[Git][security-tracker-team/security-tracker][master] new nasm issue

Moritz Muehlenhoff jmm at debian.org
Fri Feb 15 15:11:00 GMT 2019 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aa80eb20 by Moritz Muehlenhoff at 2019-02-15T15:10:26Z
new nasm issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,12 @@
 CVE-2019-8343 (In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in ...)
-	TODO: check
+	- nasm <unfixed>
+	[stretch] - nasm <no-dsa> (Minor issue)
+	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392556
 CVE-2019-8342
 	RESERVED
 CVE-2019-8341 (An issue was discovered in Jinja2 2.10. The from_string function is ...)
-	TODO: check
+	- jinja2 <undetermined>
+	NOTE: https://github.com/JameelNabbo/Jinja2-Code-execution
 CVE-2019-8340
 	RESERVED
 CVE-2019-8339
@@ -1683,7 +1686,6 @@ CVE-2019-7549
 	RESERVED
 CVE-2019-7548 (SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be ...)
 	- sqlalchemy <undetermined>
-	TODO: check
 CVE-2019-7547 (An issue was discovered in SIDU 6.0. Because the database name is not ...)
 	NOT-FOR-US: SIDU
 CVE-2019-7546 (An issue was discovered in SIDU 6.0. The dbs parameter of the conn.php ...)
@@ -4102,11 +4104,11 @@ CVE-2019-6547
 CVE-2019-6546
 	RESERVED
 CVE-2019-6545 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and ...)
-	TODO: check
+	NOT-FOR-US: AVEVA
 CVE-2019-6544
 	RESERVED
 CVE-2019-6543 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and ...)
-	TODO: check
+	NOT-FOR-US: AVEVA
 CVE-2019-6542
 	RESERVED
 CVE-2019-6541 (A memory corruption vulnerability has been identified in WECON ...)
@@ -5698,17 +5700,17 @@ CVE-2019-5918
 CVE-2019-5917
 	RESERVED
 CVE-2019-5916 (Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and ...)
-	TODO: check
+	NOT-FOR-US: POWER EGG
 CVE-2019-5915 (Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 ...)
-	TODO: check
+	NOT-FOR-US: OpenAM (different from src:openam)
 CVE-2019-5914 (V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer ...)
 	NOT-FOR-US: V20 PRO L-01J
 CVE-2019-5913 (Untrusted search path vulnerability in the installer of LHMelting ...)
 	NOT-FOR-US: LHMelting
 CVE-2019-5912 (Untrusted search path vulnerability in the installer of UNARJ32.DLL ...)
-	TODO: check
+	NOT-FOR-US: Some Windows installer
 CVE-2019-5911 (Untrusted search path vulnerability in the installer of UNLHA32.DLL ...)
-	TODO: check
+	NOT-FOR-US: Some Windows installer
 CVE-2019-5910 (Directory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and ...)
 	NOT-FOR-US: HOUSE GATE App for iOS
 CVE-2019-5909 (License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - ...)
@@ -6543,9 +6545,13 @@ CVE-2019-5598
 CVE-2019-5597
 	RESERVED
 CVE-2019-5596 (In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE ...)
-	TODO: check
+	- kfreebsd-10 <unfixed> (unimportant)
+	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:02.fd.asc
+	NOTE: kfreebsd not covered by security support
 CVE-2019-5595 (In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, ...)
-	TODO: check
+	- kfreebsd-10 <unfixed> (unimportant)
+	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:01.syscall.asc
+	NOTE: kfreebsd not covered by security support
 CVE-2019-5594
 	RESERVED
 CVE-2019-5593
@@ -10281,7 +10287,7 @@ CVE-2019-3784
 CVE-2019-3783
 	RESERVED
 CVE-2019-3782 (Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2019-3781
 	RESERVED
 CVE-2019-3780
@@ -12420,7 +12426,7 @@ CVE-2018-20255
 CVE-2018-20254
 	RESERVED
 CVE-2018-20253 (In WinRAR versions prior to and including 5.60, There is an ...)
-	TODO: check
+	NOT-FOR-US: WinRAR
 CVE-2018-20252 (There is an out-of-bounds writes vulnerability during parsing of ...)
 	NOT-FOR-US: WinRAR
 CVE-2018-20251 (A validation function (in WinRAR code) is being called before ...)
@@ -12450,9 +12456,9 @@ CVE-2018-20240
 CVE-2018-20239
 	RESERVED
 CVE-2018-20238 (Various rest resources in Atlassian Crowd before version 3.2.7 and ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2018-20237 (Atlassian Confluence Server and Data Center before version 6.13.1 ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2018-20236
 	RESERVED
 CVE-2018-20235
@@ -12462,7 +12468,7 @@ CVE-2018-20234
 CVE-2018-20233 (The Upload add-on resource in Atlassian Universal Plugin Manager ...)
