[Git][security-tracker-team/security-tracker][master] 10 commits: CVE-2008-7002/php5: add missing status
Emilio Pozuelo Monfort
pochu at debian.org
Wed Dec 2 08:34:47 GMT 2020
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4bebc882 by Emilio Pozuelo Monfort at 2020-12-02T09:32:37+01:00
CVE-2008-7002/php5: add missing status
- - - - -
e88929b9 by Emilio Pozuelo Monfort at 2020-12-02T09:32:38+01:00
CVE/list: fix whitespace inconsistencies
- - - - -
bf5184f1 by Emilio Pozuelo Monfort at 2020-12-02T09:32:38+01:00
sectracker.parsers: keep the parenthesis in the description
We need them in order to write the file back.
- - - - -
727ff2f4 by Emilio Pozuelo Monfort at 2020-12-02T09:32:38+01:00
sectracker.parsers: better parse annotations
- - - - -
95affae0 by Emilio Pozuelo Monfort at 2020-12-02T09:32:38+01:00
sectracker.parsers: don't wrap and deref the arguments
We are no longer concatenating tuples.
- - - - -
b3b98ca1 by Emilio Pozuelo Monfort at 2020-12-02T09:32:38+01:00
sectracker.parsers: don't sort the xrefs
Take them as they come, as our sorting is different than the one in
the file.
- - - - -
75e3c6a6 by Emilio Pozuelo Monfort at 2020-12-02T09:32:38+01:00
sectracker.parsers: do not uniquify CVE names
We need the original name (basically the year) in order to write it
back later. Besides the function was taking the line number rather
than a hash of the description, so it was buggy anyway.
If something needs the unique name at some point, we can add it in
an additional field.
- - - - -
7f76b53e by Emilio Pozuelo Monfort at 2020-12-02T09:32:38+01:00
sectracker.parsers: include TEMP issues in the CVE regex
In order to support extended CVE files.
- - - - -
f16a2a47 by Emilio Pozuelo Monfort at 2020-12-02T09:32:39+01:00
sectracker.parsers: be explicit when building PackageAnnotations
In some cases we are intentionally passing versions as kinds or
kinds as versions, and making it explicit makes it less confusing.
- - - - -
9b3a13e5 by Emilio Pozuelo Monfort at 2020-12-02T09:32:39+01:00
sectracker.parsers: add function to write the file back
This change and the previous ones based on work by Brian with
additional fixes and adaptations by me.
- - - - -
2 changed files:
- data/CVE/list
- lib/python/sectracker/parsers.py
Changes:
=====================================
data/CVE/list
=====================================
@@ -9719,7 +9719,7 @@ CVE-2020-26568
CVE-2020-26567 (An issue was discovered on D-Link DSR-250N before 3.17B devices. The C ...)
NOT-FOR-US: D-Link
CVE-2020-26566 (A Denial of Service condition in Motion-Project Motion 3.2 through 4.3 ...)
- - motion 4.3.2-1 (bug #972986)
+ - motion 4.3.2-1 (bug #972986)
[buster] - motion <not-affected> (Vulnerable code introduced in 4.2)
[stretch] - motion <not-affected> (Vulnerable code introduced in 4.2)
NOTE: https://github.com/Motion-Project/motion/security/advisories/GHSA-6f7x-grw7-fw24
@@ -37806,9 +37806,9 @@ CVE-2020-13844 (Arm Armv8-A core implementations utilizing speculative execution
NOTE: Hardware issue, mitigations to intrusive to backport (and would require to recompile
NOTE: the entire distro, which is not warranted for the impact)
NOTE: GCC patches:
- NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=a9ba2a9b77bec7eacaf066801f22d1c366a2bc86
- NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=be178ecd5ac1fe1510d960ff95c66d0ff831afe1
- NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=96b7f495f9269d5448822e4fc28882edb35a58d7
+ NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=a9ba2a9b77bec7eacaf066801f22d1c366a2bc86
+ NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=be178ecd5ac1fe1510d960ff95c66d0ff831afe1
+ NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=96b7f495f9269d5448822e4fc28882edb35a58d7
CVE-2020-13843 (An issue was discovered on LG mobile devices with Android OS software ...)
NOT-FOR-US: LG mobile devices
CVE-2020-13842 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
@@ -43492,7 +43492,7 @@ CVE-2020-11889 (An issue was discovered in Joomla! before 3.9.17. Incorrect ACL
CVE-2020-11888 (python-markdown2 through 2.3.8 allows XSS because element names are mi ...)
