[Git][security-tracker-team/security-tracker][master] new buildbot issue
Moritz Muehlenhoff
jmm at debian.org
Wed May 29 17:26:45 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b596bdae by Moritz Muehlenhoff at 2019-05-29T16:25:15Z
new buildbot issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -85,7 +85,7 @@ CVE-2019-12397
CVE-2019-12396 (An issue was discovered in Revive Adserver before 4.2.1. In lib/OA/Dal ...)
NOT-FOR-US: Revive Adserver
CVE-2019-12395 (In Webbukkit Dynmap 3.0-beta-3, with Spigot 1.13.2, due to a missing l ...)
- TODO: check
+ NOT-FOR-US: Webbukkit Dynmap
CVE-2019-12394
RESERVED
CVE-2019-12393
@@ -305,7 +305,8 @@ CVE-2019-12302
CVE-2019-12301 (The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffer ...)
NOT-FOR-US: Percona server
CVE-2019-12300 (Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted au ...)
- TODO: check
+ - buildbot <unfixed>
+ NOTE: https://github.com/buildbot/buildbot/wiki/OAuth-vulnerability-in-using-submitted-authorization-token-for-authentication
CVE-2019-12299
RESERVED
CVE-2019-12298 (Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds writ ...)
@@ -3837,7 +3838,6 @@ CVE-2019-10873 (An issue was discovered in Poppler 0.74.0. There is a NULL point
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8dbe2e6c480405dab9347075cf4be626f90f1d05
CVE-2019-10872 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...)
- poppler 0.71.0-5 (low; bug #926530)
- [buster] - poppler <postponed> (Revisit when fixed upstream)
[stretch] - poppler <postponed> (Revisit when fixed upstream)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/750
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/6a1580e84f492b5671d23be98192267bb73de250
@@ -14033,11 +14033,11 @@ CVE-2019-7095 (Adobe Digital Editions versions 4.5.10.185749 and below have a he
CVE-2019-7094 (Adobe Photoshop CC 19.1.7 and earlier, and 20.0.2 and earlier have a h ...)
NOT-FOR-US: Adobe
CVE-2019-7093 (Creative Cloud Desktop Application (installer) versions 4.7.0.400 and ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-7092 (ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Up ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-7091 (ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Up ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-7090 (Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Pl ...)
NOT-FOR-US: Adobe
CVE-2019-7089 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
@@ -33533,7 +33533,7 @@ CVE-2019-0128
CVE-2019-0127 (Logic error in the installer for Intel(R) OpenVINO(TM) 2018 R3 and bef ...)
NOT-FOR-US: Intel
CVE-2019-0126 (Insufficient access control in silicon reference firmware for Intel(R) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0125
RESERVED
CVE-2019-0124
@@ -33545,21 +33545,21 @@ CVE-2019-0122 (Double free in Intel(R) SGX SDK for Linux before version 2.2 and
CVE-2019-0121 (Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and ...)
NOT-FOR-US: Intel
CVE-2019-0120 (Insufficient key protection vulnerability in silicon reference firmwar ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0119 (Buffer overflow vulnerability in system firmware for Intel(R) Xeon(R) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0118
RESERVED
CVE-2019-0117
RESERVED
CVE-2019-0116 (An out of bound read in KMD module for Intel(R) Graphics Driver before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0115 (Insufficient input validation in KMD module for Intel(R) Graphics Driv ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0114 (A race condition in Intel(R) Graphics Drivers before version 10.18.14. ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0113 (Insufficient bounds checking in Intel(R) Graphics Drivers before versi ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0112 (Improper flow control in crypto routines for Intel(R) Data Center Mana ...)
NOT-FOR-US: Intel
CVE-2019-0111 (Improper file permissions for Intel(R) Data Center Manager SDK before ...)
@@ -33613,7 +33613,7 @@ CVE-2019-0088 (Insufficient path checking in Intel(R) System Support Utility for
CVE-2019-0087
RESERVED
CVE-2019-0086 (Insufficient access control vulnerability in Dynamic Application Loade ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-19269
REJECTED
CVE-2018-19268
@@ -36850,11 +36850,11 @@ CVE-2018-18062 (An issue was discovered in dialog.php in tecrail Responsive File
CVE-2018-18061 (An issue was discovered in dialog.php in tecrail Responsive FileManage ...)
NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-18060 (An issue was discovered in Bitdefender Engines before 7.76808. A vulne ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2018-18059 (An issue was discovered in Bitdefender Engines before 7.76675. A vulne ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2018-18058 (An issue was discovered in Bitdefender Engines before 7.76662. A vulne ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2018-18057
RESERVED
CVE-2018-18056
@@ -37447,7 +37447,7 @@ CVE-2018-17845
CVE-2018-17844
RESERVED
CVE-2018-17843 (SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Soft ...)
- TODO: check
+ NOT-FOR-US: ADD Clicking MLM
CVE-2018-17842
RESERVED
CVE-2018-17841
@@ -66841,7 +66841,7 @@ CVE-2018-6887
CVE-2018-6886
RESERVED
CVE-2018-6885 (An issue was discovered in MicroStrategy Web Services (the Microsoft O ...)
- TODO: check
+ NOT-FOR-US: MicroStrategy Web Services
CVE-2018-6884
RESERVED
CVE-2018-6883 (Piwigo before 2.9.3 has SQL injection in admin/tags.php in the adminis ...)
@@ -94151,22 +94151,22 @@ CVE-2017-14929 (In Poppler 0.59.0, memory corruption occurs in a call to Object:
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102969
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=2c92c7b6a828c9db8a38f079ea7a3d51c12a481d
CVE-2017-14928 (In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia ...)
- - poppler 0.61.1-2 (bug #877231)
- [stretch] - poppler <no-dsa> (Minor issue)
+ - poppler 0.61.1-2 (low; bug #877231)
+ [stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <not-affected> (Problematic code introduced in 0.36)
[wheezy] - poppler <not-affected> (Problematic code introduced in 0.36)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102607
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=1316c7a41f4dd7276f404f775ebb5fef2d24ab1c
CVE-2017-14927 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutp ...)
- - poppler 0.61.1-2 (bug #877237)
+ - poppler 0.61.1-2 (low; bug #877237)
[stretch] - poppler <not-affected> (Vulnerable code introduced in 0.49)
[jessie] - poppler <not-affected> (Vulnerable code introduced in 0.49)
[wheezy] - poppler <not-affected> (Vulnerable code introduced in 0.49)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102604
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=6472d8493f7e82cc78b41da20a2bf19fcb4e0a7d
CVE-2017-14926 (In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia ...)
- - poppler 0.61.1-2 (bug #877239)
- [stretch] - poppler <no-dsa> (Minor issue)
+ - poppler 0.61.1-2 (low; bug #877239)
+ [stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <not-affected> (Problematic code introduced in 0.36)
[wheezy] - poppler <not-affected> (Problematic code introduced in 0.36)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102601
@@ -164281,7 +164281,7 @@ CVE-2016-1585 (In all versions of AppArmor mount rules are accidentally widened
NOTE: but the profile is not meant to be a strong security boundary.
NOTE: https://bugs.launchpad.net/apparmor/+bug/1597017/comments/6
CVE-2016-1584 (In all versions of Unity8 a running but not active application on a la ...)
- TODO: check
+ - unity <itp> (bug #609278)
CVE-2016-1583 (The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the ...)
{DSA-3607-1 DLA-516-1}
- linux 4.6.2-1
@@ -164292,7 +164292,7 @@ CVE-2016-1581 (LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd
CVE-2016-1580 (The setup_snappy_os_mounts function in the ubuntu-core-launcher packag ...)
NOT-FOR-US: ubuntu-core-launcher
CVE-2016-1579 (UDM provides support for running commands after a download is complete ...)
- TODO: check
+ NOT-FOR-US: Ubuntu Download Manager
CVE-2016-1578 (Use-after-free vulnerability in Oxide allows remote attackers to cause ...)
NOT-FOR-US: Oxide
CVE-2016-1577 (Double free vulnerability in the jas_iccattrval_destroy function in Ja ...)
@@ -164318,7 +164318,7 @@ CVE-2016-1575 (The overlayfs implementation in the Linux kernel through 4.5.2 do
CVE-2016-1574
REJECTED
CVE-2016-1573 (Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Da ...)
- TODO: check
+ - unity <itp> (bug #609278)
CVE-2016-1572 (mount.ecryptfs_private.c in eCryptfs-utils does not validate mount des ...)
{DSA-3450-1 DLA-397-1}
- ecryptfs-utils 106-2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b596bdaef010351122294a897be6e6f8b8092aad
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b596bdaef010351122294a897be6e6f8b8092aad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190529/ffe34e63/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list