 	NOT-FOR-US: Atlassian
 CVE-2018-20232 (The labels widget gadget in Atlassian Jira before version 7.6.11 and ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2018-20231 (Cross Site Request Forgery (CSRF) in the two-factor-authentication ...)
 	NOT-FOR-US: two-factor-authentication plugin for WordPress
 CVE-2018-20230 (An issue was discovered in PSPP 1.2.0. There is a heap-based buffer ...)
@@ -17877,7 +17883,7 @@ CVE-2018-19647
 CVE-2018-19646 (The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, ...)
 	NOT-FOR-US: Imperva SecureSphere
 CVE-2018-19645 (An Authentication Bypass issue exists in Solutions Business Manager ...)
-	TODO: check
+	NOT-FOR-US: Solutions Business Manager (SBM) 
 CVE-2018-19644
 	RESERVED
 CVE-2018-19643
@@ -22466,7 +22472,7 @@ CVE-2018-19010 (Drager Infinity Delta, Infinity Delta, all versions, Delta XL, a
 CVE-2018-19009 (Pilz PNOZmulti Configurator prior to version 10.9 allows an ...)
 	NOT-FOR-US: Pilz PNOZmulti Configurator
 CVE-2018-19008 (The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and ...)
-	TODO: check
+	NOT-FOR-US: TextEditor 2.0 in ABB CP400 Panel Builder
 CVE-2018-19007 (In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the ...)
 	NOT-FOR-US: Geutebrueck cameras
 CVE-2018-19006
@@ -29800,9 +29806,9 @@ CVE-2018-16192 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.
 CVE-2018-16191 (Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, ...)
 	NOT-FOR-US: EC-CUBE
 CVE-2018-16190 (Untrusted search path vulnerability in UNARJ32.DLL for Win32, ...)
-	TODO: check
+	NOT-FOR-US: Some Windows installer
 CVE-2018-16189 (Untrusted search path vulnerability in Self-Extracting Archives ...)
-	TODO: check
+	NOT-FOR-US: Some Windows installer
 CVE-2018-16188 (SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 ...)
 	NOT-FOR-US: RICOH
 CVE-2018-16187 (The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to ...)
@@ -30875,7 +30881,7 @@ CVE-2018-15783
 CVE-2018-15782 (The Quick Setup component of RSA Authentication Manager versions prior ...)
 	NOT-FOR-US: RSA
 CVE-2018-15781 (The Dell Wyse Password Encoder in ThinLinux2 versions prior to ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2018-15780 (RSA Archer versions prior to 6.5.0.1 contain an improper access ...)
 	NOT-FOR-US: RSA Archer
 CVE-2018-15779
@@ -36860,9 +36866,9 @@ CVE-2018-13405 (The inode_init_owner function in fs/inode.c in the Linux kernel
 	NOTE: https://git.kernel.org/linus/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/13/2
 CVE-2018-13404 (The VerifyPopServerConnection resource in Atlassian Jira before ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2018-13403 (The two-dimensional filter statistics gadget in Atlassian Jira before ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2018-13402 (Many resources in Atlassian Jira before version 7.6.9, from version ...)
 	NOT-FOR-US: Atlassian
 CVE-2018-13401 (The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, ...)
@@ -39512,7 +39518,7 @@ CVE-2018-12411 (The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s
 CVE-2018-12410 (The web server component of TIBCO Software Inc's Spotfire Statistics ...)
 	NOT-FOR-US: TIBCO
 CVE-2018-12409 (The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2018-12408 (The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ...)
 	NOT-FOR-US: TIBCO
 CVE-2018-12407
@@ -73885,7 +73891,7 @@ CVE-2018-0698 (Cross-site scripting vulnerability in GROWI v3.2.3 and earlier al
 CVE-2018-0697 (Cross-site scripting vulnerability in Metabase version 0.29.3 and ...)
 	NOT-FOR-US: Metabase
 CVE-2018-0696 (OpenAM (Open Source Edition) 13.0 and later does not properly manage ...)
-	TODO: check
+	NOT-FOR-US: OpenAM (different from src:openam)
 CVE-2018-0695 (Cross-site scripting vulnerability in User-friendly SVN (USVN) Version ...)
 	NOT-FOR-US: User-friendly SVN
 CVE-2018-0694 (FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aa80eb202178059189d8a51d0460471e02e87fe7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aa80eb202178059189d8a51d0460471e02e87fe7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190215/9235ae20/attachment.html>

More information about the debian-security-tracker-commits mailing list