[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2020-7914/intellij-idea

Salvatore Bonaccorso carnil at debian.org
Tue Feb 4 09:14:54 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
194d6866 by Salvatore Bonaccorso at 2020-02-04T10:13:25+01:00
Add CVE-2020-7914/intellij-idea

- - - - -
dc3e0d8e by Salvatore Bonaccorso at 2020-02-04T10:14:08+01:00
Update some older references for JetBrains IntelliJ IDEA

Update the NFU to reference the planned source package named
intellij-idea.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1540,7 +1540,7 @@ CVE-2020-7916
 CVE-2020-7915 (An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI fie ...)
 	NOT-FOR-US: Eaton devices
 CVE-2020-7914 (In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfigur ...)
-	TODO: check
+	- intellij-idea <itp> (bug #747616)
 CVE-2020-7913 (JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS vi ...)
 	NOT-FOR-US: JetBrains
 CVE-2020-7912 (In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could  ...)
@@ -1558,9 +1558,9 @@ CVE-2020-7907
 CVE-2020-7906 (In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there wer ...)
 	NOT-FOR-US: JetBrains
 CVE-2020-7905 (Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were expose ...)
-	NOT-FOR-US: JetBrains
+	- intellij-idea <itp> (bug #747616)
 CVE-2020-7904 (In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were ...)
-	NOT-FOR-US: JetBrains
+	- intellij-idea <itp> (bug #747616)
 CVE-2019-20399 (A timing vulnerability in the Scalar::check_overflow function in Parit ...)
 	NOT-FOR-US: libsecp256k1-rs (Rust Implementation of secp256k1)
 CVE-2019-20398 (A NULL pointer dereference is present in libyang before v1.0-r3 in the ...)
@@ -21979,7 +21979,7 @@ CVE-2019-18363 (In JetBrains TeamCity before 2019.1.2, access could be gained to
 CVE-2019-18362 (JetBrains MPS before 2019.2.2 exposed listening ports to the network. ...)
 	NOT-FOR-US: JetBrains
 CVE-2019-18361 (JetBrains IntelliJ IDEA before 2019.2 allows local user privilege esca ...)
-	NOT-FOR-US: JetBrains
+	- intellij-idea <itp> (bug #747616)
 CVE-2019-18360 (In JetBrains Hub versions earlier than 2019.1.11738, username enumerat ...)
 	NOT-FOR-US: JetBrains
 CVE-2019-18359 (A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3G ...)
@@ -32446,7 +32446,7 @@ CVE-2019-14956 (JetBrains YouTrack before 2019.2.53938 was using incorrect setti
 CVE-2019-14955 (In JetBrains Hub versions earlier than 2018.4.11436, there was no opti ...)
 	NOT-FOR-US: JetBrains Hub
 CVE-2019-14954 (JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plant ...)
-	NOT-FOR-US: JetBrains IntelliJ IDEA
+	- intellij-idea <itp> (bug #747616)
 CVE-2019-14953 (JetBrains YouTrack versions before 2019.2.53938 had a possible XSS thr ...)
 	NOT-FOR-US: JetBrains YouTrack
 CVE-2019-14952 (JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in  ...)
@@ -47707,9 +47707,9 @@ CVE-2019-10106 (CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Nam
 CVE-2019-10105 (CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Des ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2019-10104 (In several JetBrains IntelliJ IDEA Ultimate versions, an Application S ...)
-	NOT-FOR-US: JetBrains IntelliJ IDEA Ultimate
+	- intellij-idea <itp> (bug #747616)
 CVE-2019-10103 (JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/J ...)
-	NOT-FOR-US: JetBrains
+	- intellij-idea <itp> (bug #747616)
 CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE template) versi ...)
 	NOT-FOR-US: JetBrains
 CVE-2019-10101 (JetBrains Kotlin versions before 1.3.30 were resolving artifacts using ...)
@@ -49189,9 +49189,9 @@ CVE-2019-9875 (Deserialization of Untrusted Data in the anti CSRF module in Site
 CVE-2019-9874 (Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (a ...)
 	NOT-FOR-US: Sitecore CMS
 CVE-2019-9873 (In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task ...)
-	NOT-FOR-US: JetBrains IntelliJ IDEA Ultimate
+	- intellij-idea <itp> (bug #747616)
 CVE-2019-9872 (In several versions of JetBrains IntelliJ IDEA Ultimate, creating run  ...)
-	NOT-FOR-US: JetBrains IntelliJ IDEA Ultimate
+	- intellij-idea <itp> (bug #747616)
 CVE-2019-9871 (Jector Smart TV FM-K75 devices allow remote code execution because the ...)
 	NOT-FOR-US: Jector Smart TV FM-K75 devices
 CVE-2019-9870 (plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor m ...)
@@ -49363,7 +49363,7 @@ CVE-2019-9824 (tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.
 	NOTE: https://www.openwall.com/lists/oss-security/2019/03/18/1
 	NOTE: https://github.com/qemu/qemu/commit/d3222975c7d6cda9e25809dea05241188457b113
 CVE-2019-9823 (In several JetBrains IntelliJ IDEA versions, creating remote run confi ...)
-	NOT-FOR-US: JetBrains IntelliJ IDEA
+	- intellij-idea <itp> (bug #747616)
 CVE-2019-9822
 	RESERVED
 CVE-2019-9821 (A use-after-free vulnerability can occur in AssertWorkerThread due to  ...)
@@ -51281,7 +51281,7 @@ CVE-2019-9187 (ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.2019
 	NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=d283e4c
 	NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9a275b2
 CVE-2019-9186 (In several JetBrains IntelliJ IDEA versions, a Spring Boot run configu ...)
-	NOT-FOR-US: JetBrains IntelliJ IDEA
+	- intellij-idea <itp> (bug #747616)
 CVE-2019-9185 (Controller/Async/FilesystemManager.php in the filemanager in Bolt befo ...)
 	NOT-FOR-US: Bolt CMS
 CVE-2019-9184 (SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/62f9431b8a405f76641824647ee0876c8b0022ec...dc3e0d8e60e94f00f9c43ffd4a4c67b1ebe3f9b2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/62f9431b8a405f76641824647ee0876c8b0022ec...dc3e0d8e60e94f00f9c43ffd4a4c67b1ebe3f9b2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200204/418b3868/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list