[Git][security-tracker-team/security-tracker][master] new teeworlds, poppler, neutron issues

Moritz Muehlenhoff jmm at debian.org
Fri Apr 5 13:28:29 BST 2019



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
68265060 by Moritz Muehlenhoff at 2019-04-05T12:27:55Z
new teeworlds, poppler, neutron issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,21 +1,34 @@
 CVE-2019-10879 (In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::O ...)
-	TODO: check
+	- teeworlds <unfixed>
+	NOTE: https://github.com/teeworlds/teeworlds/issues/2070
+	NOTE: https://github.com/teeworlds/teeworlds/commit/4d529dcd2d01022e979ebfa0b91167dee37cdb8e
 CVE-2019-10878 (In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader: ...)
-	TODO: check
+	- teeworlds <unfixed>
+	NOTE: https://github.com/teeworlds/teeworlds/issues/2073
+	NOTE: https://github.com/teeworlds/teeworlds/commit/e086f4b35b1adf7edc35b4ad332dc7ed1edc5988
 CVE-2019-10877 (In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in en ...)
-	TODO: check
+	- teeworlds <unfixed>
+	NOTE: https://github.com/teeworlds/teeworlds/issues/2071
+	NOTE: https://github.com/teeworlds/teeworlds/commit/d25869626a8cfbdd320929ba93ce73abed1402ce
+	NOTE: https://github.com/teeworlds/teeworlds/commit/e086f4b35b1adf7edc35b4ad332dc7ed1edc5988
 CVE-2019-10876 (An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x  ...)
-	TODO: check
+	- neutron <unfixed>
+	NOTE: https://bugs.launchpad.net/ossa/+bug/1813007
+	NOTE: https://review.openstack.org/#/q/topic:bug/1813007 
 CVE-2019-10875
 	RESERVED
 CVE-2019-10874 (Cross Site Request Forgery (CSRF) in the bolt/upload File Upload featu ...)
-	TODO: check
+	NOT-FOR-US: Bolt CMS
 CVE-2019-10873 (An issue was discovered in Poppler 0.74.0. There is a NULL pointer der ...)
-	TODO: check
+	- poppler <unfixed>
+	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/748
+	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8dbe2e6c480405dab9347075cf4be626f90f1d05
 CVE-2019-10872 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...)
-	TODO: check
+	- poppler <unfixed>
+	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/750
 CVE-2019-10871 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...)
-	TODO: check
+	- poppler <unfixed>
+	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/751
 CVE-2019-10870
 	RESERVED
 CVE-2019-10869
@@ -69,7 +82,7 @@ CVE-2019-10846
 CVE-2019-10845
 	RESERVED
 CVE-2019-10844 (nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka n ...)
-	TODO: check
+	NOT-FOR-US: Sony
 CVE-2019-10843
 	RESERVED
 CVE-2019-10842 (Arbitrary code execution (via backdoor code) was discovered in bootstr ...)
@@ -340,77 +353,77 @@ CVE-2019-1003088 (Jenkins Fabric Beta Publisher Plugin stores credentials unencr
 CVE-2019-1003087 (A missing permission check in Jenkins Chef Sinatra Plugin in the ChefB ...)
 	NOT-FOR-US: Jenkins Chef Sinatra Plugin
 CVE-2019-1003086 (A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plu ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003085 (A missing permission check in Jenkins Zephyr Enterprise Test Managemen ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003084 (A cross-site request forgery vulnerability in Jenkins Zephyr Enterpris ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003083 (A missing permission check in Jenkins Gearman Plugin in the GearmanPlu ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003082 (A cross-site request forgery vulnerability in Jenkins Gearman Plugin i ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003081 (A missing permission check in Jenkins OpenShift Deployer Plugin in the ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003080 (A cross-site request forgery vulnerability in Jenkins OpenShift Deploy ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003079 (A missing permission check in Jenkins VMware Lab Manager Slaves Plugin ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003078 (A cross-site request forgery vulnerability in Jenkins VMware Lab Manag ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003077 (A missing permission check in Jenkins Audit to Database Plugin in the  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003076 (A cross-site request forgery vulnerability in Jenkins Audit to Databas ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003075 (Jenkins Audit to Database Plugin stores credentials unencrypted in its ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003074 (Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003073 (Jenkins VS Team Services Continuous Deployment Plugin stores credentia ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003072 (Jenkins WildFly Deployer Plugin stores credentials unencrypted in job  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003071 (Jenkins OctopusDeploy Plugin stores credentials unencrypted in its glo ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003070 (Jenkins veracode-scanner Plugin stores credentials unencrypted in its  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003069 (Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003068 (Jenkins VMware vRealize Automation Plugin stores credentials unencrypt ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003067 (Jenkins Trac Publisher Plugin stores credentials unencrypted in job co ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003066 (Jenkins Bugzilla Plugin stores credentials unencrypted in its global c ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003065 (Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypte ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003064 (Jenkins aws-device-farm Plugin stores credentials unencrypted in its g ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003063 (Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypte ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003062 (Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencr ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003061 (Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencr ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003060 (Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in it ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003059 (A missing permission check in Jenkins FTP publisher Plugin in the FTPP ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003058 (A cross-site request forgery vulnerability in Jenkins FTP publisher Pl ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003057 (Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003056 (Jenkins WebSphere Deployer Plugin stores credentials unencrypted in jo ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003055 (Jenkins FTP publisher Plugin stores credentials unencrypted in its glo ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003054 (Jenkins Jira Issue Updater Plugin stores credentials unencrypted in jo ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003053 (Jenkins HockeyApp Plugin stores credentials unencrypted in job config. ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003052 (Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unen ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003051 (Jenkins IRC Plugin stores credentials unencrypted in its global config ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10868 (In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 befo ...)
 	- tryton-server <unfixed>
 	NOTE: https://discuss.tryton.org/t/security-release-for-issue8189/1262



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6826506007799321ff7f68ed33ef5bf91b83a97b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6826506007799321ff7f68ed33ef5bf91b83a97b
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190405/86e13a09/attachment.html>


More information about the debian-security-tracker-commits mailing list