[Git][security-tracker-team/security-tracker][master] new linux issues
Moritz Muehlenhoff
jmm at debian.org
Thu May 23 16:25:49 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
916f3786 by Moritz Muehlenhoff at 2019-05-23T15:25:28Z
new linux issues
new sysdig issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -97,7 +97,7 @@ CVE-2019-12252 (In Zoho ManageEngine ServiceDesk Plus through 10.5, users with t
CVE-2019-12251 (sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index. ...)
NOT-FOR-US: UCMS
CVE-2019-12250 (IdentityServer IdentityServer4 through 2.4 has stored XSS via the http ...)
- TODO: check
+ NOT-FOR-US: IdentityServer
CVE-2019-12249
RESERVED
CVE-2019-12248
@@ -499,6 +499,7 @@ CVE-2019-12086 (A Polymorphic Typing issue was discovered in FasterXML jackson-d
{DLA-1798-1}
- jackson-databind 2.9.8-2 (bug #929177)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2326
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/dda513bd7251b4f32b7b60b1c13740e3b5a43024
CVE-2019-12085
RESERVED
CVE-2019-12084
@@ -2032,7 +2033,6 @@ CVE-2019-11458 (An issue was discovered in SmtpTransport in CakePHP 3.7.6. An un
- cakephp <not-affected> (Vulnerable code introduced in 3.0.0)
NOTE: https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345f4e
NOTE: https://github.com/cakephp/cakephp/pull/13153
- TODO: check, possibly introduced in later version than present in unstable 2.10.11
CVE-2019-11457
RESERVED
CVE-2019-11456 (Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. ...)
@@ -10597,7 +10597,7 @@ CVE-2019-8341 (An issue was discovered in Jinja2 2.10. The from_string function
CVE-2019-8340
RESERVED
CVE-2019-8339 (An issue was discovered in Sysdig through 0.24.2, as used in Falco thr ...)
- TODO: check
+ - sysdig <unfixed>
CVE-2019-8338 (The signature verification routine in the Airmail GPG-PGP Plugin, vers ...)
NOT-FOR-US: Airmail
CVE-2019-8336 (HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a c ...)
@@ -14981,7 +14981,7 @@ CVE-2019-6515 (An issue was discovered in WSO2 API Manager 2.6.0. Uploaded docum
CVE-2019-6514 (An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible ...)
NOT-FOR-US: WSO2
CVE-2019-6513 (An issue was discovered in WSO2 API Manager 2.6.0. It is possible for ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2019-6512 (An issue was discovered in WSO2 API Manager 2.6.0. It is possible to f ...)
NOT-FOR-US: WSO2
CVE-2019-6511
@@ -17802,9 +17802,9 @@ CVE-2019-5440
CVE-2019-5439
RESERVED
CVE-2019-5438 (Path traversal using symlink in npm harp module versions <= 0.29.0. ...)
- TODO: check
+ NOT-FOR-US: npm harp module
CVE-2019-5437 (Information exposure through the directory listing in npm's harp modul ...)
- TODO: check
+ NOT-FOR-US: npm harp module
CVE-2019-5436 [TFTP receive buffer overflow]
RESERVED
- curl <unfixed> (bug #929351)
@@ -21898,9 +21898,9 @@ CVE-2019-3567
CVE-2019-3566 (A bug in WhatsApp for Android's messaging logic would potentially allo ...)
NOT-FOR-US: WhatsApp for Android
CVE-2019-3565 (Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would n ...)
- TODO: check
+ NOT-FOR-US: Thrift servers
CVE-2019-3564 (Go Facebook Thrift servers would not error upon receiving messages wit ...)
- TODO: check
+ NOT-FOR-US: Thrift servers
CVE-2019-3563 (Wangle's LineBasedFrameDecoder contains logic for identifying newlines ...)
NOT-FOR-US: Facebook Wangle
CVE-2019-3562 (A remote web page could inject arbitrary HTML code into the Oculus Bro ...)
@@ -21910,9 +21910,9 @@ CVE-2019-3561 (Insufficient boundary checks for the strrpos and strripos functio
CVE-2019-3560 (An improperly performed length calculation on a buffer in PlaintextRec ...)
NOT-FOR-US: Fizz
CVE-2019-3559 (Java Facebook Thrift servers would not error upon receiving messages w ...)
- TODO: check
+ NOT-FOR-US: Thrift servers
CVE-2019-3558 (Python Facebook Thrift servers would not error upon receiving messages ...)
- TODO: check
+ NOT-FOR-US: Thrift servers
CVE-2019-3557 (The implementations of streams for bz2 and php://output improperly imp ...)
- hhvm <removed>
CVE-2019-3556
@@ -21924,7 +21924,7 @@ CVE-2019-3554 (Wangle's AcceptRoutingHandler incorrectly casts a socket when acc
CVE-2019-3553
RESERVED
CVE-2019-3552 (C++ Facebook Thrift servers (using cpp2) would not error upon receivin ...)
- TODO: check
+ NOT-FOR-US: Thrift servers
CVE-2019-3551
RESERVED
CVE-2019-3550
@@ -22682,9 +22682,11 @@ CVE-2018-20513
CVE-2018-20512 (EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privi ...)
NOT-FOR-US: EPON CPE-WiFi devices
CVE-2018-20510 (The print_binder_transaction_ilocked function in drivers/android/binde ...)
- TODO: check
+ - linux 4.16.5-1
+ NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8ca86f1639ec5890d400fff9211aca22d0a392eb
CVE-2018-20509 (The print_binder_ref_olocked function in drivers/android/binder.c in t ...)
- TODO: check
+ - linux <unfixed>
+ NOTE: https://security.netapp.com/advisory/ntap-20190517-0002/
CVE-2018-20508 (CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This ...)
NOT-FOR-US: CrashFix
CVE-2018-1000890 (FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulner ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/916f3786ce8440461bd259743415206bd33f4afb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/916f3786ce8440461bd259743415206bd33f4afb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190523/40f4d7b0/attachment.html>
More information about the debian-security-tracker-commits
mailing list