[Git][security-tracker-team/security-tracker][master] one symfony issue n/a

Tue Nov 19 09:27:02 GMT 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fb8678e7 by Moritz Muehlenhoff at 2019-11-19T09:26:35Z
one symfony issue n/a
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -69,9 +69,9 @@ CVE-2019-19084 (In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user
 CVE-2018-21031 (Plex Media Server 1.18.2.2029-36236cc4c allows remote attackers to byp ...)
 	NOT-FOR-US: Plex Media Server
 CVE-2011-5331 (Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval. ...)
-	TODO: check
+	NOT-FOR-US: Distributed Ruby
 CVE-2011-5330 (Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls. ...)
-	TODO: check
+	NOT-FOR-US: Distributed Ruby
 CVE-2019-19083 (Memory leaks in *clock_source_create() functions under drivers/gpu/drm ...)
 	- linux 5.3.9-1
 	NOTE: https://git.kernel.org/linus/055e547478a11a6360c7ce05e2afc3e366968a12
@@ -8948,9 +8948,9 @@ CVE-2019-16764
 CVE-2019-16763
 	RESERVED
 CVE-2019-16762 (A specially crafted Bitcoin script can cause a discrepancy between the ...)
-	TODO: check
+	NOT-FOR-US: SLP
 CVE-2019-16761 (A specially crafted Bitcoin script can cause a discrepancy between the ...)
-	TODO: check
+	NOT-FOR-US: SLP
 CVE-2019-16760 (Cargo prior to Rust 1.26.0 may download the wrong dependency if your p ...)
 	- cargo 0.27.0-1
 	[stretch] - cargo <postponed> (Upcoming upgrade of Cargo for ESR68 will fix this)
@@ -13910,7 +13910,7 @@ CVE-2019-15056
 CVE-2019-15055 (MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly  ...)
 	NOT-FOR-US: MikroTik RouterOS
 CVE-2019-15054 (Multiple cross-site scripting (XSS) vulnerabilities in Mailbird before ...)
-	TODO: check
+	NOT-FOR-US: Mailbird
 CVE-2019-15053 (The "HTML Include and replace macro" plugin before 1.5.0 for Confluenc ...)
 	NOT-FOR-US: "HTML Include and replace macro" plugin for Confluence Server
 CVE-2019-15052 (The HTTP client in Gradle before 5.6 sends authentication credentials  ...)
@@ -23069,7 +23069,7 @@ CVE-2016-10752 (serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remot
 CVE-2016-10751 (osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the  ...)
 	NOT-FOR-US: osClass
 CVE-2019-12311 (Sandline Centraleyezer (On Premises) allows Unrestricted File Upload l ...)
-	TODO: check
+	NOT-FOR-US: Sandline Centraleyezer
 CVE-2019-12310 (ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monit ...)
 	NOT-FOR-US: ExaGrid appliances
 CVE-2019-12309 (dotCMS before 5.1.0 has a path traversal vulnerability exploitable by  ...)
@@ -23099,7 +23099,7 @@ CVE-2019-12300 (Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submit
 	[jessie] - buildbot <not-affected> (Vulnerable code got added later)
 	NOTE: https://github.com/buildbot/buildbot/wiki/OAuth-vulnerability-in-using-submitted-authorization-token-for-authentication
 CVE-2019-12299 (Sandline Centraleyezer (On Premises) allows Stored XSS using HTML enti ...)
-	TODO: check
+	NOT-FOR-US: Sandline Centraleyezer
 CVE-2019-12298 (Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds writ ...)
 	NOT-FOR-US: Leanify
 CVE-2019-12297 (An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1 ...)
@@ -23168,7 +23168,7 @@ CVE-2019-12273
 CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/band ...)
 	NOT-FOR-US: OpenWrt LuCI
 CVE-2019-12271 (Sandline Centraleyezer (On Premises) allows unrestricted File Upload w ...)
-	TODO: check
+	NOT-FOR-US: Sandline Centraleyezer
 CVE-2019-12270 (OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configur ...)
 	NOT-FOR-US: OpenText Brava!
 CVE-2019-12269 (Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PG ...)
@@ -25905,6 +25905,8 @@ CVE-2019-11326 (An issue was discovered on Topcon Positioning Net-G5 GNSS Receiv
 CVE-2019-11325 [Fix escaping of strings in VarExporter]
 	RESERVED
 	- symfony 4.3.8+dfsg-1
+	[buster] - symfony <not-affected> (Vulnerable code not present)
+	[stretch] - symfony <not-affected> (Vulnerable code not present)
 	[jessie] - symfony <not-affected> (Vulnerable code not present)
 	NOTE: https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter
 	NOTE: https://github.com/symfony/symfony/commit/0524868cbf3d3a36e0af804432016d5a6d98169a
@@ -27393,7 +27395,7 @@ CVE-2019-10765
 CVE-2019-10764 (In elliptic-php versions priot to 1.0.6, Timing attacks might be possi ...)
 	TODO: check
 CVE-2019-10763 (pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attack ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2019-10762 (columnQuote in medoo before 1.7.5 allows remote attackers to perform a ...)
 	NOT-FOR-US: medoo
 CVE-2019-10761



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb8678e751a1efb2a1a168bc410ebdfd418d385c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb8678e751a1efb2a1a168bc410ebdfd418d385c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191119/46745bfb/attachment.html>
