[Git][security-tracker-team/security-tracker][master] new librabbitmq issue

Moritz Muehlenhoff jmm at debian.org
Mon Dec 2 10:06:03 GMT 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
17c21eb7 by Moritz Muehlenhoff at 2019-12-02T10:05:39Z
new librabbitmq issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,19 +3,19 @@ CVE-2019-19498
 CVE-2019-19497
 	RESERVED
 CVE-2019-19496 (Alfresco Enterprise 5.2.4 allows stored XSS via an uploaded HTML docum ...)
-	TODO: check
+	NOT-FOR-US: Alfresco
 CVE-2019-19495
 	RESERVED
 CVE-2019-19494
 	RESERVED
 CVE-2019-19493 (Kentico before 12.0.50 allows file uploads in which the Content-Type h ...)
-	TODO: check
+	NOT-FOR-US: Kentico
 CVE-2019-19492 (FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socke ...)
 	- freeswitch <itp> (bug #389591)
 CVE-2019-19491 (TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit par ...)
-	TODO: check
+	NOT-FOR-US: TestLink
 CVE-2019-19490 (LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the ...)
-	TODO: check
+	NOT-FOR-US: LiteManager
 CVE-2019-19489 (SMPlayer 19.5.0 has a buffer overflow via a long .m3u file. ...)
 	TODO: check
 CVE-2019-19488
@@ -63,9 +63,9 @@ CVE-2019-19471
 CVE-2019-19470
 	RESERVED
 CVE-2019-19469 (In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks ...)
-	TODO: check
+	NOT-FOR-US: Zmanda Management Console
 CVE-2019-19468 (Free Photo Viewer 1.3 allows remote attackers to execute arbitrary cod ...)
-	TODO: check
+	NOT-FOR-US: Free Photo Viewer
 CVE-2019-19467
 	RESERVED
 CVE-2020-1884
@@ -414,7 +414,7 @@ CVE-2019-19398
 CVE-2019-19397
 	RESERVED
 CVE-2019-19396 (illumos, as used in OmniOS Community Edition before r151030y, allows a ...)
-	TODO: check
+	NOT-FOR-US: illumos
 CVE-2019-19395
 	RESERVED
 CVE-2013-7484 (Zabbix before 5.0 represents passwords in the users table with unsalte ...)
@@ -674,7 +674,7 @@ CVE-2019-19364
 CVE-2019-19363
 	RESERVED
 CVE-2019-19362 (An issue was discovered in the Chat functionality of the TeamViewer de ...)
-	TODO: check
+	NOT-FOR-US: TeamViewer
 CVE-2019-19361
 	RESERVED
 CVE-2019-19360
@@ -1786,7 +1786,7 @@ CVE-2019-18924 (Systematic IRIS WebForms 5.4 is vulnerable to directory traversa
 CVE-2019-18923 (Insufficient content type validation of proxied resources in go-camo b ...)
 	NOT-FOR-US: go-camo
 CVE-2019-18922 (A Directory Traversal in the Web interface of the Allied Telesis AT-GS ...)
-	TODO: check
+	NOT-FOR-US: Allied Telesis
 CVE-2019-18921
 	RESERVED
 CVE-2019-18920
@@ -4717,7 +4717,9 @@ CVE-2019-18610 (An issue was discovered in manager.c in Sangoma Asterisk through
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2019-007.html
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28580
 CVE-2019-18609 (An issue was discovered in amqp_handle_input in amqp_connection.c in r ...)
-	TODO: check
+	- librabbitmq <unfixed>
+	NOTE: https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a
+	NOTE: https://github.com/alanxz/rabbitmq-c/blob/master/ChangeLog.md
 CVE-2019-18608 (Cezerin v0.33.0 allows unauthorized order-information modification bec ...)
 	NOT-FOR-US: Cezerin
 CVE-2019-18607
@@ -10325,9 +10327,9 @@ CVE-2019-16769
 CVE-2019-16768
 	RESERVED
 CVE-2019-16767 (The admin sys mode is now conditional and dedicated for the special ca ...)
-	TODO: check
+	NOT-FOR-US: ezmaster
 CVE-2019-16766 (When using wagtail-2fa before 1.3.0, if someone gains access to someon ...)
-	TODO: check
+	NOT-FOR-US: wagtail-2fa
 CVE-2019-16765 (If an attacker can get a user to open a specially prepared directory t ...)
 	NOT-FOR-US: Vscode
 CVE-2019-16764 (The use of `String.to_atom/1` in PowAssent is susceptible to denial of ...)
@@ -13546,9 +13548,9 @@ CVE-2019-15633
 CVE-2019-15632
 	RESERVED
 CVE-2019-15631 (Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API ...)
-	TODO: check
+	NOT-FOR-US: MuleSoft
 CVE-2019-15630 (Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider com ...)
-	NOT-FOR-US: Mulesoft
+	NOT-FOR-US: MuleSoft
 CVE-2019-15629 (Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is ...)
 	NOT-FOR-US: Trend Micro
 CVE-2019-15628
@@ -44413,7 +44415,7 @@ CVE-2019-5265
 CVE-2019-5264
 	RESERVED
 CVE-2019-5263 (HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and ear ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5262
 	RESERVED
 CVE-2019-5261



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/17c21eb7c02d8db89e910f89fd4a29f90e3b8879

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/17c21eb7c02d8db89e910f89fd4a29f90e3b8879
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191202/3e697cbe/attachment.html>

More information about the debian-security-tracker-commits mailing list