[Git][security-tracker-team/security-tracker][master] ruby-zip no-dsa

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
29a522a6 by Moritz Muehlenhoff at 2019-09-28T20:06:08Z
ruby-zip no-dsa
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,11 +25,11 @@ CVE-2019-16929
 CVE-2019-16927 (Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the ...)
 	TODO: check
 CVE-2019-16926 (Flower 1.0.0 has XSS via a crafted worker name. ...)
-	TODO: check
+	NOT-FOR-US: Flower
 CVE-2019-16925 (Flower 1.0.0 has XSS via the name parameter in an @app.task call. ...)
-	TODO: check
+	NOT-FOR-US: Flower
 CVE-2019-16924 (The Nulock application 1.5.0 for mobile devices sends a cleartext pass ...)
-	TODO: check
+	NOT-FOR-US: Nulock
 CVE-2019-16923 (kkcms 1.3 has jx.php?url= XSS. ...)
 	NOT-FOR-US: kkcms
 CVE-2019-16922 (SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows uninten ...)
@@ -118,7 +118,9 @@ CVE-2019-16894 (download.php in inoERP 4.15 allows SQL injection through insecur
 CVE-2019-16893
 	RESERVED
 CVE-2019-16892 (In Rubyzip before 1.3.0, a crafted ZIP file can bypass application che ...)
-	- ruby-zip <unfixed> (bug #941222)
+	- ruby-zip <unfixed> (low; bug #941222)
+	[buster] - ruby-zip <no-dsa> (Minor issue)
+	[stretch] - ruby-zip <no-dsa> (Minor issue)
 	NOTE: https://github.com/rubyzip/rubyzip/pull/403
 	NOTE: https://github.com/rubyzip/rubyzip/commit/4167f0ce67e42b082605bca75c7bdfd01eb23804
 	NOTE: https://github.com/rubyzip/rubyzip/commit/7849f7362ab0cd23d5730ef8b6f2c39252da2285
@@ -11278,7 +11280,7 @@ CVE-2019-13377 (The implementations of SAE and EAP-pwd in hostapd and wpa_suppli
 	NOTE: "added support for Brainpool Elliptic Curves with SAE"
 	NOTE: Patches: https://w1.fi/security/2019-6/
 CVE-2019-13376 (phpBB version 3.2.7 allows the stealing of an Administration Control P ...)
-	TODO: check
+	- phpbb3 <removed>
 CVE-2019-13375 (A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) ...)
 	NOT-FOR-US: D-Link
 CVE-2019-13374 (A cross-site scripting (XSS) vulnerability in resource view in PayActi ...)
@@ -15123,7 +15125,7 @@ CVE-2019-11929
 CVE-2019-11928
 	RESERVED
 CVE-2019-11927 (An integer overflow in WhatsApp media parsing libraries allows a remot ...)
-	TODO: check
+	NOT-FOR-US: WhatsApp
 CVE-2019-11926 (Insufficient boundary checks when processing M_SOFx markers from JPEG  ...)
 	- hhvm <removed>
 CVE-2019-11925 (Insufficient boundary checks when processing the JPEG APP12 block mark ...)
@@ -22981,9 +22983,9 @@ CVE-2019-9465
 CVE-2019-9464
 	RESERVED
 CVE-2019-9463 (In Platform, there is a possible bypass of user interaction requiremen ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2019-9462 (In Bluetooth, there is a possible out of bounds read due to an incorre ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2019-9461 (In the Android kernel in VPN routing there is a possible information d ...)
 	NOT-FOR-US: Android
 CVE-2019-9460 (In mediaserver, there is a possible out of bounds write due to a missi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/29a522a6f0668ccef532fd4238f420277f2fe1a3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/29a522a6f0668ccef532fd4238f420277f2fe1a3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190928/7595d4ae/attachment.html>