[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 4 21:10:38 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f550ce52 by security tracker role at 2019-04-04T20:10:26Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2019-10867 (An issue was discovered in Pimcore before 5.7.1. An attacker with clas ...)
+ TODO: check
+CVE-2019-10866
+ RESERVED
+CVE-2019-10865
+ RESERVED
+CVE-2019-10864
+ RESERVED
+CVE-2019-10863 (A command injection vulnerability exists in TeemIp versions before 2.4 ...)
+ TODO: check
+CVE-2019-10862
+ RESERVED
+CVE-2019-10861
+ RESERVED
+CVE-2019-10860
+ RESERVED
+CVE-2019-10859
+ RESERVED
+CVE-2019-10858
+ RESERVED
+CVE-2019-10857
+ RESERVED
+CVE-2019-10856 (In Jupyter Notebook before 5.7.8, an open redirect can occur via an em ...)
+ TODO: check
+CVE-2019-10855
+ RESERVED
+CVE-2019-10854
+ RESERVED
+CVE-2019-10853
+ RESERVED
+CVE-2019-10852
+ RESERVED
+CVE-2019-10851
+ RESERVED
+CVE-2019-10850
+ RESERVED
+CVE-2019-10849
+ RESERVED
+CVE-2019-10848
+ RESERVED
+CVE-2019-10847
+ RESERVED
+CVE-2019-10846
+ RESERVED
CVE-2019-10845
RESERVED
CVE-2019-10844 (nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka n ...)
@@ -245,104 +289,104 @@ CVE-2019-10724
CVE-2019-10723 (An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class i ...)
- libpodofo <unfixed>
NOTE: https://sourceforge.net/p/podofo/tickets/46/
-CVE-2019-1003099
- RESERVED
-CVE-2019-1003098
- RESERVED
-CVE-2019-1003097
- RESERVED
-CVE-2019-1003096
- RESERVED
-CVE-2019-1003095
- RESERVED
-CVE-2019-1003094
- RESERVED
-CVE-2019-1003093
- RESERVED
-CVE-2019-1003092
- RESERVED
-CVE-2019-1003091
- RESERVED
-CVE-2019-1003090
- RESERVED
-CVE-2019-1003089
- RESERVED
-CVE-2019-1003088
- RESERVED
-CVE-2019-1003087
- RESERVED
-CVE-2019-1003086
- RESERVED
-CVE-2019-1003085
- RESERVED
-CVE-2019-1003084
- RESERVED
-CVE-2019-1003083
- RESERVED
-CVE-2019-1003082
- RESERVED
-CVE-2019-1003081
- RESERVED
-CVE-2019-1003080
- RESERVED
-CVE-2019-1003079
- RESERVED
-CVE-2019-1003078
- RESERVED
-CVE-2019-1003077
- RESERVED
-CVE-2019-1003076
- RESERVED
-CVE-2019-1003075
- RESERVED
-CVE-2019-1003074
- RESERVED
-CVE-2019-1003073
- RESERVED
-CVE-2019-1003072
- RESERVED
-CVE-2019-1003071
- RESERVED
-CVE-2019-1003070
- RESERVED
-CVE-2019-1003069
- RESERVED
-CVE-2019-1003068
- RESERVED
-CVE-2019-1003067
- RESERVED
-CVE-2019-1003066
- RESERVED
-CVE-2019-1003065
- RESERVED
-CVE-2019-1003064
- RESERVED
-CVE-2019-1003063
- RESERVED
-CVE-2019-1003062
- RESERVED
-CVE-2019-1003061
- RESERVED
-CVE-2019-1003060
- RESERVED
-CVE-2019-1003059
- RESERVED
-CVE-2019-1003058
- RESERVED
-CVE-2019-1003057
- RESERVED
-CVE-2019-1003056
- RESERVED
-CVE-2019-1003055
- RESERVED
-CVE-2019-1003054
- RESERVED
-CVE-2019-1003053
- RESERVED
-CVE-2019-1003052
- RESERVED
-CVE-2019-1003051
- RESERVED
+CVE-2019-1003099 (A missing permission check in Jenkins openid Plugin in the OpenIdSsoSe ...)
+ TODO: check
+CVE-2019-1003098 (A cross-site request forgery vulnerability in Jenkins openid Plugin in ...)
+ TODO: check
+CVE-2019-1003097 (Jenkins Crowd Integration Plugin stores credentials unencrypted in the ...)
+ TODO: check
+CVE-2019-1003096 (Jenkins TestFairy Plugin stores credentials unencrypted in job config. ...)
+ TODO: check
+CVE-2019-1003095 (Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its g ...)
