[Git][security-tracker-team/security-tracker][master] new vlc issue
Moritz Muehlenhoff
jmm at debian.org
Mon Jul 15 12:11:08 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ef924fe2 by Moritz Muehlenhoff at 2019-07-15T11:10:36Z
new vlc issue
exif ignored
glibc non-issues
new python-libnmap issue
new abcm2ps issue
new potential evince issue
sox duplicate
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,7 +9,9 @@ CVE-2019-13604
CVE-2019-13603
RESERVED
CVE-2019-13602 (An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4. ...)
- TODO: check
+ - vlc <unfixed>
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=b2b157076d9e94df34502dd8df0787deb940e938
CVE-2019-13601
RESERVED
CVE-2019-13600
@@ -36,7 +38,7 @@ CVE-2019-13590 (An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h
- sox <unfixed> (bug #932082)
NOTE: https://sourceforge.net/p/sox/bugs/325/
CVE-2019-13589 (The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, incl ...)
- TODO: check
+ NOT-FOR-US: backdoor in paranoid_2 gem, different from src:ruby-paranoia
CVE-2019-13588
RESERVED
CVE-2019-13587
@@ -219,9 +221,11 @@ CVE-2019-13506 (@nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mis
CVE-2019-13505 (The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS vi ...)
NOT-FOR-US: Appointment Hour Booking plugin for WordPress
CVE-2019-13504 (There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrw ...)
- - exiv2 <unfixed>
+ - exiv2 <unfixed> (low)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/pull/943
- TODO: check
+ NOTE: https://github.com/Exiv2/exiv2/commit/54f0bebca032d0286a0e48f47e67dfc6141fedff
CVE-2019-13503 (mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer o ...)
NOT-FOR-US: Cesanta Mongoose
NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
@@ -10157,19 +10161,27 @@ CVE-2019-1010030
CVE-2019-1010029
RESERVED
CVE-2019-1010028 (phpscriptsmall.com School College Portal with ERP Script 2.6.1 and ear ...)
- TODO: check
+ NOT-FOR-US: School College Portal
CVE-2019-1010027
RESERVED
CVE-2019-1010026
RESERVED
CVE-2019-1010025 (GNU Libc current is affected by: Mitigation bypass. The impact is: Att ...)
- TODO: check
+ - glibc <unfixed> (unimportant)
+ NOTE: Not treated as a security issue by upstream
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22853
CVE-2019-1010024 (GNU Libc current is affected by: Mitigation bypass. The impact is: Att ...)
- TODO: check
+ - glibc <unfixed> (unimportant)
+ NOTE: Not treated as a security issue by upstream
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22852
CVE-2019-1010023 (GNU Libc current is affected by: Re-mapping current loaded libray with ...)
- TODO: check
+ - glibc <unfixed> (unimportant)
+ NOTE: Not treated as a security issue by upstream
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22851
CVE-2019-1010022 (GNU Libc current is affected by: Mitigation bypass. The impact is: Att ...)
- TODO: check
+ - glibc <unfixed> (unimportant)
+ NOTE: Not treated as a security issue by upstream
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22850
CVE-2019-1010021
RESERVED
CVE-2019-1010020
@@ -10179,9 +10191,11 @@ CVE-2019-1010019
CVE-2019-1010018
RESERVED
CVE-2019-1010017 (libnmap < v0.6.3 is affected by: XML Injection. The impact is: Deni ...)
- TODO: check
+ - python-libnmap <unfixed> (low)
+ [buster] - python-libnmap <no-dsa> (Minor issue)
+ NOTE: https://github.com/savon-noir/python-libnmap/issues/87
CVE-2019-1010016 (Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact ...)
- TODO: check
+ - dolibarr <removed>
CVE-2019-1010015
RESERVED
CVE-2019-1010014
@@ -10191,21 +10205,25 @@ CVE-2019-1010013
CVE-2019-1010012
RESERVED
CVE-2019-1010011 (moinejf abcm2ps 8.13.16 and after is affected by: CWE-121: Stack-based ...)
- TODO: check
+ - abcm2ps <unfixed> (low)
+ NOTE: https://drive.google.com/drive/folders/1nAL-B_I5Y7SKX0AeIurGkTzNHMazoyzP
+ NOTE: https://drive.google.com/drive/folders/1xiVrcB1lTE_mSd_mL7akjpscH4CUahYU
CVE-2019-1010010
RESERVED
CVE-2019-1010009 (DGLogik Inc DGLux Server All Versions is affected by: Insecure Permiss ...)
- TODO: check
+ NOT-FOR-US: DGLogik Inc DGLux Server
CVE-2019-1010008 (OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scr ...)
- TODO: check
+ NOT-FOR-US: OpenEnergyMonitor Project Emoncms
CVE-2019-1010007
RESERVED
CVE-2019-1010006 (Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Pos ...)
- TODO: check
+ - evince <unfixed>
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=788980
+ TODO: track down in depth, whether in Evince or libtiff and if fixed
CVE-2019-1010005 (HexoEditor v1.1.8-beta is affected by: XSS to code execution. ...)
- TODO: check
+ NOT-FOR-US: HexoEditor
CVE-2019-1010004 (SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds ...)
- TODO: check
+ NOT-FOR-US: Duplicate of CVE-2017-18189, should be rejected
CVE-2019-1010003 (Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS ...)
NOT-FOR-US: Leanote
CVE-2019-1010002
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef924fe21d212859018b4f2d00626691e99e00ed
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef924fe21d212859018b4f2d00626691e99e00ed
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190715/d65b4695/attachment.html>
More information about the debian-security-tracker-commits
mailing list