- python-markdown2 2.3.9-1 (bug #959445)
[buster] - python-markdown2 2.3.7-2+deb10u1
- NOTE: https://github.com/trentm/python-markdown2/issues/348
+ NOTE: https://github.com/trentm/python-markdown2/issues/348
CVE-2020-11887 (svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an ...)
NOT-FOR-US: svg2png
CVE-2020-11886 (OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList. ...)
@@ -44284,7 +44284,7 @@ CVE-2020-11711
CVE-2020-11710 (** DISPUTED ** An issue was discovered in docker-kong (for Kong) throu ...)
NOT-FOR-US: docker-kong
CVE-2020-11709 (cpp-httplib through 0.5.8 does not filter \r\n in parameters passed in ...)
- NOT-FOR-US: cpp-httplip
+ NOT-FOR-US: cpp-httplip
NOTE: https://github.com/yhirose/cpp-httplib/issues/425
CVE-2020-11708 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...)
NOT-FOR-US: ProVide (formerly zFTPServer)
@@ -53167,11 +53167,11 @@ CVE-2020-8423 (A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (f
CVE-2020-8422 (An authorization issue was discovered in the Credential Manager featur ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2020-8421 (An issue was discovered in Joomla! before 3.9.15. Inadequate escaping ...)
- NOT-FOR-US: Joomla!
+ NOT-FOR-US: Joomla!
CVE-2020-8420 (An issue was discovered in Joomla! before 3.9.15. A missing CSRF token ...)
- NOT-FOR-US: Joomla!
+ NOT-FOR-US: Joomla!
CVE-2020-8419 (An issue was discovered in Joomla! before 3.9.15. Missing token checks ...)
- NOT-FOR-US: Joomla!
+ NOT-FOR-US: Joomla!
CVE-2020-8418
RESERVED
CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...)
@@ -54525,7 +54525,7 @@ CVE-2020-7909 (In JetBrains TeamCity before 2019.1.5, some server-stored passwor
CVE-2020-7908 (In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible ...)
NOT-FOR-US: JetBrains
CVE-2020-7907 (In the JetBrains Scala plugin before 2019.2.1, some artefact dependenc ...)
- NOT-FOR-US: JetBrains Scala plugin
+ NOT-FOR-US: JetBrains Scala plugin
CVE-2020-7906 (In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there wer ...)
NOT-FOR-US: JetBrains
CVE-2020-7905 (Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were expose ...)
@@ -54918,7 +54918,7 @@ CVE-2020-7749 (This affects all versions of package osm-static-maps. User input
CVE-2020-7748 (This affects the package @tsed/core before 5.65.7. This vulnerability ...)
NOT-FOR-US: Ts.ED
CVE-2020-7747 (This affects all versions of package lightning-server. It is possible ...)
- NOT-FOR-US: lightning-server nodejs module
+ NOT-FOR-US: lightning-server nodejs module
CVE-2020-7746 (This affects the package chart.js before 2.9.4. The options parameter ...)
- node-chart.js 2.9.4+dfsg+~cs2.10.1-1
[buster] - node-chart.js <ignored> (Minor issue; intrusive to backport)
@@ -55505,7 +55505,7 @@ CVE-2020-7484 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the
CVE-2020-7483 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause ce ...)
NOT-FOR-US: Schneider Electric
CVE-2020-7482 (A CWE-79:Improper Neutralization of Input During Web Page Generation ( ...)
- NOT-FOR-US: Andover Continuum
+ NOT-FOR-US: Andover Continuum
CVE-2020-7481 (A CWE-79:Improper Neutralization of Input During Web Page Generation ( ...)
NOT-FOR-US: Andover Continuum
CVE-2020-7480 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...)
@@ -70923,7 +70923,7 @@ CVE-2019-19465
CVE-2019-19464 (The CBC Gem application before 9.24.1 for Android and before 9.26.0 fo ...)
NOT-FOR-US: CBC Gem application for Android
CVE-2019-19463 (The Anhui Huami Mi Fit application before 4.0.11 for Android has an Un ...)
- NOT-FOR-US: Anhui Huami Mi Fit application for Android
+ NOT-FOR-US: Anhui Huami Mi Fit application for Android
CVE-2019-19462 (relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows ...)
{DSA-4699-1 DSA-4698-1 DLA-2242-1}
- linux 5.6.14-2
@@ -77209,7 +77209,7 @@ CVE-2020-0434 (In Pixel's use of the Catpipe library, there is possible memory c
CVE-2020-0433 (In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use ...)
