[Git][security-tracker-team/security-tracker][master] new tintin++, uap-core issues

Moritz Muehlenhoff jmm at debian.org
Tue Feb 19 09:28:16 GMT 2019 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7f187f70 by Moritz Muehlenhoff at 2019-02-19T09:27:41Z
new tintin++, uap-core issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2019-8933 (In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2019-8932
 	RESERVED
 CVE-2019-8931
@@ -27,7 +27,7 @@ CVE-2019-8921
 CVE-2019-8920
 	RESERVED
 CVE-2019-8919 (The seadroid (aka Seafile Android Client) application through 2.2.13 ...)
-	TODO: check
+	NOT-FOR-US: Seafile Android Client
 CVE-2019-8918
 	RESERVED
 CVE-2019-8917 (SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code ...)
@@ -2734,7 +2734,8 @@ CVE-2019-7631
 CVE-2019-7630
 	RESERVED
 CVE-2019-7629 (Stack-based buffer overflow in the strip_vt102_codes function in ...)
-	TODO: check
+	- tintin++ <unfixed>
+	[stretch] - tintin++ <no-dsa> (Minor issue)
 CVE-2019-7628 (Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail ...)
 	- pagure <itp> (bug #829046)
 CVE-2019-7627
@@ -14018,7 +14019,10 @@ CVE-2018-20167 (Terminology before 1.3.1 allows Remote Code Execution because po
 CVE-2018-20165
 	RESERVED
 CVE-2018-20164 (An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser ...)
-	TODO: check
+	- uap-core <unfixed>
+	NOTE: https://github.com/ua-parser/uap-core/commit/010ccdc7303546cd22b9da687c29f4a996990014
+	NOTE: https://github.com/ua-parser/uap-core/commit/156f7e12b215bddbaf3df4514c399d683e6cdadc
+	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-009-uaparser/ 
 CVE-2018-20163
 	RESERVED
 CVE-2018-20162



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f187f70a128e38b9e21306396e776f564e41eba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f187f70a128e38b9e21306396e776f564e41eba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190219/d202eee3/attachment.html>

More information about the debian-security-tracker-commits mailing list