+ TODO: check
+CVE-2019-1003094 (Jenkins Open STF Plugin stores credentials unencrypted in its global c ...)
+ TODO: check
+CVE-2019-1003093 (A missing permission check in Jenkins Nomad Plugin in the NomadCloud.D ...)
+ TODO: check
+CVE-2019-1003092 (A cross-site request forgery vulnerability in Jenkins Nomad Plugin in ...)
+ TODO: check
+CVE-2019-1003091 (A missing permission check in Jenkins SOASTA CloudTest Plugin in the C ...)
+ TODO: check
+CVE-2019-1003090 (A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest ...)
+ TODO: check
+CVE-2019-1003089 (Jenkins Upload to pgyer Plugin stores credentials unencrypted in job c ...)
+ TODO: check
+CVE-2019-1003088 (Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in ...)
+ TODO: check
+CVE-2019-1003087 (A missing permission check in Jenkins Chef Sinatra Plugin in the ChefB ...)
+ TODO: check
+CVE-2019-1003086 (A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plu ...)
+ TODO: check
+CVE-2019-1003085 (A missing permission check in Jenkins Zephyr Enterprise Test Managemen ...)
+ TODO: check
+CVE-2019-1003084 (A cross-site request forgery vulnerability in Jenkins Zephyr Enterpris ...)
+ TODO: check
+CVE-2019-1003083 (A missing permission check in Jenkins Gearman Plugin in the GearmanPlu ...)
+ TODO: check
+CVE-2019-1003082 (A cross-site request forgery vulnerability in Jenkins Gearman Plugin i ...)
+ TODO: check
+CVE-2019-1003081 (A missing permission check in Jenkins OpenShift Deployer Plugin in the ...)
+ TODO: check
+CVE-2019-1003080 (A cross-site request forgery vulnerability in Jenkins OpenShift Deploy ...)
+ TODO: check
+CVE-2019-1003079 (A missing permission check in Jenkins VMware Lab Manager Slaves Plugin ...)
+ TODO: check
+CVE-2019-1003078 (A cross-site request forgery vulnerability in Jenkins VMware Lab Manag ...)
+ TODO: check
+CVE-2019-1003077 (A missing permission check in Jenkins Audit to Database Plugin in the ...)
+ TODO: check
+CVE-2019-1003076 (A cross-site request forgery vulnerability in Jenkins Audit to Databas ...)
+ TODO: check
+CVE-2019-1003075 (Jenkins Audit to Database Plugin stores credentials unencrypted in its ...)
+ TODO: check
+CVE-2019-1003074 (Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its ...)
+ TODO: check
+CVE-2019-1003073 (Jenkins VS Team Services Continuous Deployment Plugin stores credentia ...)
+ TODO: check
+CVE-2019-1003072 (Jenkins WildFly Deployer Plugin stores credentials unencrypted in job ...)
+ TODO: check
+CVE-2019-1003071 (Jenkins OctopusDeploy Plugin stores credentials unencrypted in its glo ...)
+ TODO: check
+CVE-2019-1003070 (Jenkins veracode-scanner Plugin stores credentials unencrypted in its ...)
+ TODO: check
+CVE-2019-1003069 (Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in ...)
+ TODO: check
+CVE-2019-1003068 (Jenkins VMware vRealize Automation Plugin stores credentials unencrypt ...)
+ TODO: check
+CVE-2019-1003067 (Jenkins Trac Publisher Plugin stores credentials unencrypted in job co ...)
+ TODO: check
+CVE-2019-1003066 (Jenkins Bugzilla Plugin stores credentials unencrypted in its global c ...)
+ TODO: check
+CVE-2019-1003065 (Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypte ...)
+ TODO: check
+CVE-2019-1003064 (Jenkins aws-device-farm Plugin stores credentials unencrypted in its g ...)
+ TODO: check
+CVE-2019-1003063 (Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypte ...)
+ TODO: check
+CVE-2019-1003062 (Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencr ...)
+ TODO: check
+CVE-2019-1003061 (Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencr ...)
+ TODO: check
+CVE-2019-1003060 (Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in it ...)
+ TODO: check
+CVE-2019-1003059 (A missing permission check in Jenkins FTP publisher Plugin in the FTPP ...)
+ TODO: check
+CVE-2019-1003058 (A cross-site request forgery vulnerability in Jenkins FTP publisher Pl ...)
+ TODO: check
+CVE-2019-1003057 (Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its ...)
+ TODO: check
+CVE-2019-1003056 (Jenkins WebSphere Deployer Plugin stores credentials unencrypted in jo ...)
