[Git][security-tracker-team/security-tracker][master] new linux issue

Moritz Muehlenhoff jmm at debian.org
Tue Oct 22 08:55:46 BST 2019



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d4efe2ea by Moritz Muehlenhoff at 2019-10-22T07:55:20Z
new linux issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2019-18225 (An issue was discovered in Citrix Application Delivery Controller (ADC ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2019-18224 (idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a hea ...)
 	TODO: check
 CVE-2019-18223
@@ -47,7 +47,7 @@ CVE-2019-18205
 CVE-2019-18204
 	RESERVED
 CVE-2019-18203 (On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Ricoh
 CVE-2019-18202 (Information Disclosure is possible on WAGO Series PFC100 and PFC200 de ...)
 	NOT-FOR-US: WAGO Series PFC100 and PFC200 devices
 CVE-2019-18201
@@ -3849,33 +3849,33 @@ CVE-2019-16994 (In the Linux kernel before 5.0, a memory leak exists in sit_init
 CVE-2019-16992 (The Keybase app 2.13.2 for iOS provides potentially insufficient notic ...)
 	NOT-FOR-US: Keybase
 CVE-2019-16991 (In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an un ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16990 (In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.ph ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16989 (In FusionPBX up to v4.5.7, the file app\conferences_active\conference_ ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16988 (In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16987 (In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php us ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16986 (In FusionPBX up to v4.5.7, the file resources\download.php uses an uns ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16985 (In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php use ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16984 (In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php  ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16983 (In FusionPBX up to v4.5.7, the file resources\paging.php has a paging  ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16982 (In FusionPBX up to v4.5.7, the file app\access_controls\access_control ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16981 (In FusionPBX up to v4.5.7, the file app\conference_profiles\conference ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16980 (In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_ ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16979 (In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16978 (In FusionPBX up to v4.5.7, the file app\devices\device_settings.php us ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16977
 	RESERVED
 CVE-2019-16976
@@ -3899,11 +3899,11 @@ CVE-2019-16968
 CVE-2019-16967
 	RESERVED
 CVE-2019-16966 (An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x  ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16965 (resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command inje ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16964 (app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX  ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16963
 	RESERVED
 CVE-2019-16962
@@ -5069,7 +5069,7 @@ CVE-2019-16532 (An HTTP Host header injection vulnerability exists in YzmCMS V5.
 CVE-2019-16531 (LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by chan ...)
 	NOT-FOR-US: LayerBB
 CVE-2019-16530 (Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3. ...)
-	TODO: check
+	NOT-FOR-US: Sonatype
 CVE-2019-16529
 	RESERVED
 	NOT-FOR-US: CheckUser extension for MediawWiki
@@ -27200,7 +27200,7 @@ CVE-2019-9493
 CVE-2019-9492 (A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 an ...)
 	NOT-FOR-US: Trend Micro
 CVE-2019-9491 (Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2019-9490 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...)
 	NOT-FOR-US: Trend Micro InterScan Web Security Virtual Appliance
 CVE-2019-9489 (A directory traversal vulnerability in Trend Micro Apex One, OfficeSca ...)
@@ -46807,7 +46807,8 @@ CVE-2019-2217
 CVE-2019-2216
 	RESERVED
 CVE-2019-2215 (A use-after-free in binder.c allows an elevation of privilege from an  ...)
-	TODO: check
+	- linux 4.16.5-1
+	NOTE: Fixed by: https://git.kernel.org/linus/f5cb779ba16334b45ba8946d6bfa6d9834d1527f
 CVE-2019-2214
 	RESERVED
 CVE-2019-2213



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4efe2ea958edb08fe3f7aaa1b62267fe4df9e1a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4efe2ea958edb08fe3f7aaa1b62267fe4df9e1a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191022/695b444a/attachment.html>


More information about the debian-security-tracker-commits mailing list