[Git][security-tracker-team/security-tracker][master] Track fixed versions for radare2 up to 3.9.0 upstream

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b32863d6 by Salvatore Bonaccorso at 2020-01-03T08:57:32+01:00
Track fixed versions for radare2 up to 3.9.0 upstream

Note one is actually only fixed in the followup 3.9.0 completely, see
notes in the security tracker which otherwise would have made the fix
incomplete and opening a new CVE.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25259,7 +25259,7 @@ CVE-2019-14747 (DWSurvey through 2019-07-22 has stored XSS via the design/my-sur
 CVE-2019-14746 (A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by  ...)
 	NOT-FOR-US: KuaiFanCMS
 CVE-2019-14745 (In radare2 before 3.7.0, a command injection vulnerability exists in b ...)
-	- radare2 <unfixed> (bug #934204)
+	- radare2 3.9.0+dfsg-1 (bug #934204)
 	[buster] - radare2 <no-dsa> (Minor issue)
 	[stretch] - radare2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/radare/radare2/pull/14690
@@ -31870,7 +31870,7 @@ CVE-2019-12867 (Certain actions could cause privilege escalation for issue attac
 CVE-2019-12866 (An Insecure Direct Object Reference, with Authorization Bypass through ...)
 	NOT-FOR-US: JetBrains YouTrack
 CVE-2019-12865 (In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a dou ...)
-	- radare2 <unfixed> (bug #930704)
+	- radare2 3.8.0+dfsg-1 (bug #930704)
 	[buster] - radare2 <no-dsa> (Minor issue)
 	[stretch] - radare2 <no-dsa> (Minor issue)
 	[jessie] - radare2 <no-dsa> (Minor issue)
@@ -31965,7 +31965,7 @@ CVE-2019-12831 (In MyBB before 1.8.21, an attacker can abuse a default behavior
 CVE-2019-12830 (In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the P ...)
 	NOT-FOR-US: MyBB
 CVE-2019-12829 (radare2 through 3.5.1 mishandles the RParse API, which allows remote a ...)
-	- radare2 <unfixed> (bug #930590)
+	- radare2 3.8.0+dfsg-1 (bug #930590)
 	[buster] - radare2 <no-dsa> (Minor issue)
 	[stretch] - radare2 <no-dsa> (Minor issue)
 	[jessie] - radare2 <no-dsa> (Minor issue)
@@ -32039,7 +32039,7 @@ CVE-2019-12804 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16,
 CVE-2019-12803 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the sp ...)
 	NOT-FOR-US: Hunesion i-oneNet
 CVE-2019-12802 (In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lan ...)
-	- radare2 <unfixed> (bug #930510)
+	- radare2 3.8.0+dfsg-1 (bug #930510)
 	[buster] - radare2 <no-dsa> (Minor issue)
 	[stretch] - radare2 <no-dsa> (Minor issue)
 	[jessie] - radare2 <no-dsa> (Minor issue)
@@ -32105,7 +32105,7 @@ CVE-2019-12792 (A command injection vulnerability in UploadHandler.php in Vesta
 CVE-2019-12791 (A directory traversal vulnerability in the v-list-user script in Vesta ...)
 	NOT-FOR-US: Vesta Control Panel
 CVE-2019-12790 (In radare2 through 3.5.1, there is a heap-based buffer over-read in th ...)
-	- radare2 <unfixed> (bug #930344)
+	- radare2 3.8.0+dfsg-1 (bug #930344)
 	[buster] - radare2 <no-dsa> (Minor issue)
 	[stretch] - radare2 <no-dsa> (Minor issue)
 	[jessie] - radare2 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b32863d6b8f84298011bd4960b1fe3f1f93d49b1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b32863d6b8f84298011bd4960b1fe3f1f93d49b1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200103/668622f2/attachment.html>