[Git][security-tracker-team/security-tracker][master] suricata fixed

Wed Sep 25 21:33:41 BST 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aa50c9ac by Moritz Muehlenhoff at 2019-09-25T20:33:04Z
suricata fixed
exiv n/a
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1153,9 +1153,15 @@ CVE-2019-16413 (An issue was discovered in the Linux kernel before 5.0.4. The 9p
 CVE-2019-16412 (In goform/setSysTools on Tenda N301 wireless routers, attackers can tr ...)
 	NOT-FOR-US: Tenda
 CVE-2019-16411 (An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 pa ...)
-	TODO: check
+	- suricata 1:4.1.5-1 (low)
+	[buster] - suricata <no-dsa> (Minor issue)
+	[stretch] - suricata <no-dsa> (Minor issue)
+	NOTE: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
 CVE-2019-16410 (An issue was discovered in Suricata 4.1.4. By sending multiple fragmen ...)
-	TODO: check
+	- suricata 1:4.1.5-1 (low)
+	[buster] - suricata <no-dsa> (Minor issue)
+	[stretch] - suricata <no-dsa> (Minor issue)
+	NOTE: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
 CVE-2019-16409
 	RESERVED
 CVE-2019-16408
@@ -3199,7 +3205,10 @@ CVE-2019-15701 (components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remot
 CVE-2019-15700 (public/js/frappe/form/footer/timeline.js in Frappe Framework 12 throug ...)
 	NOT-FOR-US: Frappe Framework
 CVE-2019-15699 (An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon rec ...)
-	TODO: check
+	- suricata 1:4.1.5-1 (low)
+	[buster] - suricata <no-dsa> (Minor issue)
+	[stretch] - suricata <no-dsa> (Minor issue)
+	NOTE: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
 CVE-2019-15698 (In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, ...)
 	NOT-FOR-US: Octopus Deploy
 CVE-2019-15697
@@ -4274,7 +4283,7 @@ CVE-2019-15303
 CVE-2019-15302 (The pad management logic in XWiki labs CryptPad before 3.0.0 allows a  ...)
 	NOT-FOR-US: CryptPad
 CVE-2019-15301 (A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.C ...)
-	TODO: check
+	NOT-FOR-US: Terrasoft Bpm'online CRM-System SDK
 CVE-2019-15300
 	RESERVED
 CVE-2019-15299
@@ -4911,7 +4920,7 @@ CVE-2019-15087 (An issue was discovered in PRiSE adAS 1.7.0. An authenticated us
 CVE-2019-15086 (An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter ...)
 	NOT-FOR-US: PRiSE adAS
 CVE-2019-15085 (An issue was discovered in PRiSE adAS 1.7.0. The current database pass ...)
-	TODO: check
+	NOT-FOR-US: PRiSE adAS
 CVE-2019-15084 (Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, insta ...)
 	NOT-FOR-US: Realtek
 CVE-2019-15083
@@ -5341,7 +5350,9 @@ CVE-2019-14984 (eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddO
 CVE-2019-14983
 	RESERVED
 CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerability in ...)
-	TODO: check
+	- exiv2 <not-affected> (Vulnerable code not present)
+	NOTE: https://github.com/Exiv2/exiv2/issues/960
+	NOTE: https://github.com/Exiv2/exiv2/pull/962/commits/e925bc5addd881543fa503470c8a859e112cca62 
 CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is  ...)
 	- imagemagick <unfixed>
 	[jessie] - imagemagick <postponed> (can be fixed along with more important issues)
@@ -8068,9 +8079,9 @@ CVE-2019-14241 (HAProxy through 2.0.2 allows attackers to cause a denial of serv
 CVE-2019-14240 (WCMS v0.3.2 has a CSRF vulnerability, with resultant directory travers ...)
 	NOT-FOR-US: WCMS
 CVE-2019-14239 (On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Acce ...)
-	TODO: check
+	NOT-FOR-US: NXP Kinetis
 CVE-2019-14238 (On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Prote ...)
-	TODO: check
+	NOT-FOR-US: STMicroelectronics
 CVE-2019-14237 (On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Acce ...)
 	NOT-FOR-US: NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices
 CVE-2019-14236 (On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and ...)
@@ -8124,7 +8135,7 @@ CVE-2019-14222 (An issue was discovered in Alfresco Community Edition versions 6
 CVE-2019-14221 (1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishan ...)
 	NOT-FOR-US: 1CRM On-Premise Software
 CVE-2019-14220 (An issue was discovered in BlueStacks 4.110 and below on macOS and on  ...)
-	TODO: check
+	NOT-FOR-US: BlueStacks
 CVE-2019-14219
 	RESERVED
 CVE-2019-14218
@@ -10625,11 +10636,11 @@ CVE-2019-13560 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote atta
 CVE-2019-13559
 	RESERVED
 CVE-2019-13558 (In WebAccess versions 8.4.1 and prior, an exploit executed over the ne ...)
-	TODO: check
+	NOT-FOR-US: WebAccess
 CVE-2019-13557
 	RESERVED
 CVE-2019-13556 (In WebAccess versions 8.4.1 and prior, multiple stack-based buffer ove ...)
-	TODO: check
+	NOT-FOR-US: WebAccess
 CVE-2019-13555
 	RESERVED
 CVE-2019-13554
@@ -10637,11 +10648,11 @@ CVE-2019-13554
 CVE-2019-13553
 	RESERVED
 CVE-2019-13552 (In WebAccess versions 8.4.1 and prior, multiple command injection vuln ...)
-	TODO: check
+	NOT-FOR-US: WebAccess
 CVE-2019-13551
 	RESERVED
 CVE-2019-13550 (In WebAccess, versions 8.4.1 and prior, an improper authorization vuln ...)
-	TODO: check
+	NOT-FOR-US: WebAccess
 CVE-2019-13549
 	RESERVED
 CVE-2019-13548 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aa50c9ac5701929dd3d00f9466769a2bbc02a74f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aa50c9ac5701929dd3d00f9466769a2bbc02a74f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190925/f83a5958/attachment.html>