+ TODO: check
+CVE-2019-1003055 (Jenkins FTP publisher Plugin stores credentials unencrypted in its glo ...)
+ TODO: check
+CVE-2019-1003054 (Jenkins Jira Issue Updater Plugin stores credentials unencrypted in jo ...)
+ TODO: check
+CVE-2019-1003053 (Jenkins HockeyApp Plugin stores credentials unencrypted in job config. ...)
+ TODO: check
+CVE-2019-1003052 (Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unen ...)
+ TODO: check
+CVE-2019-1003051 (Jenkins IRC Plugin stores credentials unencrypted in its global config ...)
+ TODO: check
CVE-2019-XXXX [Guessing order on field without access]
- tryton-server <unfixed>
NOTE: https://discuss.tryton.org/t/security-release-for-issue8189/1262
@@ -1207,52 +1251,52 @@ CVE-2019-10301
RESERVED
CVE-2019-10300
RESERVED
-CVE-2019-10299
- RESERVED
-CVE-2019-10298
- RESERVED
-CVE-2019-10297
- RESERVED
-CVE-2019-10296
- RESERVED
-CVE-2019-10295
- RESERVED
-CVE-2019-10294
- RESERVED
-CVE-2019-10293
- RESERVED
-CVE-2019-10292
- RESERVED
-CVE-2019-10291
- RESERVED
-CVE-2019-10290
- RESERVED
-CVE-2019-10289
- RESERVED
-CVE-2019-10288
- RESERVED
-CVE-2019-10287
- RESERVED
-CVE-2019-10286
- RESERVED
-CVE-2019-10285
- RESERVED
-CVE-2019-10284
- RESERVED
-CVE-2019-10283
- RESERVED
-CVE-2019-10282
- RESERVED
-CVE-2019-10281
- RESERVED
-CVE-2019-10280
- RESERVED
-CVE-2019-10279
- RESERVED
-CVE-2019-10278
- RESERVED
-CVE-2019-10277
- RESERVED
+CVE-2019-10299 (Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in ...)
+ TODO: check
+CVE-2019-10298 (Jenkins Koji Plugin stores credentials unencrypted in its global confi ...)
+ TODO: check
+CVE-2019-10297 (Jenkins Sametime Plugin stores credentials unencrypted in its global c ...)
+ TODO: check
+CVE-2019-10296 (Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its ...)
+ TODO: check
+CVE-2019-10295 (Jenkins crittercism-dsym Plugin stores credentials unencrypted in job ...)
+ TODO: check
+CVE-2019-10294 (Jenkins Kmap Plugin stores credentials unencrypted in job config.xml f ...)
+ TODO: check
+CVE-2019-10293 (A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilde ...)
+ TODO: check
+CVE-2019-10292 (A cross-site request forgery vulnerability in Jenkins Kmap Plugin in K ...)
+ TODO: check
+CVE-2019-10291 (Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credential ...)
+ TODO: check
+CVE-2019-10290 (A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1 ...)
+ TODO: check
+CVE-2019-10289 (A cross-site request forgery vulnerability in Jenkins Netsparker Cloud ...)
+ TODO: check
+CVE-2019-10288 (Jenkins Jabber Server Plugin stores credentials unencrypted in its glo ...)
+ TODO: check
+CVE-2019-10287 (Jenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unen ...)
+ TODO: check
+CVE-2019-10286 (Jenkins DeployHub Plugin stores credentials unencrypted in job config. ...)
+ TODO: check
+CVE-2019-10285 (Jenkins Minio Storage Plugin stores credentials unencrypted in its glo ...)
+ TODO: check
+CVE-2019-10284 (Jenkins Diawi Upload Plugin stores credentials unencrypted in job conf ...)
+ TODO: check
+CVE-2019-10283 (Jenkins mabl Plugin stores credentials unencrypted in job config.xml f ...)
+ TODO: check
+CVE-2019-10282 (Jenkins Klaros-Testmanagement Plugin stores credentials unencrypted in ...)
+ TODO: check
+CVE-2019-10281 (Jenkins Relution Enterprise Appstore Publisher Plugin stores credentia ...)
+ TODO: check
+CVE-2019-10280 (Jenkins Assembla Auth Plugin stores credentials unencrypted in the glo ...)
+ TODO: check
+CVE-2019-10279 (A missing permission check in Jenkins jenkins-reviewbot Plugin in the ...)
+ TODO: check
+CVE-2019-10278 (A cross-site request forgery vulnerability in Jenkins jenkins-reviewbo ...)
+ TODO: check
+CVE-2019-10277 (Jenkins StarTeam Plugin stores credentials unencrypted in job config.x ...)
