[Git][security-tracker-team/security-tracker][master] new linux issue
Moritz Muehlenhoff
jmm at debian.org
Tue Dec 24 08:47:31 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f97cb05d by Moritz Muehlenhoff at 2019-12-24T08:47:04Z
new linux issue
new waitress issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26,7 +26,8 @@ CVE-2019-19948 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overfl
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ae32a9038e360b3491969d5d03d490884f02b4c (7.x)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/9e7db22f8c374301db3f968757f0d08070fd4e54 (6.x)
CVE-2019-19947 (In the Linux kernel through 5.4.6, there are information leaks of unin ...)
- TODO: check
+ - linux <unfixed>
+ NOTE: https://git.kernel.org/linus/da2311a6385c3b499da2ed5d9be59ce331fa93e9
CVE-2019-19946
RESERVED
CVE-2019-19945
@@ -135,7 +136,7 @@ CVE-2020-3921
CVE-2020-3920
RESERVED
CVE-2019-19916 (In Midori Browser 0.5.11 (on Windows 10), Content Security Policy (CSP ...)
- TODO: check
+ NOT-FOR-US: Midori Browser
CVE-2019-19915 (The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for Wor ...)
NOT-FOR-US: "301 Redirects - Easy Redirect Manager" plugin for WordPress
CVE-2019-19914
@@ -11125,11 +11126,11 @@ CVE-2019-18238
CVE-2019-18237
RESERVED
CVE-2019-18236 (Multiple buffer overflow vulnerabilities exist when the PLC Editor Ver ...)
- TODO: check
+ NOT-FOR-US: PLC Editor
CVE-2019-18235
RESERVED
CVE-2019-18234 (Equinox Control Expert all versions, is vulnerable to an SQL injection ...)
- TODO: check
+ NOT-FOR-US: Equinox Control Expert
CVE-2019-18233
RESERVED
CVE-2019-18232 (SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only ...)
@@ -11183,7 +11184,7 @@ CVE-2019-18213 (XML Language Server (aka lsp4xml) before 0.9.1, as used in Red H
CVE-2019-18212 (XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0. ...)
NOT-FOR-US: XML Language Server (aka lsp4xml)
CVE-2019-18211 (An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTok ...)
- TODO: check
+ NOT-FOR-US: Orckestra C1 CMS
CVE-2019-18210
RESERVED
CVE-2019-18209 (templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser doe ...)
@@ -15741,9 +15742,19 @@ CVE-2019-16789
CVE-2019-16788
RESERVED
CVE-2019-16786 (Waitress through version 1.3.1 would parse the Transfer-Encoding heade ...)
- TODO: check
+ - waitress <unfixed>
+ [buster] - waitress <no-dsa> (Minor issue)
+ [stretch] - waitress <no-dsa> (Minor issue)
+ NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-g2xc-35jw-c63p
+ NOTE: https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes
+ NOTE: https://github.com/Pylons/waitress/commit/f11093a6b3240fc26830b6111e826128af7771c3
CVE-2019-16785 (Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 ...)
- TODO: check
+ - waitress <unfixed>
+ [buster] - waitress <no-dsa> (Minor issue)
+ [stretch] - waitress <no-dsa> (Minor issue)
+ NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p
+ NOTE: https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes
+ NOTE: https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba
CVE-2019-16784
RESERVED
CVE-2019-16783
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f97cb05d55a25f57a527c1fc726e32637c8403cc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f97cb05d55a25f57a527c1fc726e32637c8403cc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191224/b536cebd/attachment.html>
More information about the debian-security-tracker-commits
mailing list