[Git][security-tracker-team/security-tracker][master] Add Exim upstream commit

Moritz Muehlenhoff jmm at debian.org
Fri Sep 6 11:50:52 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8d658bdb by Moritz Muehlenhoff at 2019-09-06T10:50:15Z
Add Exim upstream commit
ffmpeg n/a
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30,7 +30,8 @@ CVE-2019-15944 (In Counter-Strike: Global Offensive before 8/29/2019, community
 CVE-2019-15943
 	RESERVED
 CVE-2019-15942 (FFmpeg through 4.2 has a "Conditional jump or move depends on uninitia ...)
-	TODO: check
+	- ffmpeg <not-affected> (Only affects 4.2)
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=af70bfbeadc0c9b9215cf045ff2a6a31e8ac3a71
 CVE-2019-15941
 	RESERVED
 CVE-2019-15940
@@ -270,7 +271,7 @@ CVE-2019-15850
 CVE-2019-15849
 	RESERVED
 CVE-2019-15848 (JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XS ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2019-15847 (The POWER9 backend in GNU Compiler Collection (GCC) before version 10  ...)
 	TODO: check
 CVE-2015-9383 (FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_v ...)
@@ -292,6 +293,7 @@ CVE-2019-15846 [local or remote attacker can execute programs with root privileg
 	RESERVED
 	- exim4 <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/09/04/1
+	NOTE: https://git.exim.org/exim.git/commit/2600301ba6dbac5c9d640c87007a07ee6dcea1f4
 CVE-2019-XXXX [rust image: Flaw in interface may drop uninitialized instance of arbitrary types]
 	- rust-image <not-affected> (Fixed before initial upload)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0014.html
@@ -2613,7 +2615,7 @@ CVE-2019-15031
 CVE-2019-15030
 	RESERVED
 CVE-2019-15029 (FusionPBX 4.4.8 allows an attacker to execute arbitrary system command ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-15028 (In Joomla! before 3.9.11, inadequate checks in com_contact could allow ...)
 	NOT-FOR-US: Joomla!
 CVE-2019-15027 (The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on  ...)
@@ -2752,7 +2754,7 @@ CVE-2019-14995
 CVE-2019-14994
 	RESERVED
 CVE-2019-14993 (Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressi ...)
-	TODO: check
+	NOT-FOR-US: Istio
 CVE-2019-14992
 	REJECTED
 CVE-2019-14991
@@ -5106,7 +5108,7 @@ CVE-2019-14341
 CVE-2019-14340
 	RESERVED
 CVE-2019-14339 (The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2 ...)
-	TODO: check
+	NOT-FOR-US: CANON
 CVE-2019-14338 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...)
 	NOT-FOR-US: D-Link
 CVE-2019-14337 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...)
@@ -5146,7 +5148,7 @@ CVE-2019-14321
 CVE-2019-14320
 	RESERVED
 CVE-2019-14319 (The TikTok (formerly Musical.ly) application 12.2.0 for Android and iO ...)
-	TODO: check
+	NOT-FOR-US: TikTok
 CVE-2019-14318 (Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA sig ...)
 	[experimental] - libcrypto++ 8.2.0-2
 	- libcrypto++ 5.6.4-9 (low; bug #934326)
@@ -5170,9 +5172,9 @@ CVE-2019-14310
 CVE-2019-14309
 	RESERVED
 CVE-2019-14308 (Several Ricoh printers have multiple buffer overflows parsing LPD pack ...)
-	TODO: check
+	NOT-FOR-US: Ricoh
 CVE-2019-14307 (Several Ricoh printers have multiple buffer overflows parsing HTTP par ...)
-	TODO: check
+	NOT-FOR-US: Ricoh
 CVE-2019-14306
 	RESERVED
 CVE-2019-14305 (Several Ricoh printers have multiple buffer overflows parsing HTTP par ...)
@@ -29905,7 +29907,7 @@ CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOO
 CVE-2019-5591
 	RESERVED
 CVE-2019-5590 (The URL part of the report message is not encoded in Fortinet FortiWeb ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2019-5589 (An Unsafe Search Path vulnerability in FortiClient Online Installer (W ...)
 	NOT-FOR-US: FortiGuard
 CVE-2019-5588 (A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet Forti ...)
@@ -30025,7 +30027,7 @@ CVE-2019-5532
 CVE-2019-5531
 	RESERVED
 CVE-2019-5530 (Windows binaries generated with InstallBuilder versions earlier than 1 ...)
-	TODO: check
+	NOT-FOR-US: InstallBuilder
 CVE-2019-5529
 	RESERVED
 CVE-2019-5528 (VMware ESXi 6.5 suffers from partial denial of service vulnerability i ...)
@@ -30140,9 +30142,9 @@ CVE-2019-5477 (A command injection vulnerability in Nokogiri v1.10.3 and earlier
 	NOTE: https://github.com/tenderlove/rexical/commit/a652474dbc66be350055db3e8f9b3a7b3fd75926
 	NOTE: Change in rexical is covered by the scope of this CVE.
 CVE-2019-5476 (An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running o ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Lookup-Server
 CVE-2019-5475 (The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Exe ...)
-	TODO: check
+	NOT-FOR-US: Nexus Yum Repository Plugin
 CVE-2019-5474 [Override Merge Request Approval Rules]
 	RESERVED
 	- gitlab <not-affected> (Only affects Gitlab EE 11.8 and later)
@@ -31030,7 +31032,7 @@ CVE-2019-5071
 CVE-2019-5070 (An exploitable SQL injection vulnerability exists in the unauthenticat ...)
 	TODO: check
 CVE-2019-5069 (A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. ...)
-	TODO: check
+	NOT-FOR-US: Epignosis eFront LMS
 CVE-2019-5068
 	RESERVED
 CVE-2019-5067



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d658bdbe958d00217868e5d8ed33e76f5cb7d64

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d658bdbe958d00217868e5d8ed33e76f5cb7d64
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190906/567fdfb2/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list