[Git][security-tracker-team/security-tracker][master] new libidn2 issue
Moritz Muehlenhoff
jmm at debian.org
Tue Oct 22 22:26:02 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6105ed9f by Moritz Muehlenhoff at 2019-10-22T21:25:39Z
new libidn2 issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -101,7 +101,11 @@ CVE-2019-18226
CVE-2019-18225 (An issue was discovered in Citrix Application Delivery Controller (ADC ...)
NOT-FOR-US: Citrix
CVE-2019-18224 (idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a hea ...)
- TODO: check
+ - libidn2 <unfixed>
+ [stretch] - libidn2 <not-affected> (Vulnerable code not present)
+ [jessie] - libidn2 <not-affected> (Vulnerable code not present)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420
+ NOTE: https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c
CVE-2019-18223
RESERVED
CVE-2019-18222
@@ -3015,7 +3019,7 @@ CVE-2019-17426 (Automattic Mongoose through 5.7.4 allows attackers to bypass acc
CVE-2019-17425
RESERVED
CVE-2019-17424 (A stack-based buffer overflow in the processPrivilage() function in IO ...)
- TODO: check
+ NOT-FOR-US: nipper-ng
CVE-2019-17423
RESERVED
CVE-2019-17422
@@ -3502,7 +3506,7 @@ CVE-2019-17191 (The Signal Private Messenger application before 4.47.7 for Andro
CVE-2019-17190
RESERVED
CVE-2019-17189 (totemodata 3.0.0_b936 has XSS via a folder name. ...)
- TODO: check
+ NOT-FOR-US: totemodata
CVE-2019-17188 (An unrestricted file upload vulnerability was discovered in catalog/pr ...)
NOT-FOR-US: Fecshop FecMall
CVE-2019-17187 (/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_ ...)
@@ -16754,7 +16758,7 @@ CVE-2019-12969
CVE-2019-12968 (A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_ ...)
NOT-FOR-US: Sonic Robo Blast 2
CVE-2019-12967 (Stephan Mooltipass Moolticute through 0.42.1 (and possibly earlier ver ...)
- TODO: check
+ NOT-FOR-US: Stephan Mooltipass Moolticute
CVE-2019-12966 (FeHelper through 2019-06-19 allows arbitrary code execution during a J ...)
NOT-FOR-US: FeHelper
CVE-2018-20847 (An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the functi ...)
@@ -18963,9 +18967,9 @@ CVE-2018-20839 (systemd 242 changes the VT1 mode upon a logout, which allows att
CVE-2019-12149 (SQL injection vulnerability in silverstripe/restfulserver module 1.0.x ...)
NOT-FOR-US: SilverStripe
CVE-2019-12148 (The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interfac ...)
- TODO: check
+ NOT-FOR-US: Sangoma Session Border Controller
CVE-2019-12147 (The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interfac ...)
- TODO: check
+ NOT-FOR-US: Sangoma Session Border Controller
CVE-2019-12146 (A Directory Traversal issue was discovered in SSHServerAPI.dll in Prog ...)
NOT-FOR-US: Progress ipswitch WS_FTP Server
CVE-2019-12145 (A Directory Traversal issue was discovered in SSHServerAPI.dll in Prog ...)
@@ -20333,7 +20337,7 @@ CVE-2017-18369 (The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnl
CVE-2017-18368 (The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 rou ...)
NOT-FOR-US: ZyXEL
CVE-2019-11674 (Man-in-the-middle vulnerability in Micro Focus Self Service Password R ...)
- TODO: check
+ NOT-FOR-US: Micro Focus
CVE-2019-11673
RESERVED
CVE-2019-11672
@@ -39714,7 +39718,7 @@ CVE-2019-4525
CVE-2019-4524
RESERVED
CVE-2019-4523 (IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4522
RESERVED
CVE-2019-4521
@@ -134546,7 +134550,7 @@ CVE-2017-8089
CVE-2017-8088
RESERVED
CVE-2017-8087 (Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with ...)
- TODO: check
+ NOT-FOR-US: AVM
CVE-2017-8086 (Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in Q ...)
{DLA-1497-1 DLA-1035-1 DLA-965-1}
- qemu 1:2.8+dfsg-5 (bug #861348)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6105ed9fdc7084a459cf3d34d742d43773161a3c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6105ed9fdc7084a459cf3d34d742d43773161a3c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191022/bc506426/attachment.html>
More information about the debian-security-tracker-commits
mailing list