[Git][security-tracker-team/security-tracker][master] Convert some older NFUs for axTLS to the (now) present itp bug for axtls

Wed Dec 4 20:05:31 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c2782165 by Salvatore Bonaccorso at 2019-12-04T20:04:38Z
Convert some older NFUs for axTLS to the (now) present itp bug for axtls

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35249,7 +35249,7 @@ CVE-2019-8983 (MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1
 CVE-2019-8982 (com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishan ...)
 	NOT-FOR-US: WaveMaker Studio
 CVE-2019-8981 (tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overfl ...)
-	NOT-FOR-US: axTLS
+	- axtls <itp> (bug #932027)
 CVE-2018-20784 (In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf ...)
 	- linux 4.19.16-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -68381,7 +68381,7 @@ CVE-2018-16255 (** DISPUTED ** There is an XSS vulnerability in WP All Import pl
 CVE-2018-16254 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...)
 	NOT-FOR-US: WP All Import plugin for WordPress
 CVE-2018-16253 (In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS# ...)
-	NOT-FOR-US: axTLS
+	- axtls <itp> (bug #932027)
 CVE-2018-16252 (FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML Exter ...)
 	NOT-FOR-US: FsPro Labs Event Log Explorer
 CVE-2018-16251 (A "search for user discovery" injection issue exists in Creatiwity wit ...)
@@ -68624,9 +68624,9 @@ CVE-2018-16151 (In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the
 	- strongswan 5.7.0-1
 	NOTE: https://strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
 CVE-2018-16150 (In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS# ...)
-	NOT-FOR-US: axTLS
+	- axtls <itp> (bug #932027)
 CVE-2018-16149 (In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS# ...)
-	NOT-FOR-US: axTLS
+	- axtls <itp> (bug #932027)
 CVE-2018-16148 (The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monito ...)
 	NOT-FOR-US: Opsview Monitor
 CVE-2018-16147 (The data parameter of the /settings/api/router endpoint in Opsview Mon ...)
@@ -96780,7 +96780,7 @@ CVE-2017-1000417 (MatrixSSL version 3.7.2 adopts a collision-prone OID compariso
 	- matrixssl <removed>
 	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
 CVE-2017-1000416 (axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting i ...)
-	NOT-FOR-US: axTLS
+	- axtls <itp> (bug #932027)
 CVE-2018-6003 (An issue was discovered in the _asn1_decode_simple_ber function in dec ...)
 	{DSA-4106-1}
 	- libtasn1-6 4.13-2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c27821657267cdcfdb51749cc1040096a0952774

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c27821657267cdcfdb51749cc1040096a0952774
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191204/0edb6c47/attachment.html>
