[Git][security-tracker-team/security-tracker][master] Replace nonworking https://cgit.kde.org referenes with github commits
Salvatore Bonaccorso
carnil at debian.org
Sun Aug 23 22:23:10 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8b037783 by Salvatore Bonaccorso at 2020-08-23T23:22:22+02:00
Replace nonworking https://cgit.kde.org referenes with github commits
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25646,7 +25646,7 @@ CVE-2020-12755 (fishProtocol::establishConnection in fish/fish.cpp in KDE kio-ex
- kio-extras <unfixed> (low; bug #960306)
[buster] - kio-extras <no-dsa> (Minor issue)
[stretch] - kio-extras <no-dsa> (Minor issue)
- NOTE: https://cgit.kde.org/kio-extras.git/commit/?id=d813cef3cecdec9af1532a40d677a203ff979145
+ NOTE: https://github.com/KDE/kio-extras/commit/d813cef3cecdec9af1532a40d677a203ff979145
CVE-2019-20794 (An issue was discovered in the Linux kernel 4.18 through 5.6.11 when u ...)
- linux <unfixed>
NOTE: https://sourceforge.net/p/fuse/mailman/message/36598753/
@@ -28495,7 +28495,7 @@ CVE-2020-11880 (An issue was discovered in KDE KMail before 19.12.3. By using th
- kdepim <removed>
[stretch] - kdepim <no-dsa> (Minor issue)
[jessie] - kdepim <no-dsa> (Minor issue)
- NOTE: https://cgit.kde.org/kmail.git/commit/?id=2a348eccd352260f192d9b449492071bbf2b34b1
+ NOTE: https://github.com/KDE/kmail/commit/2a348eccd352260f192d9b449492071bbf2b34b1
CVE-2020-11879 (An issue was discovered in GNOME Evolution before 3.35.91. By using th ...)
- evolution 3.36.0-1
[buster] - evolution <no-dsa> (Minor issue)
@@ -72967,8 +72967,8 @@ CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop files
[stretch] - kde4libs <no-dsa> (Minor issue)
NOTE: https://gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txt
NOTE: https://kde.org/info/security/advisory-20190807-1.txt
- NOTE: kconfig: https://cgit.kde.org/kconfig.git/commit/?id=5d3e71b1d2ecd2cb2f910036e614ffdfc895aa22
- NOTE: kdelibs: https://cgit.kde.org/kdelibs.git/commit/?id=2c3762feddf7e66cf6b64d9058f625a715694a00
+ NOTE: kconfig: https://github.com/KDE/kconfig/commit/5d3e71b1d2ecd2cb2f910036e614ffdfc895aa22
+ NOTE: kdelibs: https://github.com/KDE/kdelibs/commit/2c3762feddf7e66cf6b64d9058f625a715694a00
CVE-2019-14743 (In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wo ...)
NOT-FOR-US: Valve Steam Client for Windows
CVE-2019-14742
@@ -85844,7 +85844,7 @@ CVE-2019-10732 (In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP e
- kdepim <removed>
[stretch] - kdepim <no-dsa> (Minor issue)
NOTE: https://bugs.kde.org/show_bug.cgi?id=404698
- NOTE: https://cgit.kde.org/messagelib.git/commit/?id=8f9b85b664be0987014c5d2485e706ab5a198e1b (v19.04.2)
+ NOTE: https://github.com/KDE/messagelib/commit/8f9b85b664be0987014c5d2485e706ab5a198e1b (v19.04.2)
CVE-2019-10731
RESERVED
CVE-2019-10730
@@ -95787,7 +95787,7 @@ CVE-2019-7443 (KDE KAuth before 5.55 allows the passing of parameters with arbit
[stretch] - kde4libs <ignored> (Minor issue)
[jessie] - kde4libs <no-dsa> (Minor issue)
NOTE: https://mail.kde.org/pipermail/kde-announce/2019-February/000011.html
- NOTE: https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a
+ NOTE: https://github.com/KDE/kauth/commit/fc70fb0161c1b9144d26389434d34dd135cd3f4a
CVE-2019-7442 (An XML external entity (XXE) vulnerability in the Password Vault Web A ...)
NOT-FOR-US: CyberArk Enterprise Password Vault
CVE-2019-7441 (** DISPUTED ** cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Chec ...)
@@ -115970,7 +115970,7 @@ CVE-2018-19516 (messagepartthemes/default/defaultrenderer.cpp in messagelib in K
- kf5-messagelib 4:18.08.3-2 (bug #915039)
[stretch] - kf5-messagelib <no-dsa> (Minor issue)
NOTE: https://www.kde.org/info/security/advisory-20181128-1.txt
- NOTE: https://cgit.kde.org/messagelib.git/commit/?id=34765909cdf8e55402a8567b48fb288839c61612
+ NOTE: https://github.com/KDE/messagelib/commit/34765909cdf8e55402a8567b48fb288839c61612
CVE-2018-19515 (In Webgalamb through 7.0, system/ajax.php functionality is supposed to ...)
