[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu Jan 10 11:55:53 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2597c14d by Moritz Muehlenhoff at 2019-01-10T11:55:16Z
NFUs
irssi n/a in stable/oldstable
busybox no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -267,54 +267,57 @@ CVE-2018-20681 (mate-screensaver before 1.20.2 in MATE Desktop Environment allow
NOTE: https://github.com/mate-desktop/mate-screensaver/issues/170
NOTE: https://github.com/mate-desktop/mate-screensaver/pull/167
CVE-2018-1000426 (A cross-site scripting vulnerability exists in Jenkins Git Changelog ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000425 (An insufficiently protected credentials vulnerability exists in ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000424 (An insufficiently protected credentials vulnerability exists in ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000423 (An insufficiently protected credentials vulnerability exists in ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000422 (An improper authorization vulnerability exists in Jenkins Crowd 2 ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000421 (An improper authorization vulnerability exists in Jenkins Mesos Plugin ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000420 (An improper authorization vulnerability exists in Jenkins Mesos Plugin ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000419 (An improper authorization vulnerability exists in Jenkins HipChat ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000418 (An improper authorization vulnerability exists in Jenkins HipChat ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000417 (A cross-site request forgery vulnerability exists in Jenkins Email ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000416 (A reflected cross-site scripting vulnerability exists in Jenkins Job ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000415 (A cross-site scripting vulnerability exists in Jenkins Rebuilder ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000414 (A cross-site request forgery vulnerability exists in Jenkins Config ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000413 (A cross-site scripting vulnerability exists in Jenkins Config File ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000412 (An improper authorization vulnerability exists in Jenkins Jira Plugin ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000411 (A cross-site request forgery vulnerability exists in Jenkins JUnit ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2018-1000410 (An information exposure vulnerability exists in Jenkins 2.145 and ...)
- TODO: check
+ NOT-FOR-US: Jenkins
CVE-2018-1000409 (A session fixation vulnerability exists in Jenkins 2.145 and earlier, ...)
- TODO: check
+ NOT-FOR-US: Jenkins
CVE-2018-1000408 (A denial of service vulnerability exists in Jenkins 2.145 and earlier, ...)
- TODO: check
+ NOT-FOR-US: Jenkins
CVE-2018-1000407 (A cross-site scripting vulnerability exists in Jenkins 2.145 and ...)
- TODO: check
+ NOT-FOR-US: Jenkins
CVE-2018-1000406 (A path traversal vulnerability exists in Jenkins 2.145 and earlier, ...)
- TODO: check
+ NOT-FOR-US: Jenkins
CVE-2016-10736 (The "Social Pug - Easy Social Share Buttons" plugin before 1.2.6 for ...)
NOT-FOR-US: WordPress plugin social-pug
CVE-2019-5882 (Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are ...)
- irssi <unfixed> (bug #918865)
+ [stretch] - irssi <not-affected> (Vulnerable code not present)
+ [jessie] - irssi <not-affected> (Vulnerable code not present)
NOTE: https://irssi.org/security/irssi_sa_2019_01.txt
NOTE: https://github.com/irssi/irssi/pull/948
NOTE: https://github.com/irssi/irssi//commit/8684ccb45c267fdeaaa779fce9323047aa5a9e38
+ NOTE: Introduced with support for hidden lines in https://github.com/irssi/irssi/commit/8dfeca57ede1e726de07522a87203ce13676882d
CVE-2018-20683 (commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables ...)
- gitolite3 <unfixed> (bug #918849)
[stretch] - gitolite3 <no-dsa> (Minor issue)
@@ -361,7 +364,8 @@ CVE-2019-5737
CVE-2018-20680 (Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. ...)
NOT-FOR-US: Frog CMS
CVE-2018-20679 (An issue was discovered in BusyBox before 1.30.0. An out of bounds read ...)
- - busybox <unfixed> (bug #918846)
+ - busybox <unfixed> (low; bug #918846)
+ [stretch] - busybox <no-dsa> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=11506
NOTE: https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c
NOTE: When fixing this issue make sure to not open CVE-2019-5747 by only
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2597c14d1169ec96e6c6ee3e0533160a4b5a2bc2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2597c14d1169ec96e6c6ee3e0533160a4b5a2bc2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190110/13808338/attachment.html>
More information about the debian-security-tracker-commits
mailing list