[Git][security-tracker-team/security-tracker][master] new ruby-mini-magick, wavpack issues
Moritz Muehlenhoff
jmm at debian.org
Fri Jul 12 15:07:02 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7387e20f by Moritz Muehlenhoff at 2019-07-12T14:06:29Z
new ruby-mini-magick, wavpack issues
NFUs
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2019-13574 (In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remo ...)
- TODO: check
+ - ruby-mini-magick <unfixed> (bug #931932)
CVE-2019-13573
RESERVED
CVE-2019-13572
@@ -13,7 +13,7 @@ CVE-2019-13569
CVE-2019-13568
RESERVED
CVE-2019-13567 (The Zoom Client before 4.4.2 on macOS allows remote code execution, a ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2019-13566
RESERVED
CVE-2019-13565
@@ -162,7 +162,7 @@ CVE-2019-13496
CVE-2019-13495
RESERVED
CVE-2019-13494 (nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0. ...)
- TODO: check
+ NOT-FOR-US: Castle Rock SNMPc
CVE-2019-13493
RESERVED
CVE-2019-13492
@@ -2058,7 +2058,7 @@ CVE-2019-12753
CVE-2019-12752
RESERVED
CVE-2019-12751 (Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a p ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2019-12750
RESERVED
CVE-2019-12749 (dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, ...)
@@ -2426,23 +2426,23 @@ CVE-2019-12581 (A reflective Cross-site scripting (XSS) vulnerability in the fre
CVE-2019-12580
RESERVED
CVE-2019-12579 (A vulnerability in the London Trust Media Private Internet Access (PIA ...)
- TODO: check
+ NOT-FOR-US: Private Internet Access client
CVE-2019-12578 (A vulnerability in the London Trust Media Private Internet Access (PIA ...)
- TODO: check
+ NOT-FOR-US: Private Internet Access client
CVE-2019-12577 (A vulnerability in the London Trust Media Private Internet Access (PIA ...)
- TODO: check
+ NOT-FOR-US: Private Internet Access client
CVE-2019-12576 (A vulnerability in the London Trust Media Private Internet Access (PIA ...)
- TODO: check
+ NOT-FOR-US: Private Internet Access client
CVE-2019-12575 (A vulnerability in the London Trust Media Private Internet Access (PIA ...)
- TODO: check
+ NOT-FOR-US: Private Internet Access client
CVE-2019-12574 (A vulnerability in the London Trust Media Private Internet Access (PIA ...)
- TODO: check
+ NOT-FOR-US: Private Internet Access client
CVE-2019-12573 (A vulnerability in the London Trust Media Private Internet Access (PIA ...)
- TODO: check
+ NOT-FOR-US: Private Internet Access client
CVE-2019-12572 (A vulnerability in the London Trust Media Private Internet Access (PIA ...)
NOT-FOR-US: London Trust Media Private Internet Access (PIA) VPN Client
CVE-2019-12571 (A vulnerability in the London Trust Media Private Internet Access (PIA ...)
- TODO: check
+ NOT-FOR-US: Private Internet Access client
CVE-2019-12570 (A SQL injection vulnerability in the Xpert Solution "Server Status by ...)
NOT-FOR-US: Xpert Solution "Server Status by Hostname/IP" plugin for WordPress
CVE-2019-12569 (A vulnerability in Viber before 10.7.0 for Desktop (Windows) could all ...)
@@ -6184,7 +6184,7 @@ CVE-2019-11135
CVE-2019-11134
RESERVED
CVE-2019-11133 (Improper access control in the Intel(R) Processor Diagnostic Tool befo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-11132
RESERVED
CVE-2019-11131
@@ -6639,7 +6639,7 @@ CVE-2019-10972
CVE-2019-10971 (The application (Network Configurator for DeviceNet Safety 3.41 and pr ...)
