[Git][security-tracker-team/security-tracker][master] new unimportant lrzip issue
Moritz Muehlenhoff
jmm at debian.org
Mon Apr 8 17:30:18 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
72a6ecb7 by Moritz Muehlenhoff at 2019-04-08T16:29:40Z
new unimportant lrzip issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -101,7 +101,7 @@ CVE-2019-10876 (An issue was discovered in OpenStack Neutron 11.x before 11.0.7,
NOTE: https://bugs.launchpad.net/ossa/+bug/1813007
NOTE: https://review.openstack.org/#/q/topic:bug/1813007
CVE-2019-10875 (A URL spoofing vulnerability was found in all international versions o ...)
- TODO: check
+ NOT-FOR-US: Xiaomi Mi browser
CVE-2019-10874 (Cross Site Request Forgery (CSRF) in the bolt/upload File Upload featu ...)
NOT-FOR-US: Bolt CMS
CVE-2019-10873 (An issue was discovered in Poppler 0.74.0. There is a NULL pointer der ...)
@@ -660,7 +660,9 @@ CVE-2019-10656 (Grandstream GWN7000 before 1.0.6.32 devices allow remote authent
CVE-2019-10655 (Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3 ...)
NOT-FOR-US: Grandstream
CVE-2019-10654 (The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in ...)
- TODO: check
+ - lrzip <unfixed> (unimportant)
+ NOTE: https://github.com/ckolivas/lrzip/issues/108
+ NOTE: Crash in CLI tool, no security impact
CVE-2019-10653
RESERVED
CVE-2019-10652 (An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote a ...)
@@ -1536,7 +1538,7 @@ CVE-2019-10242
CVE-2019-10241
RESERVED
CVE-2019-10240 (Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifac ...)
- TODO: check
+ NOT-FOR-US: Eclipse hawkBit
CVE-2017-18365 (The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a d ...)
NOT-FOR-US: GitHub Enterprise
CVE-2019-10239
@@ -2471,7 +2473,7 @@ CVE-2019-1010262
CVE-2019-1010261
RESERVED
CVE-2019-1010260 (Using ktlint to download and execute custom rulesets can result in arb ...)
- TODO: check
+ NOT-FOR-US: ktlint
CVE-2019-1010259
RESERVED
CVE-2019-1010258
@@ -9752,7 +9754,7 @@ CVE-2019-7169 (A stored-self XSS exists in Croogo through v3.0.5, allowing an at
CVE-2019-7168 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacke ...)
NOT-FOR-US: Croogo
CVE-2019-7167 (Zcash, before the Sapling network upgrade (2018-10-28), had a counterf ...)
- TODO: check
+ NOT-FOR-US: Zcash
CVE-2019-7166
RESERVED
CVE-2019-7165
@@ -14047,9 +14049,9 @@ CVE-2019-5425
CVE-2019-5424
RESERVED
CVE-2019-5423 (Path traversal vulnerability in http-live-simulator npm package versio ...)
- TODO: check
+ NOT-FOR-US: http-live-simulator node module
CVE-2019-5422 (XSS in buttle npm package version 0.2.0 causes execution of attacker-p ...)
- TODO: check
+ NOT-FOR-US: buttle node module
CVE-2019-5421 (Plataformatec Devise version 4.5.0 and earlier, using the lockable mod ...)
- ruby-devise <unfixed> (bug #926348)
[stretch] - ruby-devise <no-dsa> (Minor issue)
@@ -17545,7 +17547,7 @@ CVE-2019-3794
CVE-2019-3793
RESERVED
CVE-2019-3792 (Pivotal Concourse versions prior to 5.0.1, contains an API that is vul ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2019-3791
RESERVED
CVE-2019-3790
@@ -23468,7 +23470,7 @@ CVE-2018-19983 (An issue was discovered on Sigma Design Z-Wave S0 through S2 dev
CVE-2018-19982 (An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs be ...)
NOT-FOR-US: KT MC01507L Z-Wave S0 devices
CVE-2018-19981 (Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences t ...)
- TODO: check
+ NOT-FOR-US: Amazon AWS SDK
CVE-2018-19980 (Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cau ...)
NOT-FOR-US: Anker Nebula Capsule Pro devices
CVE-2018-19979
@@ -32623,7 +32625,7 @@ CVE-2018-18037
CVE-2018-18036
RESERVED
CVE-2018-18035 (A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 cou ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-18034
RESERVED
CVE-2018-18033
@@ -39010,11 +39012,11 @@ CVE-2003-1605 (curl 7.x before 7.10.7 sends CONNECT proxy credentials to the rem
- curl 7.10.7-1
NOTE: https://curl.haxx.se/docs/CVE-2003-1605.html
CVE-2018-15585 (Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD ...)
