[Git][security-tracker-team/security-tracker][master] Use HTTPs for repo.or.cz git repository references

Salvatore Bonaccorso carnil at debian.org
Tue Aug 25 22:30:12 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8dd0420e by Salvatore Bonaccorso at 2020-08-25T23:29:30+02:00
Use HTTPs for repo.or.cz git repository references

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -128024,7 +128024,7 @@ CVE-2013-7464 (In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not
 	- zoneminder <not-affected> (Vulnerable code never in a embedded copy version for zoneminder)
 	- cacti <not-affected> (Vulnerable code never in any release inclusing embedded copy, i.e. pre 1.0.4)
 	NOTE: Issue is in embedded csrf-magic
-	NOTE: http://repo.or.cz/csrf-magic.git/commit/9d2537f70d58b16aeba89779aaf1573b8d618e11 (v1.0.4)
+	NOTE: https://repo.or.cz/csrf-magic.git/commit/9d2537f70d58b16aeba89779aaf1573b8d618e11 (v1.0.4)
 CVE-2018-15129 (ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&amp ...)
 	NOT-FOR-US: ThinkSAAS
 CVE-2018-15128 (An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, H ...)
@@ -144947,7 +144947,7 @@ CVE-2018-8881 (Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-
 	[jessie] - nasm <no-dsa> (Minor issue)
 	[wheezy] - nasm <ignored> (Minor issue)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392446
-	NOTE: http://repo.or.cz/nasm.git/commit/3144e84add8b152cc7a71e44617ce6f21daa4ba3 (nasm-2.13.02rc3)
+	NOTE: https://repo.or.cz/nasm.git/commit/3144e84add8b152cc7a71e44617ce6f21daa4ba3 (nasm-2.13.02rc3)
 CVE-2018-8880 (Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check ...)
 	NOT-FOR-US: Lutron Quantum BACnet Integration
 CVE-2018-8879 (Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS device ...)
@@ -160735,7 +160735,7 @@ CVE-2017-17819 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address
 	[jessie] - nasm <no-dsa> (Minor issue)
 	[wheezy] - nasm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392435
-	NOTE: http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af (nasm-2.13.02rc3)
+	NOTE: https://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af (nasm-2.13.02rc3)
 CVE-2017-17818 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over ...)
 	- nasm 2.13.02-0.1
 	[stretch] - nasm <no-dsa> (Minor issue)
@@ -160759,7 +160759,7 @@ CVE-2017-17815 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address
 	[stretch] - nasm <no-dsa> (Minor issue)
 	[jessie] - nasm <no-dsa> (Minor issue)
 	[wheezy] - nasm <no-dsa> (Minor issue)
-	NOTE: http://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3 (nasm-2.13.02rc3)
+	NOTE: https://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3 (nasm-2.13.02rc3)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392436
 CVE-2017-17814 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_d ...)
 	- nasm 2.13.02-0.1
@@ -160778,7 +160778,7 @@ CVE-2017-17812 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffe
 	[stretch] - nasm <no-dsa> (Minor issue)
 	[jessie] - nasm <no-dsa> (Minor issue)
 	[wheezy] - nasm <no-dsa> (Minor issue)
-	NOTE: http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9 (nasm-2.13.02rc3)
+	NOTE: https://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9 (nasm-2.13.02rc3)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392424
 CVE-2017-17811 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over ...)
 	- nasm 2.13.02-0.1
@@ -160791,7 +160791,7 @@ CVE-2017-17810 (In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown
 	[stretch] - nasm <no-dsa> (Minor issue)
 	[jessie] - nasm <no-dsa> (Minor issue)
 	[wheezy] - nasm <no-dsa> (Minor issue)
-	NOTE: http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4 (nasm-2.13.02rc3)
+	NOTE: https://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4 (nasm-2.13.02rc3)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392431
 CVE-2017-17809 (In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservic ...)
 	NOT-FOR-US: Golden Frog VyprVPN
@@ -232497,7 +232497,7 @@ CVE-2016-6264 (Integer signedness error in libc/string/arm/memset.S in uClibc an
 	- uclibc-ng <itp> (bug #811275)
 	- uclibc <unfixed> (unimportant)
 	NOTE: Just for cross-compiling, not used for actual packages
-	NOTE: http://repo.or.cz/uclibc-ng.git/commit/e3848e3dd64a8d6437531488fe341354bc02eaed
+	NOTE: https://repo.or.cz/uclibc-ng.git/commit/e3848e3dd64a8d6437531488fe341354bc02eaed
 	NOTE: http://mailman.uclibc-ng.org/pipermail/devel/2016-July/001067.html
 	NOTE: Fixed in 1.0.16 of uClibc-ng
 CVE-2016-6263 (The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn be ...)
@@ -245526,13 +245526,13 @@ CVE-2016-2224 (The __decode_dotted function in libc/inet/resolv.c in uClibc-ng b
 	{DLA-561-1}
 	- uclibc <unfixed> (unimportant)
 	NOTE: Just for cross-compiling, not used for actual packages
-	NOTE: http://repo.or.cz/uclibc-ng.git/commit/d9c3a16dcab57d6b56225b9a67e9119cc9e2e4ac
+	NOTE: https://repo.or.cz/uclibc-ng.git/commit/d9c3a16dcab57d6b56225b9a67e9119cc9e2e4ac
 	NOTE: https://www.openwall.com/lists/oss-security/2016/02/05/2
 CVE-2016-2225 (The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng bef ...)
 	{DLA-561-1}
 	- uclibc <unfixed> (unimportant)
 	NOTE: Just for cross-compiling, not used for actual packages
-	NOTE: http://repo.or.cz/uclibc-ng.git/commit/6932f2282ba0578d6ca2f21eead920d6b78bc93c
+	NOTE: https://repo.or.cz/uclibc-ng.git/commit/6932f2282ba0578d6ca2f21eead920d6b78bc93c
 	NOTE: https://www.openwall.com/lists/oss-security/2016/02/05/2
 CVE-2016-2216 (The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6  ...)
 	- nodejs 4.3.0~dfsg-1 (unimportant)
@@ -348320,7 +348320,7 @@ CVE-2011-2194 (Integer overflow in the XSPF playlist parser in VideoLAN VLC medi
 	{DSA-2257-1}
 	- vlc 1.1.10-1
 	[lenny] - vlc <not-affected> (Vulnerable code not present)
-	NOTE: http://repo.or.cz/w/vlc.git/commitdiff/cd929923ff49175a501bb3e9553a683bc42ff61c
+	NOTE: https://repo.or.cz/w/vlc.git/commitdiff/cd929923ff49175a501bb3e9553a683bc42ff61c
 CVE-2011-2190 (The generate_admin_password function in Cherokee before 1.2.99 uses ti ...)
 	- cherokee 1.0.14-1 (low; bug #647205)
 	[squeeze] - cherokee 1.0.8-5+squeeze1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dd0420e8f4abe4c7e59439a0978bd93c6d40567

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dd0420e8f4abe4c7e59439a0978bd93c6d40567
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200825/76aa7332/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list