+dfsg1-1 - tightvnc 1:1.3.9-9.1 + [buster] - tightvnc (Minor issue; will be fixed via point release) + [stretch] - tightvnc (Minor issue; will be fixed via point release) - vino (bug #945784) NOTE: https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28 CVE-2014-6052 (The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibV ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eeb3197c3b0b405318ca720483b7f39b481293a2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eeb3197c3b0b405318ca720483b7f39b481293a2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: f2a3debf by Thorsten Alteholz at 2019-12-30T10:36:01Z update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -113,6 +113,7 @@ slurm-llnl -- sqlite3 (Thorsten Alteholz) NOTE: 20191212: look at no-dsa as well + NOTE: 20191230: WIP -- squid3 NOTE: 20191210: Requires new API SBuf. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2a3debf1bcaf6ec3fd46b7ddf29db2ecf931dbd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2a3debf1bcaf6ec3fd46b7ddf29db2ecf931dbd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-17357/cacti: stretch not-affected
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker Commits: f10ec44b by Hugo Lefeuvre at 2019-12-30T10:09:07Z CVE-2019-17357/cacti: stretch not-affected 0.8.8h does sanitize template_id, the check was removed later. see #947374 for more information. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14708,6 +14708,7 @@ CVE-2019-17358 (Cacti through 1.2.7 is affected by multiple instances of lib/fun CVE-2019-17357 RESERVED - cacti 1.2.8+ds1-1 (bug #947374) + [stretch] - cacti (Vulnerable code not present) [jessie] - cacti (Vulnerable code not present) NOTE: https://github.com/Cacti/cacti/issues/3025 NOTE: https://github.com/Cacti/cacti/commit/d6dc48503bbcde0717e7a93df7638fd4796200f4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f10ec44bf4986b539888523bbb46dc9169dc3253 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f10ec44bf4986b539888523bbb46dc9169dc3253 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-20063/libmysofa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dbe1e52e by Salvatore Bonaccorso at 2019-12-30T09:17:57Z Add CVE-2019-20063/libmysofa - - - - - 2 changed files: - data/CVE/list - data/next-point-update.txt Changes: = data/CVE/list = @@ -74,7 +74,10 @@ CVE-2019-20065 CVE-2019-20064 RESERVED CVE-2019-20063 (hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of m ...) - TODO: check + - libmysofa 0.8~dfsg0-1 + [buster] - libmysofa (Minor issue; will be fixed in point release) + NOTE: https://github.com/hoene/libmysofa/issues/67 + NOTE: https://github.com/hoene/libmysofa/commit/ecb7b743b6f6d47b93a7bc680a60071a0f9524c6 CVE-2019-20062 RESERVED CVE-2019-20061 = data/next-point-update.txt = @@ -12,6 +12,8 @@ CVE-2019-16094 [buster] - libmysofa 0.6~dfsg0-3+deb10u1 CVE-2019-16095 [buster] - libmysofa 0.6~dfsg0-3+deb10u1 +CVE-2019-20063 + [buster] - libmysofa 0.6~dfsg0-3+deb10u1 CVE-2019-17134 [buster] - octavia 3.0.0-3+deb10u1 CVE-2018-21010 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dbe1e52e474828a876ea2245a82102cbc2448e35 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dbe1e52e474828a876ea2245a82102cbc2448e35 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-20079/vim
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a0bf7f46 by Salvatore Bonaccorso at 2019-12-30T09:11:03Z Add CVE-2019-20079/vim - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -41,7 +41,8 @@ CVE-2019-20081 CVE-2019-20080 RESERVED CVE-2019-20079 (The autocmd feature in window.c in Vim before 8.1.2136 accesses freed ...) - TODO: check + - vim 2:8.1.2136-1 + NOTE: https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421 CVE-2019-20078 RESERVED CVE-2019-20077 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0bf7f4669e2737c65fb3a4752282608a14ab315 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0bf7f4669e2737c65fb3a4752282608a14ab315 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ae1acdf6 by Salvatore Bonaccorso at 2019-12-30T09:08:32Z Process some more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21,13 +21,13 @@ CVE-2019-20091 (An issue was discovered in Bento4 1.5.1.0. There is a NULL point CVE-2019-20090 (An issue was discovered in Bento4 1.5.1.0. There is a use-after-free i ...) NOT-FOR-US: Bento4 CVE-2019-20089 (GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_See ...) - TODO: check + NOT-FOR-US: gpmf-parser CVE-2019-20088 (GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayloa ...) - TODO: check + NOT-FOR-US: gpmf-parser CVE-2019-20087 (GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seek ...) - TODO: check + NOT-FOR-US: gpmf-parser CVE-2019-20086 (GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next ...) - TODO: check + NOT-FOR-US: gpmf-parser CVE-2019-20085 (TVT NVMS-1000 devices allow GET /.. Directory Traversal ...) NOT-FOR-US: TVT NVMS-1000 devices CVE-2019-20084 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ae1acdf663fee060e7fe3388beb3ebae02ae7812 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ae1acdf663fee060e7fe3388beb3ebae02ae7812 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b26fc699 by Salvatore Bonaccorso at 2019-12-30T08:43:49Z Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15,11 +15,11 @@ CVE-2019-20093 