[Git][security-tracker-team/security-tracker][master] new bird issue

Moritz Muehlenhoff jmm at debian.org
Tue Sep 10 09:29:35 BST 2019



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
419b2a14 by Moritz Muehlenhoff at 2019-09-10T08:29:17Z
new bird issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,11 +15,11 @@ CVE-2019-16194
 CVE-2019-16193
 	RESERVED
 CVE-2019-16192 (upload_model() in /admini/controllers/system/managemodel.php in DocCms ...)
-	TODO: check
+	NOT-FOR-US: DocCMS
 CVE-2019-16191
 	RESERVED
 CVE-2019-16190 (SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L RE ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-16189
 	RESERVED
 CVE-2019-16188
@@ -119,7 +119,9 @@ CVE-2019-16161 (Onigmo through 6.2.0 has a NULL pointer dereference in onig_erro
 CVE-2019-16160
 	RESERVED
 CVE-2019-16159 (BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 ...)
-	TODO: check
+	- bird <unfixed>
+	NOTE: https://gitlab.labs.nic.cz/labs/bird/commit/1657c41c96b3c07d9265b07dd4912033ead4124b
+	NOTE: https://gitlab.labs.nic.cz/labs/bird/commit/8388f5a7e14108a1458fea35bfbb5a453e2c563c
 CVE-2019-16158
 	RESERVED
 CVE-2019-16157
@@ -151,24 +153,24 @@ CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c ca
 CVE-2019-16148 (Sakai through 12.6 allows XSS via a chat user name. ...)
 	TODO: check
 CVE-2019-16147 (Liferay Portal through 7.2.0 GA1 allows XSS via a journal article titl ...)
-	TODO: check
+	NOT-FOR-US: Liferay Portal
 CVE-2019-16146 (Gophish through 0.8.0 allows XSS via a username. ...)
-	TODO: check
+	NOT-FOR-US: Gophish
 CVE-2019-16145 (The breadcrumbs contributed module through 0.2.0 for Padrino Framework ...)
-	TODO: check
+	NOT-FOR-US: Padrino module
 CVE-2019-16144 (An issue was discovered in the generator crate before 0.6.18 for Rust. ...)
 	NOT-FOR-US: Rust crate generator
 CVE-2019-16143 (An issue was discovered in the blake2 crate before 0.8.1 for Rust. The ...)
 	NOT-FOR-US: Rust crate blake
 CVE-2019-16142 (An issue was discovered in the renderdoc crate before 0.5.0 for Rust.  ...)
-	TODO: check
+	NOT-FOR-US: Rust crate renderdoc
 CVE-2019-16141 (An issue was discovered in the once_cell crate before 1.0.1 for Rust.  ...)
 	- rust-once-cell <not-affected> (Only affects 0.2.5 and later)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0017.html
 CVE-2019-16140 (An issue was discovered in the chttp crate before 0.1.3 for Rust. Ther ...)
 	NOT-FOR-US: Rust crate chttp
 CVE-2019-16139 (An issue was discovered in the compact_arena crate before 0.4.0 for Ru ...)
-	TODO: check
+	NOT-FOR-US: Rust crate renderdoc
 CVE-2019-16138 (An issue was discovered in the image crate before 0.21.3 for Rust, aff ...)
 	- rust-image <not-affected> (Fixed before initial upload)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0014.html
@@ -182,11 +184,11 @@ CVE-2019-16135
 CVE-2019-16134
 	RESERVED
 CVE-2019-16133 (An issue was discovered in eteams OA v4.0.34. Because the session is n ...)
-	TODO: check
+	NOT-FOR-US: eteams
 CVE-2019-16132 (An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control ...)
-	TODO: check
+	NOT-FOR-US: OKLite
 CVE-2019-16131 (framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary ...)
-	TODO: check
+	NOT-FOR-US: OKLite
 CVE-2019-16130 (YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.ph ...)
 	NOT-FOR-US: YII2-CMS
 CVE-2019-16129
@@ -198,11 +200,11 @@ CVE-2019-16127
 CVE-2019-16126 (Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaSc ...)
 	TODO: check
 CVE-2019-16125 (In Jobberbase 2.0, the parameter category is not sanitized in public/p ...)
-	TODO: check
+	NOT-FOR-US: Jobberbase
 CVE-2019-16124 (In YouPHPTube 7.4, the file install/checkConfiguration.php has no acce ...)
-	TODO: check
+	NOT-FOR-US: YouPHPTube
 CVE-2019-16123 (In Kartatopia PilusCart 1.4.1, the parameter filename in the file cata ...)
-	TODO: check
+	NOT-FOR-US: Kartatopia PilusCart
 CVE-2019-16122
 	RESERVED
 CVE-2019-16121
@@ -220,9 +222,9 @@ CVE-2019-16116
 CVE-2019-16115 (In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in ...)
 	TODO: check
 CVE-2019-16114 (In ATutor 2.2.4, an unauthenticated attacker can change the applicatio ...)
-	TODO: check
+	NOT-FOR-US: ATutor
 CVE-2019-16113 (Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-im ...)
-	TODO: check
+	NOT-FOR-US: Bludit
 CVE-2019-16112
 	RESERVED
 CVE-2019-16111
@@ -230,19 +232,19 @@ CVE-2019-16111
 CVE-2019-16110
 	RESERVED
 CVE-2019-16109 (An issue was discovered in Plataformatec Devise before 4.7.1. It confi ...)
-	TODO: check
+	NOT-FOR-US: Plataformatec Devise
 CVE-2019-16108
 	RESERVED
 CVE-2019-16107
 	RESERVED
 CVE-2018-21014 (The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2018-21013 (The Swape theme before 1.2.1 for WordPress has incorrect access contro ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2018-21012 (The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS. ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2018-21011 (The charitable plugin before 1.5.14 for WordPress has unauthorized acc ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2019-16106
 	RESERVED
 CVE-2019-16105 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory t ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/419b2a1434823cbe67d98e609ce576f357b1287e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/419b2a1434823cbe67d98e609ce576f357b1287e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190910/cfe02b57/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list