- TODO: check
+ NOT-FOR-US: GNUBOARD
CVE-2018-15584
RESERVED
CVE-2018-15583 (Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD ...)
- TODO: check
+ NOT-FOR-US: GNUBOARD
CVE-2018-15582
RESERVED
CVE-2018-15581
@@ -46142,9 +46144,9 @@ CVE-2018-12682
CVE-2018-12681
RESERVED
CVE-2018-12680 (The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and ...)
- TODO: check
+ NOT-FOR-US: CoAPthon
CVE-2018-12679 (The Serialize.deserialize() method in CoAPthon3 1.0 and 1.0.1 mishandl ...)
- TODO: check
+ NOT-FOR-US: CoAPthon
CVE-2018-12678 (Portainer before 1.18.0 supports unauthenticated requests to the webso ...)
NOT-FOR-US: Portainer
CVE-2018-12677
@@ -70690,15 +70692,15 @@ CVE-2018-4055 (A local privilege escalation vulnerability exists in the install
CVE-2018-4054 (A local privilege escalation vulnerability exists in the install helpe ...)
NOT-FOR-US: Renderman
CVE-2018-4053 (An exploitable local denial-of-service vulnerability exists in the pri ...)
- TODO: check
+ NOT-FOR-US: GOG Galaxy's Games for MacOS
CVE-2018-4052 (An exploitable local information leak vulnerability exists in the priv ...)
- TODO: check
+ NOT-FOR-US: GOG Galaxy's Games for MacOS
CVE-2018-4051 (An exploitable local privilege escalation vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: GOG Galaxy's Games for MacOS
CVE-2018-4050 (An exploitable local privilege escalation vulnerability exists in the ...)
NOT-FOR-US: GOG Galaxy's Games for MacOS
CVE-2018-4049 (An exploitable local privilege elevation vulnerability exists in the f ...)
- TODO: check
+ NOT-FOR-US: GOG Galaxy's Games for Windows
CVE-2018-4048
RESERVED
CVE-2018-4047 (An exploitable privilege escalation vulnerability exists in the helper ...)
@@ -70862,7 +70864,7 @@ CVE-2018-3976 (An exploitable out-of-bounds write exists in the CALS Raster file
CVE-2018-3975 (An exploitable uninitialized variable vulnerability exists in the RTF- ...)
NOT-FOR-US: Atlantis Word Processor
CVE-2018-3974 (An exploitable local privilege elevation vulnerability exists in the f ...)
- TODO: check
+ NOT-FOR-US: GOG Galaxy's
CVE-2018-3973 (An exploitable out of bounds write exists in the CAL parsing functiona ...)
NOT-FOR-US: Canvas Draw
CVE-2018-3972 (An exploitable code execution vulnerability exists in the Levin deseri ...)
@@ -173121,7 +173123,7 @@ CVE-2015-5609 (Absolute path traversal vulnerability in the Image Export plugin
CVE-2015-5608 (Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1. ...)
NOT-FOR-US: Joomla!
CVE-2015-5606 (Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remot ...)
- TODO: check
+ NOT-FOR-US: Vordel XML Gateway
CVE-2015-5605 (The regular-expression implementation in Google V8, as used in Google ...)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
@@ -173500,9 +173502,9 @@ CVE-2015-5465 (Silicon Integrated Systems WindowsXP Display Manager (aka VGA Dri
CVE-2015-5464 (The Gemalto SafeNet Luna HSM allows remote authenticated users to bypa ...)
NOT-FOR-US: Gemalto
CVE-2015-5463 (AxiomSL's Axiom java applet module (used for editing uploaded Excel fi ...)
- TODO: check
+ NOT-FOR-US: AxiomSL's Axiom
CVE-2015-5462 (AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows rem ...)
- TODO: check
+ NOT-FOR-US: AxiomSL's Axiom
CVE-2015-5607 (Cross-site request forgery in the REST API in IPython 2 and 3. ...)
- ipython 2.4.1-1 (bug #793123)
[jessie] - ipython <no-dsa> (Minor issue)
@@ -173680,7 +173682,7 @@ CVE-2015-5386 (Siemens SICAM MIC devices with firmware before 2404 allow remote
CVE-2015-5385
RESERVED
CVE-2015-5384 (AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier is vulnera ...)
- TODO: check
+ NOT-FOR-US: AxiomSL's Axiom
CVE-2015-5379 (Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax We ...)
NOT-FOR-US: Axigen
CVE-2015-5378 (Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attac ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/72a6ecb73dbc1306a453d3f0b310969fc5459b01
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/72a6ecb73dbc1306a453d3f0b310969fc5459b01
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190408/4a1ee972/attachment.html>
More information about the debian-security-tracker-commits
mailing list