+ TODO: check
CVE-2019-XXXX [insecure handling of /tmp/VMwareDnD]
- open-vm-tools 2:10.3.10-1 (bug #925959; unimportant)
NOTE: https://github.com/vmware/open-vm-tools/commit/e88f91b00a715b79255de6576506d80ecfdb064c
@@ -1263,8 +1307,8 @@ CVE-2019-10275
RESERVED
CVE-2019-10274
RESERVED
-CVE-2019-10273
- RESERVED
+CVE-2019-10273 (Information leakage vulnerability in the /mc login page in ManageEngin ...)
+ TODO: check
CVE-2019-10272
RESERVED
CVE-2019-10271
@@ -9935,8 +9979,8 @@ CVE-2019-7003
RESERVED
CVE-2019-7002
RESERVED
-CVE-2019-7001
- RESERVED
+CVE-2019-7001 (A SQL injection vulnerability in the WebUI component of IP Office Cont ...)
+ TODO: check
CVE-2019-7000
RESERVED
CVE-2019-6999
@@ -10968,8 +11012,8 @@ CVE-2019-6555 (Cscape, 9.80 SP4 and prior. An improper input validation vulnerab
NOT-FOR-US: Cscape
CVE-2019-6554
RESERVED
-CVE-2019-6553
- RESERVED
+CVE-2019-6553 (A vulnerability was found in Rockwell Automation RSLinx Classic versio ...)
+ TODO: check
CVE-2019-6552
RESERVED
CVE-2019-6551 (Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior al ...)
@@ -14659,7 +14703,7 @@ CVE-2019-5024
CVE-2019-5023
RESERVED
CVE-2019-5022
- RESERVED
+ REJECTED
CVE-2019-5021
RESERVED
CVE-2019-5020
@@ -16973,8 +17017,8 @@ CVE-2019-3888
RESERVED
CVE-2019-3887
RESERVED
-CVE-2019-3886
- RESERVED
+CVE-2019-3886 (An incorrect permissions check was discovered in libvirt 4.8.0 and abo ...)
+ TODO: check
CVE-2019-3885
RESERVED
CVE-2019-3884
@@ -17018,7 +17062,7 @@ CVE-2019-3873
CVE-2019-3872
RESERVED
CVE-2019-3871 (A vulnerability was found in PowerDNS Authoritative Server before 4.0. ...)
- {DLA-1737-1}
+ {DSA-4424-1 DLA-1737-1}
- pdns 4.1.6-2 (bug #924966)
NOTE: https://github.com/PowerDNS/pdns/issues/7573
NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html
@@ -18811,8 +18855,7 @@ CVE-2018-20450 (The read_MSAT function in ole.c in libxls 1.4.0 has a double fre
- r-cran-readxl 1.2.0.9000-1 (bug #919324)
[stretch] - r-cran-readxl 0.1.1-1+deb9u2
NOTE: https://github.com/evanmiller/libxls/issues/34
-CVE-2018-20449
- RESERVED
+CVE-2018-20449 (The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the L ...)
- linux <unfixed>
NOTE: https://lists.debian.org/debian-security-tracker/2019/01/msg00029.html
CVE-2018-20448 (Frog CMS 0.9.5 has XSS via the Database name field to the /install/ind ...)
@@ -19567,8 +19610,7 @@ CVE-2018-20230 (An issue was discovered in PSPP 1.2.0. There is a heap-based buf
[jessie] - pspp <no-dsa> (Crash cannot be observed under normal conditions)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1660318
NOTE: https://git.savannah.gnu.org/cgit/pspp.git/commit/?id=abd1f816ca3b4f382bddf4564ad092aa934f0ccc
-CVE-2018-20229
- RESERVED
+CVE-2018-20229 (GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before ...)
- gitlab 11.5.5+dfsg-1
NOTE: https://about.gitlab.com/2018/12/20/critical-security-release-gitlab-11-dot-5-dot-5-released/
CVE-2018-20228 (Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with ...)
@@ -19583,8 +19625,8 @@ CVE-2018-20224
RESERVED
CVE-2018-20223
RESERVED
-CVE-2018-20222
- RESERVED
+CVE-2018-20222 (XXE issue in Airsonic before 10.1.2 during parse. ...)
+ TODO: check
CVE-2018-20221 (Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are ...)
NOT-FOR-US: Deltek
CVE-2018-20220 (An issue was discovered on Teracue ENC-400 devices with firmware 2.56 ...)
@@ -23245,8 +23287,8 @@ CVE-2018-19983 (An issue was discovered on Sigma Design Z-Wave S0 through S2 dev
NOT-FOR-US: Sigma Design Z-Wave devices
CVE-2018-19982 (An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs be ...)