- linux 4.19.9-1
[stretch] - linux 4.9.228-1
- NOTE: https://source.android.com/security/bulletin/pixel/2020-09-01
+ NOTE: https://source.android.com/security/bulletin/pixel/2020-09-01
NOTE: https://git.kernel.org/linus/f5bbbbe4d63577026f908a809f22f5fd5a90ea1f
NOTE: https://git.kernel.org/linus/530ca2c9bd6949c72c9b5cfc330cb3dbccaa3f5b
CVE-2020-0432 (In skb_to_mamac of networking.c, there is a possible out of bounds wri ...)
@@ -99609,7 +99609,7 @@ CVE-2019-11281 (Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PC
NOTE: fix for vhost limit feature: https://github.com/rabbitmq/rabbitmq-management/commit/42def1b51243397c1cb9192d6d064351e358bacc
NOTE: which was only introduced in 3.7.0-beta.19
NOTE: federation management plugin: exploitable only by a remote authenticated malicious user
- NOTE: with administrative access
+ NOTE: with administrative access
CVE-2019-11280 (Pivotal Apps Manager, included in Pivotal Application Service versions ...)
NOT-FOR-US: Pivotal
CVE-2019-11279 (CF UAA versions prior to 74.1.0 can request scopes for a client that s ...)
@@ -126223,7 +126223,7 @@ CVE-2018-20023 (LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains
- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
- italc <removed>
[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
- - veyon 4.1.4+repack1-1
+ - veyon 4.1.4+repack1-1
NOTE: https://github.com/LibVNC/libvncserver/issues/253
NOTE: https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/
@@ -183361,7 +183361,7 @@ CVE-2018-1049 (In systemd prior to 234 a race condition exists between .mount an
{DLA-1580-1}
- systemd 234-1
[stretch] - systemd 232-25+deb9u10
- [wheezy] - systemd <postponed> (Minor issue, can be fixed along in next DLA)
+ [wheezy] - systemd <postponed> (Minor issue, can be fixed along in next DLA)
NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649
NOTE: https://github.com/systemd/systemd/pull/5916
NOTE: https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318
@@ -202703,8 +202703,8 @@ CVE-2017-11692 (The function "Token& Scanner::peek" in scanner.cpp in yaml-c
[jessie] - yaml-cpp <no-dsa> (Minor issue)
[wheezy] - yaml-cpp <no-dsa> (Minor issue)
- yaml-cpp0.3 <removed> (bug #870327)
- [stretch] - yaml-cpp0.3 <no-dsa> (Minor issue)
- [jessie] - yaml-cpp0.3 <no-dsa> (Minor issue)
+ [stretch] - yaml-cpp0.3 <no-dsa> (Minor issue)
+ [jessie] - yaml-cpp0.3 <no-dsa> (Minor issue)
NOTE: https://github.com/jbeder/yaml-cpp/issues/519
NOTE: https://github.com/jbeder/yaml-cpp/commit/c9460110e072df84b7dee3eb651f2ec5df75fb18
CVE-2016-10402 (Avira Antivirus engine versions before 8.3.36.60 allow remote code exe ...)
@@ -255716,7 +255716,7 @@ CVE-2016-3863 (Multiple stack-based buffer overflows in the AVCC reassembly impl
CVE-2016-3862 (media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5 ...)
NOT-FOR-US: libstagefright
CVE-2016-3861 (LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before ...)
- - android-platform-system-core 1:7.0.0+r1-4 (unimportant; bug #858177)
+ - android-platform-system-core 1:7.0.0+r1-4 (unimportant; bug #858177)
NOTE: Not running as a privileged process in SDK
CVE-2016-3860 (sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver ...)
NOT-FOR-US: Qualcomm driver for Android
@@ -271503,8 +271503,8 @@ CVE-2015-7497 (Heap-based buffer overflow in the xmlDictComputeFastQKey function
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756528 (upstream bug not yet open)
CVE-2015-7496 (GNOME Display Manager (gdm) before 3.18.2 allows physically proximate ...)
- gdm3 3.18.2-1
- [jessie] - gdm3 <not-affected> (Vulnerable code not present, unreproducible)
- [wheezy] - gdm3 <not-affected> (Vulnerable code not present, unreproducible)
+ [jessie] - gdm3 <not-affected> (Vulnerable code not present, unreproducible)
+ [wheezy] - gdm3 <not-affected> (Vulnerable code not present, unreproducible)
[squeeze] - gdm3 <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758032
NOTE: https://git.gnome.org/browse/gdm/commit/?id=5ac2246
@@ -290009,7 +290009,7 @@ CVE-2014-9650 (CRLF injection vulnerability in the management plugin in RabbitMQ
CVE-2015-1396 (A Directory Traversal vulnerability exists in the GNU patch before 2.7 ...)
