[Git][security-tracker-team/security-tracker][master] new nltk issue

Moritz Muehlenhoff jmm at debian.org
Tue Aug 20 18:40:45 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b14b81d5 by Moritz Muehlenhoff at 2019-08-20T17:40:20Z
new nltk issue
libexosip2, quartz no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -775,6 +775,8 @@ CVE-2015-9307 (The wp-google-map-plugin plugin before 2.3.10 for WordPress has C
 	NOT-FOR-US: wp-google-map-plugin plugin for WordPress
 CVE-2014-10375 (handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a nega ...)
 	- libexosip2 <unfixed> (bug #934766)
+	[buster] - libexosip2 <no-dsa> (Minor issue)
+	[stretch] - libexosip2 <no-dsa> (Minor issue)
 	NOTE: http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=2549e421c14aff886629b8482c14af800f411070
 CVE-2013-7476 (The simple-fields plugin before 1.2 for WordPress has CSRF in the admi ...)
 	NOT-FOR-US: simple-fields plugin for WordPress
@@ -1498,6 +1500,9 @@ CVE-2019-14752
 	RESERVED
 CVE-2019-14751
 	RESERVED
+	- nltk <unfixed>
+	NOTE: https://salvatoresecurity.com/zip-slip-in-nltk-cve-2019-14751/
+	NOTE: https://github.com/nltk/nltk/commit/f59d7ed8df2e0e957f7f247fe218032abdbe9a10
 CVE-2019-14750 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...)
 	NOT-FOR-US: osTicket
 CVE-2019-14749 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...)
@@ -3986,7 +3991,11 @@ CVE-2019-13991 (Embedded systems based on Arduino before Rev3 allow remote attac
 	NOT-FOR-US: Issue on embedded systems based on Arduino before Rev3
 CVE-2019-13990 (initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracott ...)
 	- libquartz-java <unfixed> (bug #933169)
+	[buster] - libquartz-java <no-dsa> (Minor issue)
+	[stretch] - libquartz-java <no-dsa> (Minor issue)
 	- libquartz2-java <unfixed> (bug #933170)
+	[buster] - libquartz2-java <no-dsa> (Minor issue)
+	[stretch] - libquartz2-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/quartz-scheduler/quartz/issues/467
 CVE-2019-13989 (dpic 2019.06.20 has a Stack-based Buffer Overflow in the wfloat() func ...)
 	- dpic <itp> (bug #597334)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b14b81d5edff396afccaed2ca0505d818085c06e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b14b81d5edff396afccaed2ca0505d818085c06e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190820/487be528/attachment.html>

More information about the debian-security-tracker-commits mailing list