[Git][security-tracker-team/security-tracker][master] new openldap issues

Moritz Muehlenhoff jmm at debian.org
Wed Jul 24 22:54:18 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
94457578 by Moritz Muehlenhoff at 2019-07-24T21:53:30Z
new openldap issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2421,8 +2421,12 @@ CVE-2019-13567 (The Zoom Client before 4.4.53932.0709 on macOS allows remote cod
 	NOT-FOR-US: Zoom
 CVE-2019-13566
 	RESERVED
-CVE-2019-13565
+CVE-2019-13565 [openldap: ACL protections get lost if same identity uses different SSF levels]
 	RESERVED
+	- openldap <unfixed> (low)
+	[buster] - openldap <no-dsa> (Minor issue)
+	[stretch] - openldap <no-dsa> (Minor issue)
+	NOTE: https://openldap.org/its/?findid=9052
 CVE-2019-13564 (XSS exists in Ping Identity Agentless Integration Kit before 1.5. ...)
 	NOT-FOR-US: Ping Identity Agentless Integration Kit
 CVE-2019-13563 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the enti ...)
@@ -3681,8 +3685,12 @@ CVE-2019-13059
 	RESERVED
 CVE-2019-13058
 	RESERVED
-CVE-2019-13057
+CVE-2019-13057 [openldap: rootdn of any db can assert any identity]
 	RESERVED
+	- openldap <unfixed> (low)
+	[buster] - openldap <no-dsa> (Minor issue)
+	[stretch] - openldap <no-dsa> (Minor issue)
+	NOTE: https://openldap.org/its/?findid=9038
 CVE-2019-13056 (An issue was discovered in CyberPanel through 1.8.4. On the user edit  ...)
 	NOT-FOR-US: CyberPanel
 CVE-2019-13055 (Certain Logitech Unifying devices allow attackers to dump AES keys and ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9445757854f040eabdb5d7c4dcd7c012e0149b56

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9445757854f040eabdb5d7c4dcd7c012e0149b56
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190724/8686e409/attachment.html>

More information about the debian-security-tracker-commits mailing list