[Git][security-tracker-team/security-tracker][master] new teeworlds, poppler, neutron issues
Moritz Muehlenhoff
jmm at debian.org
Fri Apr 5 13:28:29 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
68265060 by Moritz Muehlenhoff at 2019-04-05T12:27:55Z
new teeworlds, poppler, neutron issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,21 +1,34 @@
CVE-2019-10879 (In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::O ...)
- TODO: check
+ - teeworlds <unfixed>
+ NOTE: https://github.com/teeworlds/teeworlds/issues/2070
+ NOTE: https://github.com/teeworlds/teeworlds/commit/4d529dcd2d01022e979ebfa0b91167dee37cdb8e
CVE-2019-10878 (In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader: ...)
- TODO: check
+ - teeworlds <unfixed>
+ NOTE: https://github.com/teeworlds/teeworlds/issues/2073
+ NOTE: https://github.com/teeworlds/teeworlds/commit/e086f4b35b1adf7edc35b4ad332dc7ed1edc5988
CVE-2019-10877 (In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in en ...)
- TODO: check
+ - teeworlds <unfixed>
+ NOTE: https://github.com/teeworlds/teeworlds/issues/2071
+ NOTE: https://github.com/teeworlds/teeworlds/commit/d25869626a8cfbdd320929ba93ce73abed1402ce
+ NOTE: https://github.com/teeworlds/teeworlds/commit/e086f4b35b1adf7edc35b4ad332dc7ed1edc5988
CVE-2019-10876 (An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x ...)
- TODO: check
+ - neutron <unfixed>
+ NOTE: https://bugs.launchpad.net/ossa/+bug/1813007
+ NOTE: https://review.openstack.org/#/q/topic:bug/1813007
CVE-2019-10875
RESERVED
CVE-2019-10874 (Cross Site Request Forgery (CSRF) in the bolt/upload File Upload featu ...)
- TODO: check
+ NOT-FOR-US: Bolt CMS
CVE-2019-10873 (An issue was discovered in Poppler 0.74.0. There is a NULL pointer der ...)
- TODO: check
+ - poppler <unfixed>
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/748
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8dbe2e6c480405dab9347075cf4be626f90f1d05
CVE-2019-10872 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...)
- TODO: check
+ - poppler <unfixed>
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/750
CVE-2019-10871 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...)
- TODO: check
+ - poppler <unfixed>
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/751
CVE-2019-10870
RESERVED
CVE-2019-10869
@@ -69,7 +82,7 @@ CVE-2019-10846
CVE-2019-10845
RESERVED
CVE-2019-10844 (nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka n ...)
- TODO: check
+ NOT-FOR-US: Sony
CVE-2019-10843
RESERVED
CVE-2019-10842 (Arbitrary code execution (via backdoor code) was discovered in bootstr ...)
@@ -340,77 +353,77 @@ CVE-2019-1003088 (Jenkins Fabric Beta Publisher Plugin stores credentials unencr
CVE-2019-1003087 (A missing permission check in Jenkins Chef Sinatra Plugin in the ChefB ...)
NOT-FOR-US: Jenkins Chef Sinatra Plugin
CVE-2019-1003086 (A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plu ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003085 (A missing permission check in Jenkins Zephyr Enterprise Test Managemen ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003084 (A cross-site request forgery vulnerability in Jenkins Zephyr Enterpris ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003083 (A missing permission check in Jenkins Gearman Plugin in the GearmanPlu ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003082 (A cross-site request forgery vulnerability in Jenkins Gearman Plugin i ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003081 (A missing permission check in Jenkins OpenShift Deployer Plugin in the ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003080 (A cross-site request forgery vulnerability in Jenkins OpenShift Deploy ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003079 (A missing permission check in Jenkins VMware Lab Manager Slaves Plugin ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003078 (A cross-site request forgery vulnerability in Jenkins VMware Lab Manag ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003077 (A missing permission check in Jenkins Audit to Database Plugin in the ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003076 (A cross-site request forgery vulnerability in Jenkins Audit to Databas ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003075 (Jenkins Audit to Database Plugin stores credentials unencrypted in its ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003074 (Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003073 (Jenkins VS Team Services Continuous Deployment Plugin stores credentia ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003072 (Jenkins WildFly Deployer Plugin stores credentials unencrypted in job ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003071 (Jenkins OctopusDeploy Plugin stores credentials unencrypted in its glo ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003070 (Jenkins veracode-scanner Plugin stores credentials unencrypted in its ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003069 (Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003068 (Jenkins VMware vRealize Automation Plugin stores credentials unencrypt ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003067 (Jenkins Trac Publisher Plugin stores credentials unencrypted in job co ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003066 (Jenkins Bugzilla Plugin stores credentials unencrypted in its global c ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003065 (Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypte ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003064 (Jenkins aws-device-farm Plugin stores credentials unencrypted in its g ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003063 (Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypte ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003062 (Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencr ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003061 (Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencr ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003060 (Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in it ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003059 (A missing permission check in Jenkins FTP publisher Plugin in the FTPP ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003058 (A cross-site request forgery vulnerability in Jenkins FTP publisher Pl ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003057 (Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003056 (Jenkins WebSphere Deployer Plugin stores credentials unencrypted in jo ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003055 (Jenkins FTP publisher Plugin stores credentials unencrypted in its glo ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003054 (Jenkins Jira Issue Updater Plugin stores credentials unencrypted in jo ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003053 (Jenkins HockeyApp Plugin stores credentials unencrypted in job config. ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003052 (Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unen ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003051 (Jenkins IRC Plugin stores credentials unencrypted in its global config ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10868 (In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 befo ...)
- tryton-server <unfixed>
NOTE: https://discuss.tryton.org/t/security-release-for-issue8189/1262
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6826506007799321ff7f68ed33ef5bf91b83a97b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6826506007799321ff7f68ed33ef5bf91b83a97b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190405/86e13a09/attachment.html>
More information about the debian-security-tracker-commits
mailing list