[Git][security-tracker-team/security-tracker][master] new bird issue
Moritz Muehlenhoff
jmm at debian.org
Tue Sep 10 09:29:35 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
419b2a14 by Moritz Muehlenhoff at 2019-09-10T08:29:17Z
new bird issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,11 +15,11 @@ CVE-2019-16194
CVE-2019-16193
RESERVED
CVE-2019-16192 (upload_model() in /admini/controllers/system/managemodel.php in DocCms ...)
- TODO: check
+ NOT-FOR-US: DocCMS
CVE-2019-16191
RESERVED
CVE-2019-16190 (SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L RE ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-16189
RESERVED
CVE-2019-16188
@@ -119,7 +119,9 @@ CVE-2019-16161 (Onigmo through 6.2.0 has a NULL pointer dereference in onig_erro
CVE-2019-16160
RESERVED
CVE-2019-16159 (BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 ...)
- TODO: check
+ - bird <unfixed>
+ NOTE: https://gitlab.labs.nic.cz/labs/bird/commit/1657c41c96b3c07d9265b07dd4912033ead4124b
+ NOTE: https://gitlab.labs.nic.cz/labs/bird/commit/8388f5a7e14108a1458fea35bfbb5a453e2c563c
CVE-2019-16158
RESERVED
CVE-2019-16157
@@ -151,24 +153,24 @@ CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c ca
CVE-2019-16148 (Sakai through 12.6 allows XSS via a chat user name. ...)
TODO: check
CVE-2019-16147 (Liferay Portal through 7.2.0 GA1 allows XSS via a journal article titl ...)
- TODO: check
+ NOT-FOR-US: Liferay Portal
CVE-2019-16146 (Gophish through 0.8.0 allows XSS via a username. ...)
- TODO: check
+ NOT-FOR-US: Gophish
CVE-2019-16145 (The breadcrumbs contributed module through 0.2.0 for Padrino Framework ...)
- TODO: check
+ NOT-FOR-US: Padrino module
CVE-2019-16144 (An issue was discovered in the generator crate before 0.6.18 for Rust. ...)
NOT-FOR-US: Rust crate generator
CVE-2019-16143 (An issue was discovered in the blake2 crate before 0.8.1 for Rust. The ...)
NOT-FOR-US: Rust crate blake
CVE-2019-16142 (An issue was discovered in the renderdoc crate before 0.5.0 for Rust. ...)
- TODO: check
+ NOT-FOR-US: Rust crate renderdoc
CVE-2019-16141 (An issue was discovered in the once_cell crate before 1.0.1 for Rust. ...)
- rust-once-cell <not-affected> (Only affects 0.2.5 and later)
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0017.html
CVE-2019-16140 (An issue was discovered in the chttp crate before 0.1.3 for Rust. Ther ...)
NOT-FOR-US: Rust crate chttp
CVE-2019-16139 (An issue was discovered in the compact_arena crate before 0.4.0 for Ru ...)
- TODO: check
+ NOT-FOR-US: Rust crate renderdoc
CVE-2019-16138 (An issue was discovered in the image crate before 0.21.3 for Rust, aff ...)
- rust-image <not-affected> (Fixed before initial upload)
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0014.html
@@ -182,11 +184,11 @@ CVE-2019-16135
CVE-2019-16134
RESERVED
CVE-2019-16133 (An issue was discovered in eteams OA v4.0.34. Because the session is n ...)
- TODO: check
+ NOT-FOR-US: eteams
CVE-2019-16132 (An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control ...)
- TODO: check
+ NOT-FOR-US: OKLite
CVE-2019-16131 (framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary ...)
- TODO: check
+ NOT-FOR-US: OKLite
CVE-2019-16130 (YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.ph ...)
NOT-FOR-US: YII2-CMS
CVE-2019-16129
@@ -198,11 +200,11 @@ CVE-2019-16127
CVE-2019-16126 (Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaSc ...)
TODO: check
CVE-2019-16125 (In Jobberbase 2.0, the parameter category is not sanitized in public/p ...)
- TODO: check
+ NOT-FOR-US: Jobberbase
CVE-2019-16124 (In YouPHPTube 7.4, the file install/checkConfiguration.php has no acce ...)
- TODO: check
+ NOT-FOR-US: YouPHPTube
CVE-2019-16123 (In Kartatopia PilusCart 1.4.1, the parameter filename in the file cata ...)
- TODO: check
+ NOT-FOR-US: Kartatopia PilusCart
CVE-2019-16122
RESERVED
CVE-2019-16121
@@ -220,9 +222,9 @@ CVE-2019-16116
CVE-2019-16115 (In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in ...)
TODO: check
CVE-2019-16114 (In ATutor 2.2.4, an unauthenticated attacker can change the applicatio ...)
- TODO: check
+ NOT-FOR-US: ATutor
CVE-2019-16113 (Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-im ...)
- TODO: check
+ NOT-FOR-US: Bludit
CVE-2019-16112
RESERVED
CVE-2019-16111
@@ -230,19 +232,19 @@ CVE-2019-16111
CVE-2019-16110
RESERVED
CVE-2019-16109 (An issue was discovered in Plataformatec Devise before 4.7.1. It confi ...)
- TODO: check
+ NOT-FOR-US: Plataformatec Devise
CVE-2019-16108
RESERVED
CVE-2019-16107
RESERVED
CVE-2018-21014 (The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-21013 (The Swape theme before 1.2.1 for WordPress has incorrect access contro ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-21012 (The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS. ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-21011 (The charitable plugin before 1.5.14 for WordPress has unauthorized acc ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-16106
RESERVED
CVE-2019-16105 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/419b2a1434823cbe67d98e609ce576f357b1287e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/419b2a1434823cbe67d98e609ce576f357b1287e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190910/cfe02b57/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list