- patch 2.7.3-1 (bug #775901)
[wheezy] - patch <not-affected> (Not affected by CVE-2015-1196 and no incomplete fix applied)
- [squeeze] - patch <not-affected> (Not affected by CVE-2015-1196 and no incomplete fix applied)
+ [squeeze] - patch <not-affected> (Not affected by CVE-2015-1196 and no incomplete fix applied)
NOTE: https://www.openwall.com/lists/oss-security/2015/01/24/3
CVE-2015-1353
REJECTED
@@ -293431,7 +293431,7 @@ CVE-2014-9322 (arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does
- linux 3.16.7-ckt2-1
[wheezy] - linux 3.2.63-2+deb7u2
- linux-2.6 <removed>
- [squeeze] - linux-2.6 2.6.32-48squeeze9
+ [squeeze] - linux-2.6 2.6.32-48squeeze9
CVE-2014-9321
RESERVED
CVE-2014-9320
@@ -304187,7 +304187,7 @@ CVE-2014-5340 (The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.
NOTE: introduces incompatible changes to older versions, see https://bugzilla.redhat.com/show_bug.cgi?id=1132337#c2
CVE-2014-5339 (Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authent ...)
- check-mk 1.2.6p4-1 (bug #758883)
- [wheezy] - check-mk <not-affected> (Vulnerable code not present)
+ [wheezy] - check-mk <not-affected> (Vulnerable code not present)
NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7998aa4d53d2fef7302c0761b9c8f47e2f626e18
CVE-2014-5338 (Multiple cross-site scripting (XSS) vulnerabilities in the multisite c ...)
- check-mk 1.2.6p4-1 (bug #758883)
@@ -313276,7 +313276,7 @@ CVE-2013-7324 (Webkit-GTK 2.x (any version with HTML5 audio/video support based
NOT-FOR-US: Historic webkit issue
CVE-2012-6638 (The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linu ...)
- linux 3.2.29-1
- - linux-2.6 <removed>
+ - linux-2.6 <removed>
[squeeze] - linux-2.6 2.6.32-47
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf5af0daf8019cec2396cdef8fb042d80fe71fa
CVE-2014-2039 (arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s39 ...)
@@ -331960,7 +331960,7 @@ CVE-2013-2112 (The svnserve server in Subversion before 1.6.23 and 1.7.x before
CVE-2013-2111 (The IMAP functionality in Dovecot before 2.2.2 allows remote attackers ...)
- dovecot <not-affected> (vulnerable code appeared in 2.2)
[squeeze] - dovecot <not-affected> (vulnerable code appeared in 2.2)
- [wheezy] - dovecot <not-affected> (vulnerable code appeared in 2.2)
+ [wheezy] - dovecot <not-affected> (vulnerable code appeared in 2.2)
CVE-2013-2110 (Heap-based buffer overflow in the php_quot_print_encode function in ex ...)
- php5 5.5.0~rc3+dfsg-1
[wheezy] - php5 <not-affected> (Vulnerable code not present)
@@ -340980,7 +340980,7 @@ CVE-2012-5373 (Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes
[jessie] - openjdk-7 <ignored> (Minor issue, no icedtea fix, too complex to backport)
[wheezy] - openjdk-7 <no-dsa> (Minor issue, no icedtea fix, too complex to backport)
CVE-2012-5372 (Rubinius computes hash values without properly restricting the ability ...)
- - rubinius <itp> (bug #591817)
+ - rubinius <itp> (bug #591817)
CVE-2012-5371 (Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes ...)
{DLA-263-1}
- ruby1.8 <not-affected> (Only affects 1.9.x)
@@ -349627,7 +349627,7 @@ CVE-2012-2143 (The crypt_des (aka DES-based crypt) function in FreeBSD before 9.
NOTE: Uses the unaffected system libraries since 5.3.3
CVE-2012-2142 (The error function in Error.cc in poppler before 0.21.4 allows remote ...)
- xpdf <not-affected> (uses poppler's Error.cc)
- - poppler 0.18.4-7 (unimportant; bug #487773)
+ - poppler 0.18.4-7 (unimportant; bug #487773)
NOTE: poppler upstream patch http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40
CVE-2012-2141 (Array index error in the handle_nsExtendOutput2Table function in agent ...)
- net-snmp 5.4.3~dfsg-2.5 (low; bug #672492)
@@ -351933,7 +351933,7 @@ CVE-2012-1168 (Moodle before 2.2.2 has a password and web services issue where w
CVE-2012-1167 (The JBoss Server in JBoss Enterprise Application Platform 5.1.x before ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-1166 (The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x be ...)
