[Git][security-tracker-team/security-tracker][master] tnef fixed

Fri Dec 6 16:13:08 GMT 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b94fda7 by Moritz Muehlenhoff at 2019-12-06T16:12:38Z
tnef fixed
libonig no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2523,7 +2523,9 @@ CVE-2019-19247
 	RESERVED
 CVE-2019-19246 (Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has  ...)
 	{DLA-2020-1}
-	- libonig <unfixed>
+	- libonig <unfixed> (low)
+	[buster] - libonig <no-dsa> (Minor issue)
+	[stretch] - libonig <no-dsa> (Minor issue)
 	NOTE: https://bugs.php.net/bug.php?id=78559
 	NOTE: https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b
 CVE-2019-19245 (NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication S ...)
@@ -3133,8 +3135,15 @@ CVE-2019-19013 (A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upl
 	NOT-FOR-US: Pagekit CMS
 CVE-2019-19012 (An integer overflow in the search_in_range function in regexec.c in On ...)
 	{DLA-2020-1}
-	- libonig <unfixed> (bug #944959)
+	- libonig <unfixed> (low; bug #944959)
+	[buster] - libonig <no-dsa> (Minor issue)
+	[stretch] - libonig <no-dsa> (Minor issue)
 	NOTE: https://github.com/kkos/oniguruma/issues/164
+	NOTE: https://github.com/kkos/oniguruma/commit/0463e21432515631a9bc925ce5eb95b097c73719
+	NOTE: https://github.com/kkos/oniguruma/commit/778a43dd56925ed58bbe26e3a7bb8202d72c3f3f
+	NOTE: https://github.com/kkos/oniguruma/commit/b6cb7580a7e0c56fc325fe9370b9d34044910aed
+	NOTE: https://github.com/kkos/oniguruma/commit/bfc36d3d8139b8be4d3df630d625c58687b0c7d4
+	NOTE: https://github.com/kkos/oniguruma/commit/db64ef3189f54917a5008a02bdb000adc514a90a
 CVE-2019-19011 (MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueC ...)
 	NOT-FOR-US: ngiflib
 CVE-2019-19010 (Eval injection in the Math plugin of Limnoria (before 2019.11.09) and  ...)
@@ -3513,7 +3522,7 @@ CVE-2019-18850 (TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via
 	TODO: check
 CVE-2019-18849 (In tnef before 1.4.18, an attacker may be able to write to the victim' ...)
 	{DLA-2005-1}
-	- tnef <unfixed> (bug #944851)
+	- tnef 1.4.18-1 (bug #944851)
 	[buster] - tnef <no-dsa> (Minor issue; can be fixed via point release)
 	[stretch] - tnef <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://github.com/verdammelt/tnef/pull/40



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b94fda78cc68f38c42ad862971433c41f1b7f46

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b94fda78cc68f38c42ad862971433c41f1b7f46
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191206/d48071e9/attachment.html>