NOT-FOR-US: KT MC01507L Z-Wave S0 devices
-CVE-2018-19981
- RESERVED
+CVE-2018-19981 (Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences t ...)
+ TODO: check
CVE-2018-19980 (Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cau ...)
NOT-FOR-US: Anker Nebula Capsule Pro devices
CVE-2018-19979
@@ -23666,10 +23708,10 @@ CVE-2019-1830
RESERVED
CVE-2019-1829
RESERVED
-CVE-2019-1828
- RESERVED
-CVE-2019-1827
- RESERVED
+CVE-2019-1828 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ TODO: check
+CVE-2019-1827 (A vulnerability in the Online Help web service of Cisco Small Business ...)
+ TODO: check
CVE-2019-1826
RESERVED
CVE-2019-1825
@@ -43087,8 +43129,7 @@ CVE-2018-13920
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13919
RESERVED
-CVE-2018-13918
- RESERVED
+CVE-2018-13918 (kernel could return a received message length higher than expected, wh ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13917
RESERVED
@@ -48165,11 +48206,9 @@ CVE-2018-11973
RESERVED
CVE-2018-11972
RESERVED
-CVE-2018-11971
- RESERVED
+CVE-2018-11971 (Interrupt exit code flow may undermine access control policy set forth ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11970
- RESERVED
+CVE-2018-11970 (TZ App dynamic allocations not protected from XBL loader in Snapdragon ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11969
RESERVED
@@ -48179,8 +48218,7 @@ CVE-2018-11968
CVE-2018-11967
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11966
- RESERVED
+CVE-2018-11966 (Undefined behavior in UE while processing unknown IEI in OTA message i ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11965 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
NOT-FOR-US: CodeAurora components for Android
@@ -48196,8 +48234,7 @@ CVE-2018-11960 (In all android releases(Android for MSM, Firefox OS for MSM, QRD
NOT-FOR-US: CodeAurora components for Android
CVE-2018-11959
RESERVED
-CVE-2018-11958
- RESERVED
+CVE-2018-11958 (Insufficient protection of keys in keypad can lead HLOS to gain access ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11957
RESERVED
@@ -48465,8 +48502,8 @@ CVE-2018-11832 (In all android releases (Android for MSM, Firefox OS for MSM, QR
NOT-FOR-US: Android kernel, code not in mainline
CVE-2018-11831
RESERVED
-CVE-2018-11830
- RESERVED
+CVE-2018-11830 (Improper input validation in QCPE create function may lead to integer ...)
+ TODO: check
CVE-2018-11829
RESERVED
CVE-2018-11828 (When FW tries to get random mac address generated from new SW RNG and ...)
@@ -53001,12 +53038,12 @@ CVE-2018-10246
CVE-2018-10245 (A Full Path Disclosure vulnerability in AWStats through 7.6 allows rem ...)
- awstats <unfixed> (unimportant)
NOTE: Path disclosure for awstats negligible within Debian
-CVE-2018-10244
- RESERVED
-CVE-2018-10243
- RESERVED
-CVE-2018-10242
- RESERVED
+CVE-2018-10244 (Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/ ...)
+ TODO: check
+CVE-2018-10243 (htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allow ...)
+ TODO: check
+CVE-2018-10242 (Suricata version 4.0.4 incorrectly handles the parsing of the SSH bann ...)
+ TODO: check
CVE-2014-10073 (The create_response function in server/server.c in Psensor before 1.1. ...)
{DLA-1361-1}
- psensor 1.1.5-1 (low; bug #896195)
@@ -205205,8 +205242,7 @@ CVE-2014-3605
CVE-2014-3604 (Certificates.java in Not Yet Commons SSL before 0.3.15 does not proper ...)
- not-yet-commons-ssl 0.3.15-1 (bug #759526)
NOTE: http://lists.juliusdavies.ca/pipermail/not-yet-commons-ssl-juliusdavies.ca/2014-August/000832.html
-CVE-2014-3603 [HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification]
- RESERVED
+CVE-2014-3603 (The (1) HttpResource and (2) FileBackedHttpResource implementations in ...)
- libopensaml2-java 2.6.2-1 (bug #759470)
NOTE: http://shibboleth.net/community/advisories/secadv_20140813.txt
NOTE: http://svn.shibboleth.net/view/java-opensaml2/branches/REL_2/src/main/java/org/opensaml/DefaultBootstrap.java?r1=1622&r2=1666&pathrev=1666
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f550ce522e39d59322229c206f9dd1a17009162c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f550ce522e39d59322229c206f9dd1a17009162c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190404/72c2638f/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list