[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2019-11499/dovecot

Salvatore Bonaccorso carnil at debian.org
Tue Apr 30 14:55:31 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d062c535 by Salvatore Bonaccorso at 2019-04-30T13:54:50Z
Add CVE-2019-11499/dovecot

- - - - -
7330dcde by Salvatore Bonaccorso at 2019-04-30T13:55:09Z
Add CVE-2019-11494/dovecot

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -240,8 +240,12 @@ CVE-2019-11501
 	RESERVED
 CVE-2019-11500
 	RESERVED
-CVE-2019-11499
+CVE-2019-11499 [Submission-login crashes when authentication is started over TLS secured channel and invalid authentication message is sent]
 	RESERVED
+	- dovecot <unfixed>
+	[stretch] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
+	[jessie] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
+	NOTE: https://dovecot.org/pipermail/dovecot/2019-April/115758.html
 CVE-2019-11498 (WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack t ...)
 	- wavpack 5.1.0-6 (low; bug #927903)
 	[stretch] - wavpack <no-dsa> (Minor issue)
@@ -253,8 +257,12 @@ CVE-2019-11496
 	RESERVED
 CVE-2019-11495
 	RESERVED
-CVE-2019-11494
+CVE-2019-11494 [Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting.]
 	RESERVED
+	- dovecot <unfixed>
+	[stretch] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
+	[jessie] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
+	NOTE: https://dovecot.org/pipermail/dovecot/2019-April/115757.html
 CVE-2019-11493 (VeryPDF 4.1 has a Memory Overflow leading to Code Execution because pd ...)
 	NOT-FOR-US: VeryPDF
 CVE-2019-11492 (ProjectSend before r1070 writes user passwords to the server logs. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/126b98b97495deaffbb6978344506362809d5283...7330dcdeda8aff5c7df5e73ea31e8467bf3bdbde

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/126b98b97495deaffbb6978344506362809d5283...7330dcdeda8aff5c7df5e73ea31e8467bf3bdbde
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190430/09a5b723/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list