[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff
jmm at debian.org
Wed Dec 9 20:38:41 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bb4a2f1f by Moritz Muehlenhoff at 2020-12-09T21:38:32+01:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -34769,11 +34769,12 @@ CVE-2020-15396 (In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup u
[stretch] - hylafax <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/hylafax/HylaFAX+/2534/
CVE-2020-15395 (In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based b ...)
- - libmediainfo <unfixed> (low; bug #967073)
+ - libmediainfo 20.09+dfsg-1 (low; bug #967073)
[buster] - libmediainfo <no-dsa> (Minor issue)
[stretch] - libmediainfo <no-dsa> (Minor issue)
[jessie] - libmediainfo <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/mediainfo/bugs/1127/
+ NOTE: https://github.com/MediaArea/MediaInfoLib/commit/5b998282f47f080592d298a25c642f13a895c4dc
CVE-2020-15394 (The REST API in Zoho ManageEngine Applications Manager before build 14 ...)
NOT-FOR-US: Zoho
CVE-2019-20893 (An issue was discovered in Activision Infinity Ward Call of Duty Moder ...)
@@ -96353,14 +96354,7 @@ CVE-2019-12906
CVE-2019-12905 (FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman& ...)
NOT-FOR-US: FileRun
CVE-2019-12904 (In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flu ...)
- - libgcrypt20 <unfixed> (bug #930885)
- [buster] - libgcrypt20 <no-dsa> (Minor issue)
- [stretch] - libgcrypt20 <no-dsa> (Minor issue)
- [jessie] - libgcrypt20 <not-affected> (Vulnerable code introduced later in version 1.7.0)
- - libgcrypt11 <removed>
- NOTE: https://dev.gnupg.org/T4541
- NOTE: https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020
- NOTE: https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762
+ NOTE: Issue disputed by libgcrypt upstream, see https://dev.gnupg.org/T4541
CVE-2019-12903 (Pydio Cells before 1.5.0, when supplied with a Name field in an unexpe ...)
NOT-FOR-US: Pydio Cells (relates to Pydio product)
CVE-2019-12902 (Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon ...)
@@ -136701,41 +136695,29 @@ CVE-2018-18199 (Mediamanager in REDAXO before 5.6.4 has XSS. ...)
CVE-2018-18198 (The $opener_input_field variable in addons/mediapool/pages/index.php i ...)
NOT-FOR-US: REDAXO
CVE-2018-18197 (An issue was discovered in libgig 4.1.0. There is an operator new[] fa ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
+ - libgig <unfixed> (unimportant; bug #931309)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-18196 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
+ - libgig <unfixed> (unimportant; bug #931309)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-18195 (An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-ze ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
+ - libgig <unfixed> (unimportant; bug #931309)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-18194 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
+ - libgig <unfixed> (unimportant; bug #931309)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-18193 (An issue was discovered in libgig 4.1.0. There is operator new[] failu ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
+ - libgig <unfixed> (unimportant; bug #931309)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-18192 (An issue was discovered in libgig 4.1.0. There is a NULL pointer deref ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
+ - libgig <unfixed> (unimportant; bug #931309)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-18191 (Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member ...)
NOT-FOR-US: FineCms
CVE-2018-18190 (An issue was discovered in GoPro gpmf-parser before 1.2.1. There is a ...)
@@ -146510,71 +146492,49 @@ CVE-2018-14460 (An issue was discovered in the HDF HDF5 1.8.20 library. There is
- hdf5 <undetermined>
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README3.md
CVE-2018-14459 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14458 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14457 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14456 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14455 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14454 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14453 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14452 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14451 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14450 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14449 (An issue was discovered in libgig 4.1.0. There is an out of bounds rea ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14448 (Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL poi ...)
- untrunc <itp> (bug #702476)
CVE-2018-14447 (trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds r ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb4a2f1f22f3830823ad27f41af7ffda734493ce
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb4a2f1f22f3830823ad27f41af7ffda734493ce
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201209/7c297fd1/attachment.html>
More information about the debian-security-tracker-commits
mailing list