[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Jan 10 11:55:53 GMT 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2597c14d by Moritz Muehlenhoff at 2019-01-10T11:55:16Z
NFUs
irssi n/a in stable/oldstable
busybox no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -267,54 +267,57 @@ CVE-2018-20681 (mate-screensaver before 1.20.2 in MATE Desktop Environment allow
 	NOTE: https://github.com/mate-desktop/mate-screensaver/issues/170
 	NOTE: https://github.com/mate-desktop/mate-screensaver/pull/167
 CVE-2018-1000426 (A cross-site scripting vulnerability exists in Jenkins Git Changelog ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000425 (An insufficiently protected credentials vulnerability exists in ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000424 (An insufficiently protected credentials vulnerability exists in ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000423 (An insufficiently protected credentials vulnerability exists in ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000422 (An improper authorization vulnerability exists in Jenkins Crowd 2 ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000421 (An improper authorization vulnerability exists in Jenkins Mesos Plugin ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000420 (An improper authorization vulnerability exists in Jenkins Mesos Plugin ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000419 (An improper authorization vulnerability exists in Jenkins HipChat ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000418 (An improper authorization vulnerability exists in Jenkins HipChat ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000417 (A cross-site request forgery vulnerability exists in Jenkins Email ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000416 (A reflected cross-site scripting vulnerability exists in Jenkins Job ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000415 (A cross-site scripting vulnerability exists in Jenkins Rebuilder ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000414 (A cross-site request forgery vulnerability exists in Jenkins Config ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000413 (A cross-site scripting vulnerability exists in Jenkins Config File ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000412 (An improper authorization vulnerability exists in Jenkins Jira Plugin ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000411 (A cross-site request forgery vulnerability exists in Jenkins JUnit ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000410 (An information exposure vulnerability exists in Jenkins 2.145 and ...)
-	TODO: check
+	NOT-FOR-US: Jenkins
 CVE-2018-1000409 (A session fixation vulnerability exists in Jenkins 2.145 and earlier, ...)
-	TODO: check
+	NOT-FOR-US: Jenkins
 CVE-2018-1000408 (A denial of service vulnerability exists in Jenkins 2.145 and earlier, ...)
-	TODO: check
+	NOT-FOR-US: Jenkins
 CVE-2018-1000407 (A cross-site scripting vulnerability exists in Jenkins 2.145 and ...)
-	TODO: check
+	NOT-FOR-US: Jenkins
 CVE-2018-1000406 (A path traversal vulnerability exists in Jenkins 2.145 and earlier, ...)
-	TODO: check
+	NOT-FOR-US: Jenkins
 CVE-2016-10736 (The "Social Pug - Easy Social Share Buttons" plugin before 1.2.6 for ...)
 	NOT-FOR-US: WordPress plugin social-pug
 CVE-2019-5882 (Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are ...)
 	- irssi <unfixed> (bug #918865)
+	[stretch] - irssi <not-affected> (Vulnerable code not present)
+	[jessie] - irssi <not-affected> (Vulnerable code not present)
 	NOTE: https://irssi.org/security/irssi_sa_2019_01.txt
 	NOTE: https://github.com/irssi/irssi/pull/948
 	NOTE: https://github.com/irssi/irssi//commit/8684ccb45c267fdeaaa779fce9323047aa5a9e38
+	NOTE: Introduced with support for hidden lines in https://github.com/irssi/irssi/commit/8dfeca57ede1e726de07522a87203ce13676882d
 CVE-2018-20683 (commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables ...)
 	- gitolite3 <unfixed> (bug #918849)
 	[stretch] - gitolite3 <no-dsa> (Minor issue)
@@ -361,7 +364,8 @@ CVE-2019-5737
 CVE-2018-20680 (Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. ...)
 	NOT-FOR-US: Frog CMS
 CVE-2018-20679 (An issue was discovered in BusyBox before 1.30.0. An out of bounds read ...)
-	- busybox <unfixed> (bug #918846)
+	- busybox <unfixed> (low; bug #918846)
+	[stretch] - busybox <no-dsa> (Minor issue)
 	NOTE: https://bugs.busybox.net/show_bug.cgi?id=11506
 	NOTE: https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c
 	NOTE: When fixing this issue make sure to not open CVE-2019-5747 by only



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2597c14d1169ec96e6c6ee3e0533160a4b5a2bc2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2597c14d1169ec96e6c6ee3e0533160a4b5a2bc2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190110/13808338/attachment.html>


More information about the debian-security-tracker-commits mailing list