[Git][security-tracker-team/security-tracker][master] new mbedtls issue

Moritz Muehlenhoff jmm at debian.org
Thu Sep 26 21:38:22 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e07336bf by Moritz Muehlenhoff at 2019-09-26T20:37:54Z
new mbedtls issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2019-16916
 	RESERVED
 CVE-2019-16915 (An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/p ...)
-	TODO: check
+	NOT-FOR-US: pfSense
 CVE-2019-16914 (An XSS issue was discovered in pfSense through 2.4.4-p3. In services_c ...)
-	TODO: check
+	NOT-FOR-US: pfSense
 CVE-2019-16913
 	RESERVED
 CVE-2019-16912
@@ -11,7 +11,8 @@ CVE-2019-16912
 CVE-2019-16911
 	RESERVED
 CVE-2019-16910 (Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when dete ...)
-	TODO: check
+	- mbedtls <unfixed>
+	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10
 CVE-2019-16909
 	RESERVED
 CVE-2019-16908
@@ -23,9 +24,9 @@ CVE-2019-16906
 CVE-2019-16905
 	RESERVED
 CVE-2019-16904 (TeamPass 2.1.27.36 allows XSS by setting a crafted password for an ite ...)
-	TODO: check
+	- teampass <itp> (bug #730180)
 CVE-2019-16903 (Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServ ...)
-	TODO: check
+	NOT-FOR-US: Platinum UPnP SDK
 CVE-2015-9456
 	RESERVED
 CVE-2015-9455
@@ -57,7 +58,7 @@ CVE-2019-16896
 CVE-2019-16895
 	REJECTED
 CVE-2019-16894 (download.php in inoERP 4.15 allows SQL injection through insecure dese ...)
-	TODO: check
+	NOT-FOR-US: inoERP
 CVE-2019-16893
 	RESERVED
 CVE-2019-16892 (In Rubyzip before 1.3.0, a crafted ZIP file can bypass application che ...)
@@ -188,7 +189,7 @@ CVE-2015-9418 (The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that al
 CVE-2015-9417 (The testimonial-slider plugin through 1.2.1 for WordPress has CSRF wit ...)
 	NOT-FOR-US: testimonial-slider plugin for WordPress
 CVE-2015-9416 (The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPr ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2015-9415 (The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclu ...)
 	NOT-FOR-US: bj-lazy-load plugin for WordPress
 CVE-2015-9414 (The wp-symposium plugin through 15.8.1 for WordPress has XSS via the w ...)
@@ -424,7 +425,7 @@ CVE-2019-16757
 CVE-2019-16756
 	RESERVED
 CVE-2019-16755 (A vulnerability was discovered in BMC MyIT Digital Workplace DWP befor ...)
-	TODO: check
+	NOT-FOR-US: BMC MyIT Digital Workplace DWP
 CVE-2019-16754 (RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implem ...)
 	NOT-FOR-US: RIOT RIOT-OS
 CVE-2019-16753
@@ -624,7 +625,7 @@ CVE-2019-16669 (The Reset Password feature in Pagekit 1.0.17 gives a different r
 CVE-2019-16668
 	RESERVED
 CVE-2019-16667 (diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or ...)
-	TODO: check
+	NOT-FOR-US: pfSense
 CVE-2019-16666
 	RESERVED
 CVE-2019-16665 (An issue was discovered in ThinkSAAS 2.91. There is XSS via the conten ...)
@@ -984,7 +985,7 @@ CVE-2019-16534 (On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists v
 CVE-2019-16533 (On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access C ...)
 	NOT-FOR-US: DrayTek Vigor2925 devices
 CVE-2019-16532 (An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A m ...)
-	TODO: check
+	NOT-FOR-US: YzmCMS
 CVE-2019-16531 (LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by chan ...)
 	NOT-FOR-US: LayerBB
 CVE-2019-16530



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e07336bff6ec4f1d0a1aa90e5f4ffc5d0cfec1d3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e07336bff6ec4f1d0a1aa90e5f4ffc5d0cfec1d3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190926/20bdd020/attachment.html>

More information about the debian-security-tracker-commits mailing list