[Git][security-tracker-team/security-tracker][master] buster triage

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
459ee02e by Moritz Muehlenhoff at 2019-06-21T22:05:48Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -49,7 +49,7 @@ CVE-2019-12906
 CVE-2019-12905 (FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman& ...)
 	NOT-FOR-US: FileRun
 CVE-2019-12904 (In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flu ...)
-	- libgcrypt20 <unfixed>
+	- libgcrypt20 <unfixed> (bug #930885)
 	- libgcrypt11 <removed>
 	NOTE: https://dev.gnupg.org/T4541
 	NOTE: https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020
@@ -61,7 +61,7 @@ CVE-2019-12902 (Pydio Cells before 1.5.0 does incomplete cleanup of a user's dat
 CVE-2019-12901 (Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing  ...)
 	NOT-FOR-US: Pydio Cells (relates to Pydio product)
 CVE-2019-12900 (BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bo ...)
-	- bzip2 <unfixed>
+	- bzip2 <unfixed> (bug #930886)
 	NOTE: https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
 	TODO: check details
 CVE-2019-12899 (Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV star ...)
@@ -6938,7 +6938,8 @@ CVE-2019-10154
 	- moodle <removed>
 CVE-2019-10153 [mis-handling of non-ASCII characters in guest comment fields]
 	RESERVED
-	- fence-agents <unfixed> (low)
+	- fence-agents <unfixed> (low; bug #930887)
+	[buster] - fence-agents <no-dsa> (Minor issue)
 	[stretch] - fence-agents <not-affected> (Vulnerable code not present)
 	[jessie] - fence-agents <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1670460
@@ -7246,6 +7247,7 @@ CVE-2019-10054
 	RESERVED
 CVE-2019-10053 (An issue was discovered in Suricata 4.1.x before 4.1.4. If the input o ...)
 	- suricata 1:4.1.4-1
+	[buster] - suricata <no-dsa> (Minor issue)
 	[stretch] - suricata <no-dsa> (Minor issue)
 	[jessie] - suricata <no-dsa> (Minor issue)
 	NOTE: https://redmine.openinfosecfoundation.org/issues/2883
@@ -7256,6 +7258,7 @@ CVE-2019-10051
 	RESERVED
 CVE-2019-10050 (A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4 ...)
 	- suricata 1:4.1.4-1
+	[buster] - suricata <no-dsa> (Minor issue)
 	[stretch] - suricata <no-dsa> (Minor issue)
 	[jessie] - suricata <no-dsa> (Minor issue)
 	NOTE: https://redmine.openinfosecfoundation.org/issues/2884
@@ -19708,6 +19711,7 @@ CVE-2019-5430 (In UniFi Video 3.10.0 and prior, due to the lack of CSRF protecti
 	NOT-FOR-US: Ubiquiti Networks UniFi Video
 CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacke ...)
 	- filezilla <unfixed> (low; bug #928282)
+	[buster] - filezilla <no-dsa> (Minor issue)
 	[stretch] - filezilla <no-dsa> (Minor issue)
 	[jessie] - filezilla <no-dsa> (Minor issue)
 	NOTE: https://svn.filezilla-project.org/filezilla?revision=9097&view=revision



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/459ee02e48a7e7ae6cb8ae1ede2ce44f0b275e20

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/459ee02e48a7e7ae6cb8ae1ede2ce44f0b275e20
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190621/b91a8c0c/attachment.html>