[Git][security-tracker-team/security-tracker][master] new libidn2 issue

Moritz Muehlenhoff jmm at debian.org
Tue Oct 22 22:26:02 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6105ed9f by Moritz Muehlenhoff at 2019-10-22T21:25:39Z
new libidn2 issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -101,7 +101,11 @@ CVE-2019-18226
 CVE-2019-18225 (An issue was discovered in Citrix Application Delivery Controller (ADC ...)
 	NOT-FOR-US: Citrix
 CVE-2019-18224 (idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a hea ...)
-	TODO: check
+	- libidn2 <unfixed>
+	[stretch] - libidn2 <not-affected> (Vulnerable code not present)
+	[jessie] - libidn2 <not-affected> (Vulnerable code not present)
+	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420
+	NOTE: https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c
 CVE-2019-18223
 	RESERVED
 CVE-2019-18222
@@ -3015,7 +3019,7 @@ CVE-2019-17426 (Automattic Mongoose through 5.7.4 allows attackers to bypass acc
 CVE-2019-17425
 	RESERVED
 CVE-2019-17424 (A stack-based buffer overflow in the processPrivilage() function in IO ...)
-	TODO: check
+	NOT-FOR-US: nipper-ng
 CVE-2019-17423
 	RESERVED
 CVE-2019-17422
@@ -3502,7 +3506,7 @@ CVE-2019-17191 (The Signal Private Messenger application before 4.47.7 for Andro
 CVE-2019-17190
 	RESERVED
 CVE-2019-17189 (totemodata 3.0.0_b936 has XSS via a folder name. ...)
-	TODO: check
+	NOT-FOR-US: totemodata
 CVE-2019-17188 (An unrestricted file upload vulnerability was discovered in catalog/pr ...)
 	NOT-FOR-US: Fecshop FecMall
 CVE-2019-17187 (/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_ ...)
@@ -16754,7 +16758,7 @@ CVE-2019-12969
 CVE-2019-12968 (A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_ ...)
 	NOT-FOR-US: Sonic Robo Blast 2
 CVE-2019-12967 (Stephan Mooltipass Moolticute through 0.42.1 (and possibly earlier ver ...)
-	TODO: check
+	NOT-FOR-US: Stephan Mooltipass Moolticute
 CVE-2019-12966 (FeHelper through 2019-06-19 allows arbitrary code execution during a J ...)
 	NOT-FOR-US: FeHelper
 CVE-2018-20847 (An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the functi ...)
@@ -18963,9 +18967,9 @@ CVE-2018-20839 (systemd 242 changes the VT1 mode upon a logout, which allows att
 CVE-2019-12149 (SQL injection vulnerability in silverstripe/restfulserver module 1.0.x ...)
 	NOT-FOR-US: SilverStripe
 CVE-2019-12148 (The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interfac ...)
-	TODO: check
+	NOT-FOR-US: Sangoma Session Border Controller
 CVE-2019-12147 (The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interfac ...)
-	TODO: check
+	NOT-FOR-US: Sangoma Session Border Controller
 CVE-2019-12146 (A Directory Traversal issue was discovered in SSHServerAPI.dll in Prog ...)
 	NOT-FOR-US: Progress ipswitch WS_FTP Server
 CVE-2019-12145 (A Directory Traversal issue was discovered in SSHServerAPI.dll in Prog ...)
@@ -20333,7 +20337,7 @@ CVE-2017-18369 (The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnl
 CVE-2017-18368 (The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 rou ...)
 	NOT-FOR-US: ZyXEL
 CVE-2019-11674 (Man-in-the-middle vulnerability in Micro Focus Self Service Password R ...)
-	TODO: check
+	NOT-FOR-US: Micro Focus
 CVE-2019-11673
 	RESERVED
 CVE-2019-11672
@@ -39714,7 +39718,7 @@ CVE-2019-4525
 CVE-2019-4524
 	RESERVED
 CVE-2019-4523 (IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4522
 	RESERVED
 CVE-2019-4521
@@ -134546,7 +134550,7 @@ CVE-2017-8089
 CVE-2017-8088
 	RESERVED
 CVE-2017-8087 (Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with ...)
-	TODO: check
+	NOT-FOR-US: AVM
 CVE-2017-8086 (Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in Q ...)
 	{DLA-1497-1 DLA-1035-1 DLA-965-1}
 	- qemu 1:2.8+dfsg-5 (bug #861348)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6105ed9fdc7084a459cf3d34d742d43773161a3c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6105ed9fdc7084a459cf3d34d742d43773161a3c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191022/bc506426/attachment.html>

More information about the debian-security-tracker-commits mailing list