[Git][security-tracker-team/security-tracker][master] new faad, rdesktop issues

Tue Jun 11 14:16:13 BST 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5f2f7267 by Moritz Muehlenhoff at 2019-06-11T13:15:38Z
new faad, rdesktop issues
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2019-XXXX [faad2 issue fixed in vlc]
+	- faad2 2.8.8-3
+CVE-2019-XXXX [security issues fixed in 1.8.5]
+	- rdesktop 1.8.6-1
 CVE-2019-12793
 	RESERVED
 CVE-2019-12792
@@ -75,7 +79,7 @@ CVE-2019-12761 (A code injection issue was discovered in PyXDG before 0.26 via c
 	NOTE: https://snyk.io/vuln/SNYK-PYTHON-PYXDG-174562
 	NOTE: https://gitlab.freedesktop.org/xdg/pyxdg/issues/14
 CVE-2019-12760 (A deserialization vulnerability exists in the way parso through 0.4.0  ...)
-	- parso <unfixed>
+	- parso <unfixed> (bug #930356)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1718212
 	NOTE: https://gist.github.com/dhondta/f71ae7e5c4234f8edfd2f12503a5dcc7
 CVE-2019-12759
@@ -7043,8 +7047,8 @@ CVE-2019-9931
 CVE-2019-9930
 	RESERVED
 CVE-2019-9929 (Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions. ...)
-	- cfengine3 <unfixed>
-	TODO: check, older cfengine variants (cfengine2) affected? Only Enterprise version affected (same version as src:cfengine3)?
+	- cfengine3 <undetermined>
+	NOTE: older cfengine variants (cfengine2) affected? Only Enterprise version affected (same version as src:cfengine3)?
 CVE-2019-9928 (GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP c ...)
 	{DSA-4437-1 DLA-1770-1 DLA-1769-1}
 	[experimental] - gst-plugins-base1.0 1.15.90-1
@@ -19200,6 +19204,7 @@ CVE-2019-5428
 	REJECTED
 CVE-2019-5427 (c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack  ...)
 	- c3p0 <unfixed> (low; bug #927936)
+	[buster] - c3p0 <no-dsa> (Minor issue)
 	[stretch] - c3p0 <no-dsa> (Minor issue)
 	[jessie] - c3p0 <no-dsa> (Minor issue)
 	NOTE: https://hackerone.com/reports/509315
@@ -30157,14 +30162,17 @@ CVE-2018-19803
 	RESERVED
 CVE-2018-19802 (aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 2 of 3). ...)
 	- aubio <unfixed> (bug #930186)
+	[buster] - aubio <no-dsa> (Minor issue)
 	[stretch] - aubio <no-dsa> (Minor issue)
 	[jessie] - aubio <no-dsa> (Minor issue)
 CVE-2018-19801 (aubio v0.4.0 to v0.4.8 has a NULL pointer dereference (issue 1 of 6). ...)
 	- aubio <unfixed> (bug #930186)
+	[buster] - aubio <no-dsa> (Minor issue)
 	[stretch] - aubio <no-dsa> (Minor issue)
 	[jessie] - aubio <no-dsa> (Minor issue)
 CVE-2018-19800 (aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 1 of 3). ...)
 	- aubio <unfixed> (bug #930186)
+	[buster] - aubio <no-dsa> (Minor issue)
 	[stretch] - aubio <no-dsa> (Minor issue)
 	[jessie] - aubio <no-dsa> (Minor issue)
 CVE-2018-19799 (Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= X ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5f2f7267f23336af9a99f5cadc8a3c415730d5c5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5f2f7267f23336af9a99f5cadc8a3c415730d5c5
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190611/33360542/attachment-0001.html>
