[Git][security-tracker-team/security-tracker][master] new ffmpeg issues
Moritz Muehlenhoff
jmm at debian.org
Fri Apr 19 17:18:27 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5f8275f7 by Moritz Muehlenhoff at 2019-04-19T16:18:02Z
new ffmpeg issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,10 @@
CVE-2019-11339 (The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 ...)
- TODO: check
+ - ffmpeg <unfixed>
+ NOTE: https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb
+ NOTE: https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a
CVE-2019-11338 (libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate ...)
- TODO: check
+ - ffmpeg <unfixed>
+ NOTE: https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e
CVE-2019-11337
RESERVED
CVE-2019-11336
@@ -13,9 +16,9 @@ CVE-2019-11334
CVE-2019-11333
RESERVED
CVE-2019-11332 (MKCMS 5.0 allows remote attackers to take over arbitrary user accounts ...)
- TODO: check
+ NOT-FOR-US: MKCMS
CVE-2019-11331 (Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 e ...)
- TODO: check
+ NOT-FOR-US: Generic NTP protocol flaw
CVE-2019-11330
RESERVED
CVE-2019-11329
@@ -725,7 +728,7 @@ CVE-2019-11017 (On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected
CVE-2019-11016 (Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. ...)
NOT-FOR-US: Elgg
CVE-2019-11015 (A vulnerability was found in the MIUI OS version 10.1.3.0 that allows ...)
- TODO: check
+ NOT-FOR-US: MIUI OS
CVE-2019-11014 (The VStarCam vstc.vscam.client library and vstc.vscam shared object, a ...)
NOT-FOR-US: VStarCam
CVE-2019-11013
@@ -1059,7 +1062,7 @@ CVE-2019-10894 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b20e5d8aae2580e29c83ddaf0b6b2e640603e4aa
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-14.html
CVE-2019-10893 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open So ...)
- TODO: check
+ NOT-FOR-US: CentOS-WebPanel.com
CVE-2019-10892
RESERVED
CVE-2019-10891
@@ -2390,19 +2393,19 @@ CVE-2019-10308
CVE-2019-10307
RESERVED
CVE-2019-10306 (A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earli ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10305 (A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in th ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10304 (A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Dep ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10303 (Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier sto ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10302 (Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10301 (A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10300 (A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1. ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10299 (Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in ...)
NOT-FOR-US: Jenkins CloudCoreo DeployTime Plugin
CVE-2019-10298 (Jenkins Koji Plugin stores credentials unencrypted in its global confi ...)
@@ -5952,9 +5955,9 @@ CVE-2019-9164 (Command injection in Nagios XI before 5.5.11 allows an authentica
CVE-2019-9163
RESERVED
CVE-2019-9161 (WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier ...)
- TODO: check
+ NOT-FOR-US: Sangfor Sundray WLAN Controller
CVE-2019-9160 (WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier ...)
- TODO: check
+ NOT-FOR-US: Sangfor Sundray WLAN Controller
CVE-2019-9159
RESERVED
CVE-2019-9158
@@ -6494,7 +6497,7 @@ CVE-2019-9001
CVE-2019-9000
RESERVED
CVE-2019-8999 (An XML External Entity vulnerability in the UEM Core of BlackBerry UEM ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2019-8998
RESERVED
CVE-2019-8997 (An XML External Entity Injection (XXE) vulnerability in the Management ...)
@@ -18830,9 +18833,9 @@ CVE-2019-3721
CVE-2019-3720
RESERVED
CVE-2019-3719 (Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2019-3718 (Dell SupportAssist Client versions prior to 3.2.0.90 contain an improp ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2019-3717
RESERVED
CVE-2019-3716 (RSA Archer versions, prior to 6.5 SP2, contain an information exposure ...)
@@ -20779,7 +20782,7 @@ CVE-2019-3400
CVE-2019-3399
RESERVED
CVE-2019-3398 (Confluence Server and Data Center had a path traversal vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Confluence Server and Data Center
CVE-2019-3397
RESERVED
CVE-2019-3396 (The Widget Connector macro in Atlassian Confluence Server before versi ...)
@@ -35989,7 +35992,7 @@ CVE-2018-17170
CVE-2018-17169
RESERVED
CVE-2018-17168 (PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forger ...)
- TODO: check
+ NOT-FOR-US: PrinterOn Enterprise
CVE-2018-17167 (PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored ...)
NOT-FOR-US: PrinterOn Enterprise
CVE-2018-17166
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5f8275f7cb738c73dde2f069cf6d26cc40e85f20
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5f8275f7cb738c73dde2f069cf6d26cc40e85f20
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190419/1d9c1f75/attachment.html>
More information about the debian-security-tracker-commits
mailing list