[Git][security-tracker-team/security-tracker][master] new proftpd issues

Moritz Muehlenhoff jmm at debian.org
Tue Nov 26 10:43:51 GMT 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a895beca by Moritz Muehlenhoff at 2019-11-26T10:43:22Z
new proftpd issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,23 @@
 CVE-2019-19272 (An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Dir ...)
-	TODO: check
+	- proftpd-dfsg <unfixed>
+	[buster] - proftpd-dfsg <no-dsa> (Minor issue)
+	[stretch] - proftpd-dfsg <no-dsa> (Minor issue)
+	NOTE: https://github.com/proftpd/proftpd/issues/858
 CVE-2019-19271 (An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A w ...)
-	TODO: check
+	- proftpd-dfsg <unfixed>
+	[buster] - proftpd-dfsg <no-dsa> (Minor issue)
+	[stretch] - proftpd-dfsg <no-dsa> (Minor issue)
+	NOTE: https://github.com/proftpd/proftpd/issues/860
 CVE-2019-19270 (An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. F ...)
-	TODO: check
+	- proftpd-dfsg <unfixed>
+	[buster] - proftpd-dfsg <no-dsa> (Minor issue)
+	[stretch] - proftpd-dfsg <no-dsa> (Minor issue)
+	NOTE: https://github.com/proftpd/proftpd/issues/859
 CVE-2019-19269 (An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A ...)
-	TODO: check
+	- proftpd-dfsg <unfixed>
+	[buster] - proftpd-dfsg <no-dsa> (Minor issue)
+	[stretch] - proftpd-dfsg <no-dsa> (Minor issue)
+	NOTE: https://github.com/proftpd/proftpd/issues/861
 CVE-2019-19268
 	RESERVED
 CVE-2019-19267
@@ -4719,9 +4731,9 @@ CVE-2019-18253
 CVE-2019-18252
 	RESERVED
 CVE-2019-18251 (In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervis ...)
-	TODO: check
+	NOT-FOR-US: Omron
 CVE-2019-18250 (In all versions of ABB Power Generation Information Manager (PGIM) and ...)
-	TODO: check
+	NOT-FOR-US: ABB
 CVE-2019-18249
 	RESERVED
 CVE-2019-18248
@@ -4739,7 +4751,7 @@ CVE-2019-18243
 CVE-2019-18242
 	RESERVED
 CVE-2019-18241 (In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all ver ...)
-	TODO: check
+	NOT-FOR-US: Philips
 CVE-2019-18240 (In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer o ...)
 	NOT-FOR-US: Fuji
 CVE-2019-18239
@@ -11429,23 +11441,23 @@ CVE-2019-16004
 CVE-2019-16003
 	RESERVED
 CVE-2019-16002 (A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-W ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-16001 (A vulnerability in the loading mechanism of specific dynamic link libr ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-16000
 	RESERVED
 CVE-2019-15999
 	RESERVED
 CVE-2019-15998 (A vulnerability in the access-control logic of the NETCONF over Secure ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15997 (A vulnerability in Cisco DNA Spaces: Connector could allow an authenti ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15996 (A vulnerability in Cisco DNA Spaces: Connector could allow an authenti ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15995 (A vulnerability in the web UI of Cisco DNA Spaces: Connector could all ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15994 (A vulnerability in the web-based management interface of Cisco Stealth ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15993
 	RESERVED
 CVE-2019-15992
@@ -11453,15 +11465,15 @@ CVE-2019-15992
 CVE-2019-15991
 	RESERVED
 CVE-2019-15990 (A vulnerability in the web-based management interface of certain Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15989
 	RESERVED
 CVE-2019-15988 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15987 (A vulnerability in web interface of the Cisco Webex Event Center, Cisc ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15986 (A vulnerability in the CLI of Cisco Unity Express could allow an authe ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15985
 	RESERVED
 CVE-2019-15984
@@ -11487,19 +11499,19 @@ CVE-2019-15975
 CVE-2019-15974
 	RESERVED
 CVE-2019-15973 (A vulnerability in the web-based management interface of Cisco Industr ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15972 (A vulnerability in the web-based management interface of Cisco Unified ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15971 (A vulnerability in the MP3 detection engine of Cisco AsyncOS Software  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15970