NOT-FOR-US: Webgalamb
CVE-2018-19514 (In Webgalamb through 7.0, an arbitrary code execution vulnerability co ...)
@@ -124288,7 +124288,7 @@ CVE-2018-1000801 (okular version 18.08 and earlier contains a Directory Traversa
{DSA-4303-1 DLA-1516-1}
- okular 4:17.12.2-2.1 (bug #908168)
NOTE: https://bugs.kde.org/show_bug.cgi?id=398096
- NOTE: https://cgit.kde.org/okular.git/commit/?id=8ff7abc14d41906ad978b6bc67e69693863b9d47
+ NOTE: https://github.com/KDE/okular/commit/8ff7abc14d41906ad978b6bc67e69693863b9d47
CVE-2018-1000800 (zephyr-rtos version 1.12.0 contains a NULL base pointer reference vuln ...)
NOT-FOR-US: zephyr-rtos
CVE-2018-1000773 (WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ...)
@@ -150792,8 +150792,8 @@ CVE-2018-6790 (An issue was discovered in KDE Plasma Workspace before 5.12.0. da
- plasma-workspace 4:5.12.0-2
[stretch] - plasma-workspace <ignored> (Minor issue, too intrusive to backport)
NOTE: https://phabricator.kde.org/D10188
- NOTE: https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c
- NOTE: https://cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938
+ NOTE: https://github.com/KDE/plasma-workspace/commit/5bc696b5abcdb460c1017592e80b2d7f6ed3107c
+ NOTE: https://github.com/KDE/plasma-workspace/commit/8164beac15ea34ec0d1564f0557fe3e742bdd938
CVE-2018-6789 (An issue was discovered in the base64d function in the SMTP listener i ...)
{DSA-4110-1 DLA-1274-1}
- exim4 4.90.1-1 (bug #890000)
@@ -174758,7 +174758,7 @@ CVE-2017-15925
CVE-2017-15923 (Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote ...)
{DSA-4033-1 DLA-1174-1}
- konversation 1.7.3-1 (bug #881586)
- NOTE: https://cgit.kde.org/konversation.git/commit/?h=1.7&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0
+ NOTE: https://github.com/KDE/konversation/commit/6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0
CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACT ...)
{DLA-1198-1}
- libextractor 1:1.6-2 (low; bug #880016)
@@ -197234,8 +197234,8 @@ CVE-2017-8422 (KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local user
- kauth 5.28.0-2
- kde4libs 4:4.14.26-2
NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/3
- NOTE: patch for kauth: https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a
- NOTE: patch for kde4libs: https://cgit.kde.org/kdelibs.git/commit/?h=KDE/4.14&id=264e97625abe2e0334f97de17f6ffb52582888ab
+ NOTE: patch for kauth: https://github.com/KDE/kauth/commit/df875f725293af53399f5146362eb158b4f9216a
+ NOTE: patch for kde4libs: https://github.com/KDE/kdelibs/commit/264e97625abe2e0334f97de17f6ffb52582888ab
NOTE: https://www.kde.org/info/security/advisory-20170510-1.txt
CVE-2017-8421 (The function coff_set_alignment_hook in coffcode.h in Binary File Desc ...)
- binutils 2.28-5
@@ -208263,8 +208263,8 @@ CVE-2017-5330 (ark before 16.12.1 might allow remote attackers to execute arbitr
- ark 4:16.08.3-2 (bug #850874)
[jessie] - ark <not-affected> (Vulnerable code introduced later)
[wheezy] - ark <not-affected> (Vulnerable code introduced later)
- NOTE: Fixed by: https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065
- NOTE: "Open File" action introduced in https://cgit.kde.org/ark.git/commit/?id=f1cf10f25af245823f81b8ff457a04c7593dede7 (v15.11.80)
+ NOTE: Fixed by: https://github.com/KDE/ark/commit/82fdfd24d46966a117fa625b68784735a40f9065
+ NOTE: "Open File" action introduced in https://github.com/KDE/ark/commit/f1cf10f25af245823f81b8ff457a04c7593dede7 (v15.11.80)
CVE-2017-5226 (When executing a program via the bubblewrap sandbox, the nonpriv sessi ...)
- bubblewrap 0.1.5-2 (bug #850702)
NOTE: https://github.com/projectatomic/bubblewrap/issues/142
@@ -226983,20 +226983,20 @@ CVE-2016-7969 (The wrap_lines_smart function in ass_render.c in libass before 0.
