[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2019-9917 as ignored so that nobody else will have a look at it

Thu Jun 20 11:19:56 BST 2019


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
65593ea6 by Thorsten Alteholz at 2019-06-20T10:04:20Z
mark CVE-2019-9917 as ignored so that nobody else will have a look at it

- - - - -
c3422e95 by Thorsten Alteholz at 2019-06-20T10:04:21Z
mark CVE-2019-12829 for radare2 as no-dsa

- - - - -
9128a22a by Thorsten Alteholz at 2019-06-20T10:04:22Z
mark CVE-2019-12865 for radare2 as no-dsa

- - - - -
f6f476b4 by Thorsten Alteholz at 2019-06-20T10:04:24Z
mark CVE-2019-12387 for twisted as no-dsa

- - - - -
30a26e30 by Thorsten Alteholz at 2019-06-20T10:04:25Z
mark CVE-2019-12855 for twisted as no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -89,6 +89,7 @@ CVE-2019-12866
 CVE-2019-12865 (In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a dou ...)
 	- radare2 <unfixed> (bug #930704)
 	[stretch] - radare2 <no-dsa> (Minor issue)
+	[jessie] - radare2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/radare/radare2/issues/14334
 	NOTE: https://github.com/radare/radare2/commit/40453029179d230cf02ffed205f2d63e33981b8f
 CVE-2012-6711 (A heap-based buffer overflow exists in GNU Bash before 4.3 when wide c ...)
@@ -116,6 +117,7 @@ CVE-2019-12856
 CVE-2019-12855 (In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP su ...)
 	- twisted <unfixed> (bug #930626)
 	[stretch] - twisted <no-dsa> (Minor issue)
+	[jessie] - twisted <no-dsa> (Minor issue)
 	NOTE: https://github.com/twisted/twisted/pull/1147
 	NOTE: https://twistedmatrix.com/trac/ticket/9561
 CVE-2019-12854
@@ -173,6 +175,7 @@ CVE-2019-12830 (In MyBB before 1.8.21, an attacker can exploit a parsing flaw in
 CVE-2019-12829 (radare2 through 3.5.1 mishandles the RParse API, which allows remote a ...)
 	- radare2 <unfixed> (bug #930590)
 	[stretch] - radare2 <no-dsa> (Minor issue)
+	[jessie] - radare2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/radare/radare2/issues/14303
 	NOTE: https://github.com/radare/radare2/commit/b282620b7a8818910c42a29b8f0855a2d13eec14
 CVE-2019-12828 (An issue was discovered in Electronic Arts Origin before 10.5.39. Due  ...)
@@ -1250,6 +1253,7 @@ CVE-2019-12388
 CVE-2019-12387 (In Twisted before 19.2.1, twisted.web did not validate or sanitize URI ...)
 	- twisted <unfixed> (bug #930389)
 	[stretch] - twisted <no-dsa> (Minor issue)
+	[jessie] - twisted <no-dsa> (Minor issue)
 	NOTE: https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2
 CVE-2019-12386
 	RESERVED
@@ -7464,7 +7468,7 @@ CVE-2019-9918 (An issue was discovered in the Harmis JE Messenger component 1.2.
 CVE-2019-9917 (ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial  ...)
 	{DSA-4463-1}
 	- znc 1.7.2-2 (bug #925285)
-	[jessie] - znc <no-dsa> (Minor issue, workaround is to disable modpython)
+	[jessie] - znc <ignored> (Minor issue, workaround is to disable modpython)
 	NOTE: https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973
 	NOTE: Every version between 0.096 and 1.7.2 (incl) is vulnerable to the issue,
 	NOTE: but earlier versions could not be fixed without a major rewrite. A workaround



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d0576ff6b4202ea5dda0b40c362ded2d5ca2b588...30a26e3078d201e773859700e0096df03b8c5568

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d0576ff6b4202ea5dda0b40c362ded2d5ca2b588...30a26e3078d201e773859700e0096df03b8c5568
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190620/62b6cc40/attachment-0001.html>
