[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Tue Oct 1 21:22:12 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
433fa4ba by Salvatore Bonaccorso at 2019-10-01T20:20:29Z
Process some NFUs
- - - - -
f17f6a50 by Salvatore Bonaccorso at 2019-10-01T20:20:30Z
Add CVE-2019-1706{7,8,9}/putty
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2019-17074 (An issue was discovered in XunRuiCMS 4.3.1. There is a stored XSS in t ...)
- TODO: check
+ NOT-FOR-US: XunRuiCMS
CVE-2019-17073 (emlog through 6.0.0beta allows remote authenticated users to delete ar ...)
- TODO: check
+ NOT-FOR-US: emlog
CVE-2019-17072
RESERVED
CVE-2019-17071
@@ -9,11 +9,15 @@ CVE-2019-17071
CVE-2019-17070
RESERVED
CVE-2019-17069 (PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial o ...)
- TODO: check
+ - putty 0.73-1
+ NOTE: https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html
CVE-2019-17068 (PuTTY before 0.73 mishandles the "bracketed paste mode" protection mec ...)
- TODO: check
+ - putty 0.73-1
+ NOTE: https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html
+ TODO: check, potentially only broken in 0.72.
CVE-2019-17067 (PuTTY before 0.73 on Windows improperly opens port-forwarding listenin ...)
- TODO: check
+ - putty <not-affected> (Windows-specific)
+ NOTE: https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html
CVE-2019-17066
RESERVED
CVE-2019-17065
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b84607d55cadf00d317ce7fc53848a7846afc1e0...f17f6a50e3fe0030f9b76fa708c15b7654167d50
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b84607d55cadf00d317ce7fc53848a7846afc1e0...f17f6a50e3fe0030f9b76fa708c15b7654167d50
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191001/31beb400/attachment.html>
More information about the debian-security-tracker-commits
mailing list