- - ldm 2:2.2.7-1 (bug #663645)
+ - ldm 2:2.2.7-1 (bug #663645)
[squeeze] - ldm <not-affected> (Introduced in 2.2)
NOTE: https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/953340
CVE-2012-1165 (The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL befor ...)
@@ -356432,7 +356432,7 @@ CVE-2010-5051 (Cross-site scripting (XSS) vulnerability in admin/core/admin_func
CVE-2010-5050 (Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_sha ...)
NOT-FOR-US: ManageEngine ADManager Plus
CVE-2010-5049 (SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier ...)
- - zabbix 1:1.8.2-1
+ - zabbix 1:1.8.2-1
CVE-2010-5048 (Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the ...)
NOT-FOR-US: Joomla extension
CVE-2010-5047 (SQL injection vulnerability in page.php in V-EVA Press Release Script ...)
@@ -356863,7 +356863,7 @@ CVE-2011-4345 (Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21,
- namazu2 2.0.21-1 (low)
[squeeze] - namazu2 <no-dsa> (Minor issue)
CVE-2011-4344 (Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins be ...)
- - jenkins-winstone 0.9.10-jenkins-29+dfsg-1 (bug #649900)
+ - jenkins-winstone 0.9.10-jenkins-29+dfsg-1 (bug #649900)
CVE-2011-4343 (Information disclosure vulnerability in Apache MyFaces Core 2.0.1 thro ...)
NOT-FOR-US: Apache MyFaces
CVE-2011-4342 (PHP remote file inclusion vulnerability in wp_xml_export.php in the Ba ...)
@@ -374693,9 +374693,9 @@ CVE-2010-2897 (Google Chrome before 5.0.375.125 does not properly mitigate an un
CVE-2010-2896 (IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before ...)
NOT-FOR-US: IBM FileNet Content Manager
CVE-2010-XXXX [flaw that allows unsigned code to access any file on the machine (accessible to the user) and write to it.]
- - openjdk-6 6b18-1.8.1-1
+ - openjdk-6 6b18-1.8.1-1
CVE-2010-XXXX [flaw in NetX that allows arbitrary unsigned apps to set any java property]
- - openjdk-6 6b18-1.8.1-1
+ - openjdk-6 6b18-1.8.1-1
CVE-2010-2895
RESERVED
CVE-2010-2894
@@ -382631,7 +382631,7 @@ CVE-2010-0207 (In xpdf, the xref table contains an infinite loop which allows re
NOTE: Just a crasher, not treated as a security issue
CVE-2010-0206 (xpdf allows remote attackers to cause a denial of service (NULL pointe ...)
- kdegraphics 4:4.0.0-1 (unimportant)
- - xpdf <unfixed> (unimportant)
+ - xpdf <unfixed> (unimportant)
- poppler 0.16.3-1 (unimportant)
[squeeze] - poppler 0.12.4-1.2+squeeze1
NOTE: Just a crasher, not treated as a security issue
@@ -384656,12 +384656,12 @@ CVE-2009-4024 (Argument injection vulnerability in the ping function in Ping.php
CVE-2009-4111 (Argument injection vulnerability in Mail/sendmail.php in the Mail pack ...)
{DSA-1938-1}
- php-mail 1.1.14-2 (medium; bug #557121)
- [lenny] - php-mail 1.1.14-1+lenny1
+ [lenny] - php-mail 1.1.14-1+lenny1
[etch] - php-mail 1.1.6-2+etch1
CVE-2009-4023 (Argument injection vulnerability in the sendmail implementation of the ...)
{DSA-1938-1}
- php-mail 1.1.14-2 (medium; bug #557121)
- [lenny] - php-mail 1.1.14-1+lenny1
+ [lenny] - php-mail 1.1.14-1+lenny1
[etch] - php-mail 1.1.6-2+etch1
CVE-2009-4022 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ...)
{DSA-1961-1}
@@ -386223,7 +386223,7 @@ CVE-2009-3547 (Multiple race conditions in fs/pipe.c in the Linux kernel before
- linux-2.6.24 <removed> (high)
CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5. ...)
{DSA-1936-1}
- - libwmf <unfixed> (unimportant)
+ - libwmf <unfixed> (unimportant)
- racket 5.0.2-1 (unimportant; bug #601525)
NOTE: Only present in one of the sample pl-scheme packages (plot)
- libgd2 2.0.36~rc1~dfsg-3.1 (medium; bug #552534)
@@ -386832,7 +386832,7 @@ CVE-2009-3305 (Polipo 1.0.4, and possibly other versions, allows remote attacker
[lenny] - polipo <no-dsa> (Minor issue)
CVE-2009-3304 (GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbi ...)