 	RESERVED
 CVE-2019-15969
 	RESERVED
 CVE-2019-15968 (A vulnerability in the web-based management interface of Cisco Unified ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15967 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15966 (A vulnerability in the web application of Cisco TelePresence Advanced  ...)
 	NOT-FOR-US: Cisco TelePresence Advanced Media Gateway
 CVE-2019-15965
@@ -11517,15 +11529,15 @@ CVE-2019-15961
 	[stretch] - clamav <no-dsa> (ClamAV is updated via -updates)
 	NOTE: https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html
 CVE-2019-15960 (A vulnerability in the Webex Network Recording Admin page of Cisco Web ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15959
 	RESERVED
 CVE-2019-15958 (A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15957
 	RESERVED
 CVE-2019-15956 (A vulnerability in the web management interface of Cisco AsyncOS Softw ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15955 (An issue was discovered in Total.js CMS 12.0.0. A low privilege user c ...)
 	NOT-FOR-US: Total.js CMS
 CVE-2019-15954 (An issue was discovered in Total.js CMS 12.0.0. An authenticated user  ...)
@@ -12532,7 +12544,7 @@ CVE-2019-15631
 CVE-2019-15630 (Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider com ...)
 	NOT-FOR-US: Mulesoft
 CVE-2019-15629 (Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2019-15628
 	RESERVED
 CVE-2019-15627 (Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent ar ...)
@@ -12600,7 +12612,7 @@ CVE-2019-15597
 CVE-2019-15596
 	RESERVED
 CVE-2019-15595 (A privilege escalation exists in UniFi Video Controller =<3.10.6 th ...)
-	TODO: check
+	NOT-FOR-US: UniFi Video Controller
 CVE-2019-15594
 	RESERVED
 CVE-2019-15593 (GitLab 12.2.3 contains a security vulnerability that allows a user to  ...)
@@ -13444,15 +13456,15 @@ CVE-2019-15293 (An issue was discovered in ACDSee Photo Studio Standard 22.1 Bui
 CVE-2019-15289
 	RESERVED
 CVE-2019-15288 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15287
 	RESERVED
 CVE-2019-15286 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15285
 	RESERVED
 CVE-2019-15284 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15283
 	RESERVED
 CVE-2019-15282 (A vulnerability in the web-based management interface of Cisco Identit ...)
@@ -13468,7 +13480,7 @@ CVE-2019-15278
 CVE-2019-15277 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
 	NOT-FOR-US: Cisco
 CVE-2019-15276 (A vulnerability in the web interface of Cisco Wireless LAN Controller  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15275 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
 	NOT-FOR-US: Cisco
 CVE-2019-15274 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
@@ -13478,7 +13490,7 @@ CVE-2019-15273 (Multiple vulnerabilities in the CLI of Cisco TelePresence Collab
 CVE-2019-15272 (A vulnerability in the web-based interface of Cisco Unified Communicat ...)
 	NOT-FOR-US: Cisco
 CVE-2019-15271 (A vulnerability in the web-based management interface of certain Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-15270 (A vulnerability in the web-based management interface of Cisco Firepow ...)
 	NOT-FOR-US: Cisco
 CVE-2019-15269 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -26376,7 +26388,7 @@ CVE-2019-11292
 CVE-2019-11291 (Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior  ...)
 	TODO: check
 CVE-2019-11290 (Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query p ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2019-11289 (Cloud Foundry Routing, all versions before 0.193.0, does not properly  ...)
 	NOT-FOR-US: Cloud Foundry Routing
 CVE-2019-11288



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a895beca9a05c1dd1eb7112c08842129b24a7c57

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a895beca9a05c1dd1eb7112c08842129b24a7c57
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191126/a73f9f9e/attachment.html>

More information about the debian-security-tracker-commits mailing list