[Git][security-tracker-team/security-tracker][master] pagure uploaded

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
44ab9564 by Moritz Muehlenhoff at 2020-02-24T11:07:32+01:00
pagure uploaded

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -52387,7 +52387,7 @@ CVE-2019-9625 (JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI
 	NOT-FOR-US: JBMC DirectAdmin
 CVE-2019-XXXX [high memory usage with some long running sessions]
 	- proftpd-dfsg 1.3.5d-1 (bug #923926)
-	[stretch] - proftpd-dfsg <no-dsa> (Minor issue)
+	[stretch] - proftpd-dfsg <ignored> (Minor issue)
 	[jessie] - proftpd-dfsg 1.3.5e-0+deb8u1
 	NOTE: https://github.com/proftpd/proftpd/issues/330#issuecomment-276891713
 	NOTE: https://forum.armbian.com/topic/9692-nanopi-neo-2-memory-leak-in-proftpd-even-worse-if-ssl-encrypted/?do=findComment&comment=73069
@@ -57635,7 +57635,7 @@ CVE-2019-7629 (Stack-based buffer overflow in the strip_vt102_codes function in
 	[stretch] - tintin++ <no-dsa> (Minor issue)
 	[jessie] - tintin++ <no-dsa> (Minor issue)
 CVE-2019-7628 (Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail serve ...)
-	- pagure <itp> (bug #829046)
+	- pagure <not-affected> (Fixed before initial upload to the archive)
 CVE-2019-7627
 	RESERVED
 CVE-2019-7626
@@ -150097,7 +150097,7 @@ CVE-2017-11567 (Cross-site request forgery (CSRF) vulnerability in Mongoose Web
 CVE-2017-11566 (AppUse 4.0 allows shell command injection via a proxy field. ...)
 	NOT-FOR-US: AppUse
 CVE-2017-1002151 (Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due t ...)
-	- pagure <itp> (bug #829046)
+	- pagure <not-affected> (Fixed before initial upload to the archive)
 	NOTE: https://pagure.io/pagure/pull-request/2426
 CVE-2017-11564 (The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command i ...)
 	NOT-FOR-US: D-Link
@@ -194612,7 +194612,7 @@ CVE-2016-6261 (The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33
 CVE-2016-6249 (F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout durin ...)
 	NOT-FOR-US: F5
 CVE-2016-1000037 (Pagure: XSS possible in file attachment endpoint ...)
-	- pagure <itp> (bug #829046)
+	- pagure <not-affected> (Fixed before initial upload to the archive)
 CVE-2016-1000030 (Pidgin version <2.11.0 contains a vulnerability in X.509 Certificat ...)
 	- pidgin 2.11.0-1 (unimportant)
 	[jessie] - pidgin 2.11.0-0+deb8u1
@@ -195114,7 +195114,7 @@ CVE-2016-6135
 CVE-2016-6134
 	RESERVED
 CVE-2016-1000007 (Pagure 2.2.1 XSS in raw file endpoint ...)
-	- pagure <itp> (bug #829046)
+	- pagure <not-affected> (Fixed before initial upload to the archive)
 	NOTE: https://pagure.io/pagure/c/070d63983fe5daef92005ea33d3b8c693c224c77
 CVE-2016-6160 (tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause  ...)
 	{DLA-544-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/44ab9564673d6d98c77de65e582746b8b34a1201

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/44ab9564673d6d98c77de65e582746b8b34a1201
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200224/444a3288/attachment.html>