{DSA-1945-1}
- - gforge 4.8.2-1
+ - gforge 4.8.2-1
CVE-2009-3303 (Cross-site scripting (XSS) vulnerability in www/help/tracker.php in GF ...)
{DSA-1937-1}
- gforge 4.8.1-3 (low)
@@ -388762,7 +388762,7 @@ CVE-2009-2779 (SQL injection vulnerability in index.php in AJ Matrix DNA allows
CVE-2008-7003 (Multiple SQL injection vulnerabilities in login.php in The Rat CMS Alp ...)
NOT-FOR-US: The Rat CMS
CVE-2008-7002 (PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...)
- - php5 (unimportant)
+ - php5 <undetermined> (unimportant)
NOTE: safe-mode and basedir violations not treated as security issues
CVE-2008-7001 (Unrestricted file upload vulnerability in the file manager in Creative ...)
NOT-FOR-US: Creative Mind Creator CMS
@@ -395407,7 +395407,7 @@ CVE-2009-0800 (Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.
[lenny] - poppler 0.8.7-2
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- - kdegraphics 4:4.0 (medium; bug #524810)
+ - kdegraphics 4:4.0 (medium; bug #524810)
- swftools 0.9.2+ds1-2
CVE-2009-0799 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
{DSA-1793-1 DSA-1790-1}
@@ -396253,9 +396253,9 @@ CVE-2009-XXXX [sysvinit: no-root option in expert installer exposes locally expl
NOTE: hardly a security issue, if an attacker has local access to the machine and you
NOTE: don't use encryption or something similar you have lost anyway
NOTE: - this ^ philosophy is flawed; it should not be trivial to get root just because you
- NOTE: have local access to the machine. it is worth it to make it as difficult as
- NOTE: possible without impacting authorized users. otherwise, why spend so much effort
- NOTE: to make sure xscreensaver, gdm, and login are rock solid?
+ NOTE: have local access to the machine. it is worth it to make it as difficult as
+ NOTE: possible without impacting authorized users. otherwise, why spend so much effort
+ NOTE: to make sure xscreensaver, gdm, and login are rock solid?
NOTE: - i would like to track as low, rather than unimportant
CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 ...)
{DSA-1739-1}
@@ -399426,7 +399426,7 @@ CVE-2008-5514 (Off-by-one error in the rfc822_output_char function in the RFC822
[etch] - uw-imap <not-affected> (Vulnerable code not present)
- alpine 2.02-3.1 (low)
[lenny] - alpine <no-dsa> (Minor issue)
- [squeeze] - alpine 2.00+dfsg-6+squeeze1
+ [squeeze] - alpine 2.00+dfsg-6+squeeze1
CVE-2008-5513 (Unspecified vulnerability in the session-restore feature in Mozilla Fi ...)
{DSA-1707-1}
- iceweasel 3.0.5-1
@@ -406480,7 +406480,7 @@ CVE-2008-2686 (webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier all
NOT-FOR-US: Flux CMS
CVE-2008-XXXX [insecure tempfile in wdiff]
- wdiff 0.5-18 (low; bug #425254)
- [etch] - wdiff <no-dsa> (Minor issue)
+ [etch] - wdiff <no-dsa> (Minor issue)
CVE-2008-2719 (Off-by-one error in the ppscan function (preproc.c) in Netwide Assembl ...)
- nasm 2.03.01-1 (low; bug #486715)
[etch] - nasm <not-affected> (vulnerable code not present)
@@ -418222,7 +418222,7 @@ CVE-2007-4893 (wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpr
CVE-2007-4892 (Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8 ...)
NOT-FOR-US: Plesk (Windows)
CVE-2007-XXXX [libgd2: gdImageColorTransparent can write outside buffer]
- - libwmf <unfixed> (unimportant)
+ - libwmf <unfixed> (unimportant)
- racket 5.0.2-1 (unimportant; bug #601525)
NOTE: Only present in one of the sample pl-scheme packages (plot)
- libgd2 2.0.35.dfsg-3
@@ -421641,7 +421641,7 @@ CVE-2007-3478 (Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c
CVE-2007-3477 (The (a) imagearc and (b) imagefilledarc functions in GD Graphics Libra ...)
{DSA-1613-1}
- libgd2 2.0.35.dfsg-1 (low)
- - libwmf <unfixed> (unimportant)
+ - libwmf <unfixed> (unimportant)
- racket 5.0.2-1 (unimportant; bug #601525)
NOTE: Only present in one of the sample pl-scheme packages (plot)
NOTE: CPU consumption DoS
=====================================
lib/python/sectracker/parsers.py
=====================================
@@ -1,5 +1,7 @@
# sectracker.parsers -- various text file parsers
# Copyright (C) 2010 Florian Weimer <fw at deneb.enyo.de>
+# Copyright (C) 2019 Brian May <bam at debian.org>
+# Copyright (C) 2020 Emilio Pozuelo Monfort <pochu at debian.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -81,26 +83,27 @@ StringAnnotation = _namedtuple("StringAnnotation",
XrefAnnotation = _namedtuple("XrefAnnotation", "line type bugs")
PackageAnnotation = _namedtuple(
"PackageAnnotation",
- "line type release package kind version description "
- + "urgency debian_bugs bug_filed")
+ "line type release package kind version description flags")
+PackageBugAnnotation = _namedtuple("PackageBugAnnotation", "bug")
+PackageUrgencyAnnotation = _namedtuple("PackageUrgencyAnnotation", "severity")
def _annotationdispatcher():
# Parser for inner annotations, like (bug #1345; low)
urgencies=set("unimportant low medium high".split())
@_regexpcase.rule('(bug filed|%s)' % '|'.join(urgencies))
- def innerflag(groups, diag, flags, bugs):
+ def innerflag(groups, diag, flags):
f = groups[0]
- if f in flags:
- diag.error("duplicate flag: " + repr(f))
+ if PackageUrgencyAnnotation(f) in flags:
+ diag.error("duplicate urgency: " + repr(f))
else:
- flags.add(f)
+ flags.append(PackageUrgencyAnnotation(f))
@_regexpcase.rule(r'bug #(\d+)')
- def innerbug(groups, diag, flags, bugs):
+ def innerbug(groups, diag, flags):
no = int(groups[0])
- if no in bugs:
+ if PackageBugAnnotation(no) in flags:
diag.error("duplicate bug number: " + groups[0])
else:
- bugs.add(no)
+ flags.append(PackageBugAnnotation(no))
def innerdefault(text, diag, flags, bugs):
diag.error("invalid inner annotation: " + repr(text))
innerdispatch = _regexpcase.RegexpCase((innerflag, innerbug),
@@ -108,27 +111,16 @@ def _annotationdispatcher():
def parseinner(diag, inner):
if not inner:
- return (None, (), False)
- flags = set()
- bugs = set()
+ return []
+ flags = []
for innerann in inner.split(";"):
- innerdispatch(innerann.strip(), diag, flags, bugs)
+ innerdispatch(innerann.strip(), diag, flags)
- urgency = urgencies.intersection(flags)
- if urgency:
- if len(urgency) > 1:
- diag.error("multiple urgencies: " + ", ".join(urgency))
- else:
- urgency = urgency.pop()
- else:
- urgency = None
-
- bug_filed = "bug filed" in flags
- if bugs and bug_filed:
- diag.error("'bug filed' and bug numbers listed")
- bug_filed = False
+ urgencies = [f for f in flags if isinstance(f, PackageUrgencyAnnotation)]
+ if len(urgencies) > 1:
+ diag.error("multiple urgencies: " + ", ".join(urgency))
- return (urgency, _sortedtuple(bugs), bug_filed)
+ return flags
# Parsers for indented annotations (NOT-FOR-US:, " - foo <unfixed>" etc.)
@@ -136,14 +128,21 @@ def _annotationdispatcher():
+ r'(?:\s([A-Za-z0-9:.+~-]+)\s*)?(?:\s\((.*)\))?')
def package_version(groups, diag):
release, package, version, inner = groups
- inner = parseinner(diag, inner)
+ flags = parseinner(diag, inner)
if version is None:
kind = "unfixed"
else:
kind = "fixed"
return PackageAnnotation(
- *((diag.line(), "package", release, package, kind,
- version, None) + inner))
+ line=diag.line(),
+ type="package",
+ release=release,
+ package=package,
+ kind=kind,
+ version=version,
+ description=None,
+ flags=flags,
+ )
pseudo_freetext = "no-dsa not-affected end-of-life ignored postponed".split()
pseudo_struct = set("unfixed removed itp undetermined".split())
@@ -153,22 +152,36 @@ def _annotationdispatcher():
release, package, version, inner = groups
if version in pseudo_freetext:
return PackageAnnotation(
- diag.line(), "package", release, package, version,
- None, inner, None, (), False)
+ line=diag.line(),
+ type="package",
+ release=release,
+ package=package,
+ kind=version,
+ version=None,
+ description=inner,
+ flags=[],
+ )
elif version in pseudo_struct:
- inner = parseinner(diag, inner)
+ flags = parseinner(diag, inner)
if version == "itp" and not inner[1]:
diag.error("<itp> needs Debian bug reference")
return PackageAnnotation(
- *((diag.line(), "package", release, package, version,
- None, None) + inner))
+ line=diag.line(),
+ type="package",
+ release=release,
+ package=package,
+ kind=version,
+ version=None,
+ description=None,
+ flags=flags,
+ )
else:
diag.error("invalid pseudo-version: " + repr(version))
return None
@_regexpcase.rule(r'\{(.*)\}')
def xref(groups, diag):
- x = _sortedtuple(groups[0].strip().split())
+ x = tuple(groups[0].strip().split())
if x:
return XrefAnnotation(diag.line(), "xref", x)
else:
@@ -246,7 +259,7 @@ def _parselist(path, f, parseheader, finish):
@_xpickle.loader("CVE" + FORMAT)
def cvelist(path, f):
- re_header = re.compile(r'^(CVE-\d{4}-(?:\d{4,}|XXXX))\s+(.*?)\s*$')
+ re_header = re.compile(r'^((?:CVE-\d{4}-(?:\d{4,}|XXXX)|TEMP-\d+-\S+))\s+(.*?)\s*$')
def parseheader(line):
match = re_header.match(line)
if match is None:
@@ -256,30 +269,73 @@ def cvelist(path, f):
if desc[0] == '(':
if desc[-1] != ')':
diag.error("error", "missing ')'")
- else:
- desc = desc[1:-1]
elif desc[0] == '[':
if desc[-1] != ']':
diag.error("missing ']'")
- else:
- desc = desc[1:-1]
return (name, desc)
- def cveuniquename(line, anns):
- bug = 0
- for ann in anns:
- if ann.type == "package" and ann.debian_bugs:
- bug = ann.debian_bugs[0]
- break
- return "TEMP-%07d-%06d" % (bug, line)
def finish(header, headerlineno, anns, diag):
name, desc = header
- if name[-1] == "X":
- name1 = cveuniquename(headerlineno, anns)
- else:
- name1 = name
- return Bug(path, Header(headerlineno, name1, desc), tuple(anns))
+ return Bug(path, Header(headerlineno, name, desc), tuple(anns))
return _parselist(path, f, parseheader, finish)
+def writecvelist(data, f):
+ for bug in data:
+ if isinstance(bug, Bug):
+ f.write(bug.header.name)
+ if bug.header.description:
+ f.write(" ")
+ f.write(bug.header.description)
+ f.write("\n")
+ for annotation in bug.annotations:
+ if isinstance(annotation, FlagAnnotation):
+ f.write("\t")
+ f.write(annotation.type)
+ f.write("\n")
+ elif isinstance(annotation, StringAnnotation):
+ f.write("\t")
+ f.write(annotation.type)
+ f.write(": ")
+ f.write(annotation.description)
+ f.write("\n")
+ elif isinstance(annotation, PackageAnnotation):
+ f.write("\t")
+ if annotation.release:
+ f.write("[")
+ f.write(str(annotation.release))
+ f.write("] ")
+ f.write("- ")
+ f.write(annotation.package + " ")
+ if annotation.version:
+ f.write(annotation.version)
+ elif annotation.kind:
+ f.write("<")
+ f.write(annotation.kind)
+ f.write(">")
+ items = []
+ for flag in annotation.flags:
+ if isinstance(flag, PackageBugAnnotation):
+ items.append("bug #%s" % flag.bug)
+ elif isinstance(flag, PackageUrgencyAnnotation):
+ items.append(flag.severity)
+ else:
+ raise RuntimeError("Got unexpected package flag type %s" % type(flag))
+ if annotation.description:
+ items.append(str(annotation.description))
+ if items:
+ f.write(" (")
+ f.write("; ".join(items))
+ f.write(")")
+ f.write("\n")
+ elif isinstance(annotation, XrefAnnotation):
+ if annotation.bugs:
+ f.write("\t{")
+ f.write(" ".join(annotation.bugs))
+ f.write("}\n")
+ else:
+ raise RuntimeError("Got unexpected annotation type %s" % type(annotation))
+ else:
+ raise RuntimeError("Got unexpected bug type %s" % type(bug))
+
def _checkrelease(anns, diag, kind):
for ann in anns:
if ann.type == "package" and ann.release is None:
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7285aed331e86f5ab54ca34d83d40dac1946913e...9b3a13e5d48024e62352b25d882708c3505e02f9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7285aed331e86f5ab54ca34d83d40dac1946913e...9b3a13e5d48024e62352b25d882708c3505e02f9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201202/6f54c6ff/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list