CVE-2016-7968 (KMail since version 5.3.0 used a QWebEngine based viewer that had Java ...)
- kf5-messagelib <not-affected> (Doesn't use qtwebengine, see bug #853241)
NOTE: https://www.kde.org/info/security/advisory-20161006-3.txt
- NOTE: Would by fixed by: https://cgit.kde.org/messagelib.git/commit/?id=f601f9ffb706f7d3a5893b04f067a1f75da62c99
+ NOTE: Would by fixed by: https://github.com/KDE/messagelib/commit/f601f9ffb706f7d3a5893b04f067a1f75da62c99
NOTE: and building with Qt 5.7.0.
NOTE: Following patches partly sanitize mails but still make it possible to inject code:
- NOTE: https://cgit.kde.org/messagelib.git/commit/?id=3503b75e9c79c3861e182588a0737baf165abd23 (v16.08.2)
- NOTE: https://cgit.kde.org/messagelib.git/commit/?id=a8744798dfdf8e41dd6a378e48662c66302b0019 (v16.08.2)
- NOTE: https://cgit.kde.org/messagelib.git/commit/?id=77976584a4ed2797437a2423704abdd7ece7834a (v16.08.2)
- NOTE: https://cgit.kde.org/messagelib.git/commit/?id=fb1be09360c812d24355076da544030a67b736fc (v16.08.2)
- NOTE: https://cgit.kde.org/messagelib.git/commit/?id=0402c17a8ead92188971cb604d905b3072d56a73 (v16.08.2)
+ NOTE: https://github.com/KDE/messagelib/commit/3503b75e9c79c3861e182588a0737baf165abd23 (v16.08.2)
+ NOTE: https://github.com/KDE/messagelib/commit/a8744798dfdf8e41dd6a378e48662c66302b0019 (v16.08.2)
+ NOTE: https://github.com/KDE/messagelib/commit/77976584a4ed2797437a2423704abdd7ece7834a (v16.08.2)
+ NOTE: https://github.com/KDE/messagelib/commit/fb1be09360c812d24355076da544030a67b736fc (v16.08.2)
+ NOTE: https://github.com/KDE/messagelib/commit/0402c17a8ead92188971cb604d905b3072d56a73 (v16.08.2)
NOTE: The issue is mitigated with the fixes applied for CVE-2016-7966, and a
NOTE: user protected from this CVE by only viewing plain text mails.
CVE-2016-7967 (KMail since version 5.3.0 used a QWebEngine based viewer that had Java ...)
- kf5-messagelib <not-affected> (Doesn't use qtwebengine, see bug #853241)
NOTE: https://www.kde.org/info/security/advisory-20161006-2.txt
- NOTE: Fixed by: https://cgit.kde.org/messagelib.git/commit/?id=dfc6a86f1b25f1da04b8f1df5320fcdd7085bcc1 (16.11.80)
+ NOTE: Fixed by: https://github.com/KDE/messagelib/commit/dfc6a86f1b25f1da04b8f1df5320fcdd7085bcc1 (16.11.80)
NOTE: The issue is mitigated with the fixes applied for CVE-2016-7966, and a
NOTE: user protected from this CVE by only viewing plain text mails.
CVE-2016-7966 (Through a malicious URL that contained a quote character it was possib ...)
@@ -316797,8 +316797,8 @@ CVE-2013-2074 (kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allow
- kde4libs 4:4.10.5-1 (low; bug #707776)
[squeeze] - kde4libs <no-dsa> (Minor issue)
NOTE: https://bugs.kde.org/show_bug.cgi?id=319428
- NOTE: https://cgit.kde.org/kdelibs.git/commit/?h=KDE/4.14&id=65d736dab592bced4410ccfa4699de89f78c96ca
- NOTE: https://cgit.kde.org/kdelibs.git/commit/?h=KDE/4.14&id=898135a59d91184692ed1bcee8bb4c6d80d6f7b9
+ NOTE: https://github.com/KDE/kdelibs/commit/65d736dab592bced4410ccfa4699de89f78c96ca
+ NOTE: https://github.com/KDE/kdelibs/commit/898135a59d91184692ed1bcee8bb4c6d80d6f7b9
CVE-2013-2073 (Transifex command-line client before 0.9 does not validate X.509 certi ...)
- transifex-client 0.9-1 (low)
[wheezy] - transifex-client <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b037783b2c482f97847d48c8432475a696c1fe9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b037783b2c482f97847d48c8432475a696c1fe9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200823/24b8c4cf/attachment.html>
More information about the debian-security-tracker-commits
mailing list