NOT-FOR-US: Omron
CVE-2019-10970 (In Rockwell Automation PanelView 5510 (all versions manufactured befor ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation PanelView
CVE-2019-10969
RESERVED
CVE-2019-10968
@@ -6709,17 +6709,17 @@ CVE-2019-10937
CVE-2019-10936
RESERVED
CVE-2019-10935 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-10934
RESERVED
CVE-2019-10933 (A vulnerability has been identified in Spectrum Power 3 (Corporate Use ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-10932
RESERVED
CVE-2019-10931 (A vulnerability has been identified in SIPROTEC 5 device types 6MD85, ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-10930 (A vulnerability has been identified in SIPROTEC 5 device types 6MD85, ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-10929
RESERVED
CVE-2019-10928
@@ -6749,7 +6749,7 @@ CVE-2019-10917 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and ea
CVE-2019-10916 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...)
NOT-FOR-US: Siemens
CVE-2019-10915 (A vulnerability has been identified in TIA Administrator (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside Secure T ...)
- matrixssl <removed>
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1785
@@ -9433,17 +9433,25 @@ CVE-2019-9889 (In Vanilla before 2.6.4, a flaw exists within the getSingleIndex
CVE-2019-9888
RESERVED
CVE-2019-1010319 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialize ...)
- TODO: check
+ - wavpack <unfixed> (low)
+ NOTE: https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe
+ NOTE: https://github.com/dbry/WavPack/issues/68
CVE-2019-1010318 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialize ...)
- TODO: check
+ - wavpack <unfixed> (low)
+ NOTE: https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4
+ NOTE: https://github.com/dbry/WavPack/issues/67
CVE-2019-1010317 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialize ...)
- TODO: check
+ - wavpack <unfixed> (low)
+ NOTE: https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b
+ NOTE: https://github.com/dbry/WavPack/issues/66
CVE-2019-1010316 (pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. Th ...)
- TODO: check
+ NOT-FOR-US: pyxtrlock
CVE-2019-1010315 (WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The i ...)
- TODO: check
+ - wavpack <unfixed> (low)
+ NOTE: https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc
+ NOTE: https://github.com/dbry/WavPack/issues/65
CVE-2019-1010314 (Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The imp ...)
- TODO: check
+ - gitea <removed>
CVE-2019-1010313
RESERVED
CVE-2019-1010312
@@ -21240,7 +21248,7 @@ CVE-2019-5530
CVE-2019-5529
RESERVED
CVE-2019-5528 (VMware ESXi 6.5 suffers from partial denial of service vulnerability i ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2019-5527
RESERVED
CVE-2019-5526 (VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue ...)
@@ -23851,7 +23859,7 @@ CVE-2019-4265
CVE-2019-4264 (IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sen ...)
NOT-FOR-US: IBM
CVE-2019-4263 (IBM Content Navigator 3.0CD is vulnerable to local file inclusion, all ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4262
RESERVED
CVE-2019-4261
@@ -23991,7 +23999,7 @@ CVE-2019-4195
CVE-2019-4194
RESERVED
CVE-2019-4193 (IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive inf ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4192
RESERVED
CVE-2019-4191
@@ -24115,7 +24123,7 @@ CVE-2019-4133
CVE-2019-4132
RESERVED
CVE-2019-4131 (IBM Application Performance Management (IBM Monitoring 8.1.4) could al ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4130
RESERVED
CVE-2019-4129 (IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remot ...)
@@ -24141,7 +24149,7 @@ CVE-2019-4120
CVE-2019-4119 (IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 ...)
NOT-FOR-US: IBM
CVE-2019-4118 (IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could all ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4117
RESERVED
CVE-2019-4116
@@ -25953,7 +25961,7 @@ CVE-2019-3417
CVE-2019-3416
RESERVED
CVE-2019-3415 (ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traver ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2019-3414
RESERVED
CVE-2019-3413 (All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -50,6 +50,8 @@ python2.7 (jmm)
--
python3.5 (jmm)
--
+ruby-mini-magick
+--
simplesamlphp/oldstable
--
smarty3/oldstable
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7387e20f3ff83084fe265c1aff5ba0a8a613ef00
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7387e20f3ff83084fe265c1aff5ba0a8a613ef00
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190712/8b1d332e/attachment.html>
More information about the debian-security-tracker-commits
mailing list