[Git][security-tracker-team/security-tracker][master] knockout unimportant

Moritz Muehlenhoff jmm at debian.org
Tue Oct 22 09:16:50 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ff6200f6 by Moritz Muehlenhoff at 2019-10-22T08:16:09Z
knockout unimportant
bugs for file, angular, proftpd
new unoconv issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,11 +13,11 @@ CVE-2019-18220
 CVE-2019-18219
 	RESERVED
 CVE-2019-18218 (cdf_read_property_info in cdf.c in file through 5.37 does not restrict ...)
-	- file <unfixed>
+	- file <unfixed> (bug #942830)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780
 	NOTE: https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 
 CVE-2019-18217 (ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauth ...)
-	- proftpd-dfsg <unfixed>
+	- proftpd-dfsg <unfixed> (bug #942831)
 	NOTE: https://github.com/proftpd/proftpd/commit/13fe9462787b9a551152162f46f1641d65fe4df4
 	NOTE: https://github.com/proftpd/proftpd/issues/846
 CVE-2019-18216 (** DISPUTED ** The BIOS configuration design on ASUS ROG Zephyrus M GM ...)
@@ -2972,7 +2972,7 @@ CVE-2019-17401 (** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer ov
 	[stretch] - liblnk <no-dsa> (Minor issue)
 	NOTE: https://github.com/libyal/liblnk/issues/40
 CVE-2019-17400 (The unoconv package before 0.9 mishandles untrusted pathnames, leading ...)
-	TODO: check
+	- unoconv <unfixed>
 CVE-2019-17399 (The Shack Forms Pro extension before 4.0.32 for Joomla! allows path tr ...)
 	NOT-FOR-US: Shack Forms Pro extension for Joomla!
 CVE-2019-17398 (In the Dark Horse Comics application 1.3.21 for Android, token informa ...)
@@ -3337,7 +3337,7 @@ CVE-2019-17222
 CVE-2019-17221
 	RESERVED
 CVE-2019-17220 (Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line. ...)
-	TODO: check
+	NOT-FOR-US: Rocket.Chat
 CVE-2019-17219 (An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ether ...)
 	NOT-FOR-US: V-Zug Combi-Steam MSLQ devices
 CVE-2019-17218 (An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ether ...)
@@ -3883,7 +3883,7 @@ CVE-2019-16976
 CVE-2019-16975
 	RESERVED
 CVE-2019-16974 (In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16973
 	RESERVED
 CVE-2019-16972
@@ -3891,13 +3891,13 @@ CVE-2019-16972
 CVE-2019-16971
 	RESERVED
 CVE-2019-16970 (In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses  ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16969 (In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php  ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16968 (An issue was discovered in FusionPBX up to 4.5.7. In the file app\conf ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16967 (An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x befor ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16966 (An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x  ...)
 	NOT-FOR-US: FusionPBX
 CVE-2019-16965 (resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command inje ...)
@@ -5334,7 +5334,7 @@ CVE-2019-16406
 CVE-2019-16405
 	RESERVED
 CVE-2019-16404 (Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2019-16403 (In Webkul Bagisto before 0.1.5, the functionalities for customers to c ...)
 	NOT-FOR-US: Webkul Bagisto
 CVE-2019-16402
@@ -10007,14 +10007,15 @@ CVE-2019-14864
 	RESERVED
 CVE-2019-14863
 	RESERVED
-	- angular.js
+	- angular.js (bug #942833)
 	NOTE: https://snyk.io/vuln/npm:angular:20150807
 CVE-2019-14862
 	RESERVED
-	- node-knockout <unfixed>
+	- node-knockout <unfixed> (unimportant)
 	NOTE: https://github.com/knockout/knockout/issues/1244
 	NOTE: https://github.com/knockout/knockout/pull/2345
 	NOTE: https://github.com/knockout/knockout/commit/7e280b2b8a04cc19176b5171263a5c68bda98efb
+	NOTE: Only impacts browsers which are totally insecure and EOLed anyway
 CVE-2019-14861
 	RESERVED
 CVE-2019-14860



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff6200f64a368304dd22de82b522da42af845164

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff6200f64a368304dd22de82b522da42af845164
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191022/e82f536e/attachment.html>

More information about the debian-security-tracker-commits mailing list