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in - libpodofo NOTE: https://sourceforge.net/p/podofo/tickets/75/ CVE-2019-20092 (An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer der ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2019-20091 (An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer der ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2019-20090 (An issue was discovered in Bento4 1.5.1.0. There is a use-after-free i ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2019-20089 (GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_See ...) TODO: check CVE-2019-20088 (GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayloa ...) @@ -29,7 +29,7 @@ CVE-2019-20087 (GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPM CVE-2019-20086 (GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next ...) TODO: check CVE-2019-20085 (TVT NVMS-1000 devices allow GET /.. Directory Traversal ...) - TODO: check + NOT-FOR-US: TVT NVMS-1000 devices CVE-2019-20084 RESERVED CVE-2019-20083 @@ -47,19 +47,19 @@ CVE-2019-20078 CVE-2019-20077 RESERVED CVE-2019-20076 (On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username par ...) - TODO: check + NOT-FOR-US: Netis DL4323 devices CVE-2019-20075 (On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). ...) - TODO: check + NOT-FOR-US: Netis DL4323 devices CVE-2019-20074 (On Netis DL4323 devices, any user role can view sensitive information, ...) - TODO: check + NOT-FOR-US: Netis DL4323 devices CVE-2019-20073 (On Netis DL4323 devices, XSS exists via the form2userconfig.cgi userna ...) - TODO: check + NOT-FOR-US: Netis DL4323 devices CVE-2019-20072 (On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname par ...) - TODO: check + NOT-FOR-US: Netis DL4323 devices CVE-2019-20071 (On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete ...) - TODO: check + NOT-FOR-US: Netis DL4323 devices CVE-2019-20070 (On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2 ...) - TODO: check + NOT-FOR-US: Netis DL4323 devices CVE-2019-20069 RESERVED CVE-2019-20068 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b26fc699c5913e9a37f3f7fa22cfb260d1a98cb8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b26fc699c5913e9a37f3f7fa22cfb260d1a98cb8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-20093/libpodofo
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d6794afe by Salvatore Bonaccorso at 2019-12-30T08:41:54Z Add CVE-2019-20093/libpodofo - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12,7 +12,8 @@ CVE-2019-20094 (An issue was discovered in libsixel 1.8.4. There is a heap-based - libsixel NOTE: https://github.com/saitoha/libsixel/issues/125 CVE-2019-20093 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...) - TODO: check + - libpodofo + NOTE: https://sourceforge.net/p/podofo/tickets/75/ CVE-2019-20092 (An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer der ...) TODO: check CVE-2019-20091 (An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer der ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6794afe20b6df6a861ac66d96a2c2419b407394 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6794afe20b6df6a861ac66d96a2c2419b407394 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-20094/libsixel
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 968ef0e4 by Salvatore Bonaccorso at 2019-12-30T08:41:01Z Add CVE-2019-20094/libsixel - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,7 +9,8 @@ CVE-2019-20095 (mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211. [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/003b686ace820ce2d635a83f10f2d7f9c147dabc CVE-2019-20094 (An issue was discovered in libsixel 1.8.4. There is a heap-based buffe ...) - TODO: check + - libsixel + NOTE: https://github.com/saitoha/libsixel/issues/125 CVE-2019-20093 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...) TODO: check CVE-2019-20092 (An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer der ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/968ef0e4c6fe7014b4e3631f377699a6c56c58e6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/968ef0e4c6fe7014b4e3631f377699a6c56c58e6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-20095/linux as not-affected
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1b34fcf4 by Salvatore Bonaccorso at 2019-12-30T08:39:13Z Mark CVE-2019-20095/linux as not-affected - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6,6 +6,7 @@ CVE-2019-20095 (mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211. - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.184-1 + [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/003b686ace820ce2d635a83f10f2d7f9c147dabc CVE-2019-20094 (An issue was discovered in libsixel 1.8.4. There is a heap-based buffe ...) TODO: check View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b34fcf4db3a9d2d49d70d90458fac589c58dd65 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b34fcf4db3a9d2d49d70d90458fac589c58dd65 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-20095/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 940388bb by Salvatore Bonaccorso at 2019-12-30T08:35:36Z Add CVE-2019-20095/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,10 @@ CVE-2019-20096 (In the Linux kernel before 5.1, there is a memory leak in __feat [jessie] - linux 3.16.72-1 NOTE: https://git.kernel.org/linus/1d3ff0950e2b40dc861b1739029649d03f591820 CVE-2019-20095 (mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in t ...) - TODO: check + - linux 5.2.6-1 + [buster] - linux 4.19.67-1 + [stretch] - linux 4.9.184-1 + NOTE: https://git.kernel.org/linus/003b686ace820ce2d635a83f10f2d7f9c147dabc CVE-2019-20094 (An issue was discovered in libsixel 1.8.4. There is a heap-based buffe ...) TODO: check CVE-2019-20093 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/940388bbe85712cde767042a18e0ff8cc2947d24 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/940388bbe85712cde767042a18e0ff8cc2947d24 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-20096/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6775ac7f by Salvatore Bonaccorso at 2019-12-30T08:21:07Z Add CVE-2019-20096/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,7 @@ CVE-2019-20096 (In the Linux kernel before 5.1, there is a memory leak in __feat_regis ...) - TODO: check + - linux 5.2.6-1 + [jessie] - linux 3.16.72-1 + NOTE: https://git.kernel.org/linus/1d3ff0950e2b40dc861b1739029649d03f591820 CVE-2019-20095 (mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in t ...) TODO: check CVE-2019-20094 (An issue was discovered in libsixel 1.8.4. There is a heap-based buffe ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6775ac7f3ae9d9da4b965329c8461932d2e9ffcb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6775ac7f3ae9d9da4b965329c8461932d2e9ffcb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b62610c2 by security tracker role at 2019-12-30T08:10:15Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,79 @@ +CVE-2019-20096 (In the Linux kernel before 5.1, there is a memory leak in __feat_regis ...) + TODO: check +CVE-2019-20095 (mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in t ...) + TODO: check +CVE-2019-20094 (An issue was discovered in libsixel 1.8.4. There is a heap-based buffe ...) + TODO: check +CVE-2019-20093 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...) + TODO: check +CVE-2019-20092 (An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer der ...) + TODO: check +CVE-2019-20091 (An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer der ...) + TODO: check +CVE-2019-20090 (An issue was discovered in Bento4 1.5.1.0. There is a use-after-free i ...) + TODO: check +CVE-2019-20089 (GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_See ...) + TODO: check +CVE-2019-20088 (GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayloa ...) + TODO: check +CVE-2019-20087 (GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seek ...) + TODO: check +CVE-2019-20086 (GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next ...) + TODO: check +CVE-2019-20085 (TVT NVMS-1000 devices allow GET /.. Directory Traversal ...) + TODO: check +CVE-2019-20084 + RESERVED +CVE-2019-20083 + RESERVED +CVE-2019-20082 + RESERVED +CVE-2019-20081 + RESERVED +CVE-2019-20080 + RESERVED +CVE-2019-20079 (The autocmd feature in window.c in Vim before 8.1.2136 accesses freed ...) + TODO: check +CVE-2019-20078 + RESERVED +CVE-2019-20077 + RESERVED +CVE-2019-20076 (On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username par ...) + TODO: check +CVE-2019-20075 (On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). ...) + TODO: check +CVE-2019-20074 (On Netis DL4323 devices, any user role can view sensitive information, ...) + TODO: check +CVE-2019-20073 (On Netis DL4323 devices, XSS exists via the form2userconfig.cgi userna ...) + TODO: check +CVE-2019-20072 (On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname par ...) + TODO: check +CVE-2019-20071 (On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete ...) + TODO: check +CVE-2019-20070 (On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2 ...) + TODO: check +CVE-2019-20069 + RESERVED +CVE-2019-20068 + RESERVED +CVE-2019-20067 + RESERVED +CVE-2019-20066 + RESERVED +CVE-2019-20065 + RESERVED +CVE-2019-20064 + RESERVED +CVE-2019-20063 (hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of m ...) + TODO: check +CVE-2019-20062 + RESERVED +CVE-2019-20061 + RESERVED +CVE-2019-20060 + RESERVED +CVE-2019-20059 + RESERVED CVE-2019-20058 (** DISPUTED ** Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS ...) NOT-FOR-US: Bolt CMS CVE-2019-20057 (com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman ...) @@ -33943,6 +34019,7 @@ CVE-2019-11052 CVE-2019-11051 RESERVED CVE-2019-11050 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...) + {DLA-2050-1} - php7.3 - php7.0 - php5 @@ -33958,18 +34035,21 @@ CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when su CVE-2019-11048 RESERVED CVE-2019-11047 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...) + {DLA-2050-1} - php7.3 - php7.0 - php5 NOTE: Fixed in PHP 7.4.1, 7.3.13 NOTE: PHP Bug: http://bugs.php.net/78910 CVE-2019-11046 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...) + {DLA-2050-1} - php7.3 - php7.0 - php5 NOTE: Fixed in PHP 7.4.1, 7.3.13 NOTE: PHP Bug: http://bugs.php.net/78878 CVE-2019-11045 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...) + {DLA-2050-1} - php7.3 - php7.0 - php5 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b62610c24d49ff3e939157e971fb082dcd5ef539 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b62610c24d49ff3e939157e971fb082dcd5ef539 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing