[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Jul 25 21:49:21 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6177c47d by Moritz Muehlenhoff at 2019-07-25T20:48:47Z
NFUs
binutils, tcpdump non issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2019-14268 (In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web reques
 CVE-2019-14267
 	RESERVED
 CVE-2019-14266 (OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Confi ...)
-	TODO: check
+	NOT-FOR-US: OpenSNS
 CVE-2019-14265
 	RESERVED
 CVE-2019-14264
@@ -41,7 +41,10 @@ CVE-2019-14252
 CVE-2019-14251
 	RESERVED
 CVE-2019-14250 (An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...)
-	TODO: check
+	- binutils <unfixed> (unimportant)
+	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924
+	NOTE: https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html
+	NOTE: binutils not covered by security support
 CVE-2019-14249 (dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attacker ...)
 	- dwarfutils <unfixed> (low)
 	[buster] - dwarfutils <no-dsa> (Minor issue)
@@ -633,7 +636,7 @@ CVE-2019-13962 (lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VL
 CVE-2019-13961 (A CSRF vulnerability was found in flatCore before 1.5, leading to the  ...)
 	NOT-FOR-US: flatCore
 CVE-2019-13960 (** DISPUTED ** In libjpeg-turbo 2.0.2, a large amount of memory can be ...)
-	TODO: check
+	NOT-FOR-US: Disputed libjpeg issue, issue would be in application using libjpeg
 CVE-2019-13959 (In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reall ...)
 	NOT-FOR-US: Bento4
 CVE-2019-13958
@@ -6107,7 +6110,7 @@ CVE-2019-12166
 CVE-2019-12165 (MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier,  ...)
 	NOT-FOR-US: MiCollab
 CVE-2019-12164 (ubuntu-server.js in Status React Native Desktop before v0.57.8_mobile_ ...)
-	TODO: check
+	NOT-FOR-US: Status React Native Desktop
 CVE-2019-12163 (GAT-Ship Web Module through 1.30 allows remote attackers to obtain pot ...)
 	NOT-FOR-US: GAT-Ship Web Module
 CVE-2019-12162 (Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the do ...)
@@ -12276,7 +12279,8 @@ CVE-2019-1010222 (aubio 0.4.8 and earlier is affected by: null pointer. The impa
 CVE-2019-1010221 (LineageOS 16.0 and earlier is affected by: Incorrect Access Control. T ...)
 	NOT-FOR-US: LineageOS
 CVE-2019-1010220 (tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. T ...)
-	TODO: check
+	- tcpdumo <unfixed> (unimportant)
+	NOTE: No security impact
 CVE-2019-1010219
 	RESERVED
 CVE-2019-1010218 (Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 (Cu ...)
@@ -12306,9 +12310,11 @@ CVE-2019-1010207 (Genetechsolutions Pie Register 3.0.15 is affected by: Cross Si
 CVE-2019-1010206 (OSS Http Request (Apache Cordova Plugin) 6 is affected by: Missing SSL ...)
 	NOT-FOR-US: OSS Http Request (Apache Cordova Plugin)
 CVE-2019-1010205 (LINAGORA hublin latest (commit 72ead897082403126bf8df9264e70f0a9de247f ...)
-	TODO: check
+	NOT-FOR-US: LINAGORA hublin
 CVE-2019-1010204 (GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is aff ...)
-	TODO: check
+	- binutils <unfixed> (unimportant)
+	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23765
+	NOTE: binutils not covered by security support
 CVE-2019-1010203
 	RESERVED
 CVE-2019-1010202 (Jeesite 1.2.7 is affected by: XML External Entity (XXE). The impact is ...)
@@ -12354,7 +12360,7 @@ CVE-2019-1010185
 CVE-2019-1010184
 	RESERVED
 CVE-2019-1010183 (serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion ...)
-	TODO: check
+	NOT-FOR-US: serde_yaml
 CVE-2019-1010182 (yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. Th ...)
 	- rust-yaml-rust <not-affected> (Fixed before initial release to Debian)
 	NOTE: https://github.com/chyh1990/yaml-rust/pull/109
@@ -12369,7 +12375,7 @@ CVE-2019-1010178 (Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrec
 CVE-2019-1010177 (Jsish 2.4.70 2.047 is affected by: Use After Free. The impact is: deni ...)
 	NOT-FOR-US: Jsish
 CVE-2019-1010176 (JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affecte ...)
-	TODO: check
+	NOT-FOR-US: JerryScript
 CVE-2019-1010175
 	RESERVED
 CVE-2019-1010174 (CImg The CImg Library v.2.3.3 and earlier is affected by: command inje ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6177c47d2516b7862bfe5d1f74049ca7353b9be7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6177c47d2516b7862bfe5d1f74049ca7353b9be7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190725/166ffc12/attachment.html>

More information about the debian-security-tracker-commits mailing list