[Git][security-tracker-team/security-tracker][master] buster/stretch triage
Moritz Muehlenhoff
jmm at debian.org
Mon Sep 9 17:15:27 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3819aa86 by Moritz Muehlenhoff at 2019-09-09T16:15:05Z
buster/stretch triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -112,6 +112,8 @@ CVE-2019-16097 (core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin
TODO: check
CVE-2016-10937 (IMAPFilter through 2.6.12 does not validate the hostname in an SSL cer ...)
- imapfilter <unfixed> (bug #939702)
+ [buster] - imapfilter <no-dsa> (Minor issue)
+ [stretch] - imapfilter <no-dsa> (Minor issue)
NOTE: https://github.com/lefcha/imapfilter/issues/142
CVE-2019-16096 (Kilo 0.0.1 has a heap-based buffer overflow because there is an intege ...)
NOT-FOR-US: Kilo
@@ -429,9 +431,13 @@ CVE-2019-15947 (In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencr
- bitcoin <unfixed> (bug #939608)
CVE-2019-15946 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet ...)
- opensc <unfixed> (bug #939669)
+ [buster] - opensc <no-dsa> (Minor issue)
+ [stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740
CVE-2019-15945 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitst ...)
- opensc <unfixed> (bug #939668)
+ [buster] - opensc <no-dsa> (Minor issue)
+ [stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68
CVE-2019-15944 (In Counter-Strike: Global Offensive before 8/29/2019, community game s ...)
NOT-FOR-US: Counter-Strike: Global Offensive
@@ -3307,7 +3313,9 @@ CVE-2019-14974 (SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-plat
NOT-FOR-US: SugarCRM
CVE-2019-14973 (_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through ...)
{DLA-1897-1}
- - tiff 4.0.10+git190814-1 (bug #934780)
+ - tiff 4.0.10+git190814-1 (low; bug #934780)
+ [buster] - tiff <no-dsa> (Minor issue)
+ [stretch] - tiff <no-dsa> (Minor issue)
- tiff3 <removed>
NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/90
NOTE: https://gitlab.com/libtiff/libtiff/commit/1b5e3b6a23827c33acf19ad50ce5ce78f12b3773
@@ -3977,6 +3985,8 @@ CVE-2019-14746 (A issue was discovered in KuaiFanCMS 5.0. It allows eval injecti
NOT-FOR-US: KuaiFanCMS
CVE-2019-14745 (In radare2 before 3.7.0, a command injection vulnerability exists in b ...)
- radare2 <unfixed> (bug #934204)
+ [buster] - radare2 <no-dsa> (Minor issue)
+ [stretch] - radare2 <no-dsa> (Minor issue)
NOTE: https://github.com/radare/radare2/pull/14690
CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop files and c ...)
{DSA-4494-1 DLA-1890-1}
@@ -8596,7 +8606,6 @@ CVE-2019-13510 (Rockwell Automation Arena Simulation Software versions 16.00.00
NOT-FOR-US: Rockwell Automation Arena Simulation Software
CVE-2019-13509 (In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06. ...)
- docker.io 18.09.1+dfsg1-8 (bug #932673)
- [buster] - docker.io <no-dsa> (Minor issue)
CVE-2019-13508
RESERVED
CVE-2019-13507 (hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. ...)
@@ -9577,7 +9586,6 @@ CVE-2019-13140
CVE-2019-13139 (In Docker before 18.09.4, an attacker who is capable of supplying or m ...)
[experimental] - docker.io 18.09.5+dfsg1-1
- docker.io 18.09.1+dfsg1-8 (bug #933002)
- [buster] - docker.io <no-dsa> (Minor issue)
NOTE: https://github.com/moby/moby/pull/38944
NOTE: https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/
CVE-2019-13138
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3819aa863451de0087dcdf49684b64fa747ed91c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3819aa863451de0087dcdf49684b64fa747ed91c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190909/95fa025f/attachment.html>
More information about the debian-security-tracker-commits
mailing list