Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
459ee02e by Moritz Muehlenhoff at 2019-06-21T22:05:48Z
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -49,7 +49,7 @@ CVE-2019-12906
CVE-2019-12905 (FileRun 2019.05.21 allows XSS via the filename to the
?module=fileman& ...)
NOT-FOR-US: FileRun
CVE-2019-12904 (In Libgcrypt 1.8.4, the C implementation of AES is vulnerable
to a flu ...)
- - libgcrypt20 <unfixed>
+ - libgcrypt20 <unfixed> (bug #930885)
- libgcrypt11 <removed>
NOTE: https://dev.gnupg.org/T4541
NOTE:
https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020
@@ -61,7 +61,7 @@ CVE-2019-12902 (Pydio Cells before 1.5.0 does incomplete
cleanup of a user's dat
CVE-2019-12901 (Pydio Cells before 1.5.0 fails to neutralize '../' elements,
allowing ...)
NOT-FOR-US: Pydio Cells (relates to Pydio product)
CVE-2019-12900 (BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bo ...)
- - bzip2 <unfixed>
+ - bzip2 <unfixed> (bug #930886)
NOTE:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
TODO: check details
CVE-2019-12899 (Delta Electronics DeviceNet Builder 2.04 has a User Mode Write
AV star ...)
@@ -6938,7 +6938,8 @@ CVE-2019-10154
- moodle <removed>
CVE-2019-10153 [mis-handling of non-ASCII characters in guest comment fields]
RESERVED
- - fence-agents <unfixed> (low)
+ - fence-agents <unfixed> (low; bug #930887)
+ [buster] - fence-agents <no-dsa> (Minor issue)
[stretch] - fence-agents <not-affected> (Vulnerable code not present)
[jessie] - fence-agents <not-affected> (Vulnerable code introduced
later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1670460
@@ -7246,6 +7247,7 @@ CVE-2019-10054
RESERVED
CVE-2019-10053 (An issue was discovered in Suricata 4.1.x before 4.1.4. If the
input o ...)
- suricata 1:4.1.4-1
+ [buster] - suricata <no-dsa> (Minor issue)
[stretch] - suricata <no-dsa> (Minor issue)
[jessie] - suricata <no-dsa> (Minor issue)
NOTE: https://redmine.openinfosecfoundation.org/issues/2883
@@ -7256,6 +7258,7 @@ CVE-2019-10051
RESERVED
CVE-2019-10050 (A buffer over-read issue was discovered in Suricata 4.1.x
before 4.1.4 ...)
- suricata 1:4.1.4-1
+ [buster] - suricata <no-dsa> (Minor issue)
[stretch] - suricata <no-dsa> (Minor issue)
[jessie] - suricata <no-dsa> (Minor issue)
NOTE: https://redmine.openinfosecfoundation.org/issues/2884
@@ -19708,6 +19711,7 @@ CVE-2019-5430 (In UniFi Video 3.10.0 and prior, due to
the lack of CSRF protecti
NOT-FOR-US: Ubiquiti Networks UniFi Video
CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an
attacke ...)
- filezilla <unfixed> (low; bug #928282)
+ [buster] - filezilla <no-dsa> (Minor issue)
[stretch] - filezilla <no-dsa> (Minor issue)
[jessie] - filezilla <no-dsa> (Minor issue)
NOTE:
https://svn.filezilla-project.org/filezilla?revision=9097&view=revision
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/459ee02e48a7e7ae6cb8ae1ede2ce44f0b275e20
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/459ee02e48a7e7ae6cb8ae1ede2ce44f0b275e20
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
