[Git][security-tracker-team/security-tracker][master] new ruby-zip issue
Moritz Muehlenhoff
jmm at debian.org
Thu Sep 26 16:37:11 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
29132fbd by Moritz Muehlenhoff at 2019-09-26T15:36:52Z
new ruby-zip issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2019-16902
RESERVED
CVE-2019-16901 (Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2019-16900 (Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV sta ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2019-16899 (In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Add ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2019-16898
RESERVED
CVE-2019-16897
@@ -19,13 +19,14 @@ CVE-2019-16894
CVE-2019-16893
RESERVED
CVE-2019-16892 (In Rubyzip before 1.3.0, a crafted ZIP file can bypass application che ...)
- TODO: check
+ - ruby-zip <unfixed>
+ NOTE: https://github.com/rubyzip/rubyzip/pull/403
CVE-2019-16891
RESERVED
CVE-2019-16890 (Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content ...)
- TODO: check
+ NOT-FOR-US: Halo
CVE-2019-16889 (Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause ...)
- TODO: check
+ NOT-FOR-US: Ubiquiti EdgeMAX
CVE-2017-18635 (An XSS vulnerability was discovered in noVNC before 0.6.2 in which the ...)
TODO: check
CVE-2019-16888
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/29132fbdb614b46d4840795285f8e01e2b2a0916
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/29132fbdb614b46d4840795285f8e01e2b2a0916
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190926/bd894fb7/attachment.html>
More information about the debian-security-tracker-commits
mailing list