[Git][security-tracker-team/security-tracker][master] stretch triage

Mon May 6 18:59:37 BST 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f34b74da by Moritz Muehlenhoff at 2019-05-06T17:59:07Z
stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2174,10 +2174,11 @@ CVE-2019-10879 (In Teeworlds 0.7.2, there is an integer overflow in CDataFileRea
 	NOTE: https://github.com/teeworlds/teeworlds/issues/2070
 	NOTE: https://github.com/teeworlds/teeworlds/commit/4d529dcd2d01022e979ebfa0b91167dee37cdb8e
 CVE-2019-10878 (In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader: ...)
-	- teeworlds 0.7.2-4 (bug #927152)
+	- teeworlds 0.7.2-5 (bug #927152)
 	[jessie] - teeworlds <end-of-life> (Not supported in jessie LTS)
 	NOTE: https://github.com/teeworlds/teeworlds/issues/2073
 	NOTE: https://github.com/teeworlds/teeworlds/commit/e086f4b35b1adf7edc35b4ad332dc7ed1edc5988
+	NOTE: https://github.com/teeworlds/teeworlds/commit/cc3d59ae706752956d6cb8acc4187c8398b61c5c
 CVE-2019-10877 (In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in en ...)
 	- teeworlds 0.7.2-4 (bug #927152)
 	[jessie] - teeworlds <end-of-life> (Not supported in jessie LTS)
@@ -16314,7 +16315,8 @@ CVE-2019-5431
 CVE-2019-5430
 	RESERVED
 CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacke ...)
-	- filezilla <unfixed> (bug #928282)
+	- filezilla <unfixed> (low; bug #928282)
+	[stretch] - filezilla <no-dsa> (Minor issue)
 	NOTE: https://svn.filezilla-project.org/filezilla?revision=9097&view=revision
 	NOTE: https://www.tenable.com/security/research/tra-2019-14
 CVE-2019-5428
@@ -31354,6 +31356,7 @@ CVE-2019-0224 (In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL cou
 	- jspwiki <removed>
 CVE-2019-0223 (While investigating bug PROTON-2014, we discovered that under some cir ...)
 	- qpid-proton 0.22.0-1
+	[stretch] - qpid-proton <no-dsa> (Minor issue)
 	NOTE: https://issues.apache.org/jira/browse/PROTON-2014
 	NOTE: https://qpid.apache.org/cves/CVE-2019-0223.html
 	NOTE: https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=97c7733
@@ -31474,6 +31477,7 @@ CVE-2019-0188
 	RESERVED
 CVE-2019-0187 (Unauthenticated RCE is possible when JMeter is used in distributed mod ...)
 	- jakarta-jmeter <unfixed>
+	[stretch] - jakarta-jmeter <no-dsa> (Minor issue)
 	[jessie] - jakarta-jmeter <no-dsa> (Minor issue)
 	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62743
 CVE-2019-0186 (The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 an ...)
@@ -32142,6 +32146,7 @@ CVE-2018-19106 (Avi Vantage before 17.2.13 uses an invalid URL encoding during a
 CVE-2018-19105 (LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0 ...)
 	{DLA-1776-1}
 	- librecad <unfixed> (bug #928477)
+	[stretch] - librecad <no-dsa> (Minor issue)
 	NOTE: https://code610.blogspot.com/2018/11/crashing-librecad-213.html
 	NOTE: https://github.com/LibreCAD/LibreCAD/issues/1038
 	NOTE: Fixed by https://github.com/LibreCAD/LibreCAD/commit/6da7cc5f7f31afb008f03dbd11e07207ccd82085
@@ -37060,8 +37065,10 @@ CVE-2018-17203
 	REJECTED
 CVE-2018-17202
 	RESERVED
+	NOTE: Apache Commons Imaging
 CVE-2018-17201
 	RESERVED
+	NOTE: Apache Commons Imaging
 CVE-2018-17200
 	RESERVED
 CVE-2018-17199 (In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f34b74dab39049f2430ec605536cd54982d4eba4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f34b74dab39049f2430ec605536cd54982d4eba4
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190506/f7daec81/attachment.html>
