[Git][security-tracker-team/security-tracker][master] "new" thttpd issue

Moritz Muehlenhoff jmm at debian.org
Fri Jan 10 11:07:49 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
073a0b93 by Moritz Muehlenhoff at 2020-01-10T12:06:54+01:00
"new" thttpd issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -180724,7 +180724,7 @@ CVE-2015-8961 (The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Li
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/6934da9238da947628be83635e365df41064b09b (v4.4-rc5)
 CVE-2014-9908 (A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0. ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2016-1000247 [mpg123 memory overread]
 	{DLA-655-1}
 	- mpg123 1.23.8-1 (low; bug #838960)
@@ -239984,7 +239984,7 @@ CVE-2014-7259 (SQUARE ENIX Co., Ltd. Kaku-San-Sei Million Arthur before 2.25 for
 CVE-2014-7258 (Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 a ...)
 	NOT-FOR-US: KENT-WEB CLip Board
 CVE-2014-7257 (SQL injection vulnerability in DBD::PgPP 0.05 and earlier ...)
-	TODO: check
+	NOT-FOR-US: DBD::PgPP
 CVE-2014-7256 (The (1) PPP Access Concentrator (PPPAC) and (2) Dial-Up Networking Int ...)
 	NOT-FOR-US: SEIL Routers
 CVE-2014-7255 (Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 throug ...)
@@ -250144,7 +250144,7 @@ CVE-2014-3213
 CVE-2014-3212
 	RESERVED
 CVE-2014-3211 (Publify before 8.0.1 is vulnerable to a Denial of Service attack ...)
-	TODO: check
+	NOT-FOR-US: Publify
 CVE-2014-3210 (SQL injection vulnerability in dopbs-backend-forms.php in the Booking  ...)
 	NOT-FOR-US: WordPress plugin Booking System
 CVE-2014-3208
@@ -280899,7 +280899,7 @@ CVE-2012-5560 (The default configuration in mate-settings-daemon 1.5.3 allows lo
 CVE-2012-5559 (Cross-site scripting (XSS) vulnerability in the page manager node view ...)
 	NOT-FOR-US: Drupal chaos tool addon
 CVE-2012-5558 (Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x  ...)
-	TODO: check
+	NOT-FOR-US: Drupal contributed-module
 CVE-2012-5557 (The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7. ...)
 	NOT-FOR-US: Drupal contributed-module
 CVE-2012-5556 (Multiple cross-site request forgery (CSRF) vulnerabilities in the REST ...)
@@ -292060,13 +292060,13 @@ CVE-2012-1262 (Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.
 	{DSA-2423-1}
 	- movabletype-opensource 5.1.3+dfsg-1
 CVE-2012-1261 (Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusion ...)
-	TODO: check
+	NOT-FOR-US: Plixer
 CVE-2012-1260 (Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in P ...)
-	TODO: check
+	NOT-FOR-US: Plixer
 CVE-2012-1259 (Multiple SQL injection vulnerabilities in Plixer International Scrutin ...)
-	TODO: check
+	NOT-FOR-US: Plixer
 CVE-2012-1258 (cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow &amp ...)
-	TODO: check
+	NOT-FOR-US: Plixer
 CVE-2012-1257 (Pidgin 2.10.0 uses DBUS for certain cleartext communication, which all ...)
 	- pidgin <unfixed> (unimportant)
 	NOTE: Negligible local information disclosure
@@ -370649,7 +370649,7 @@ CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_ge
 	- geoip 1.3.17-1.1 (bug #406628; low)
 	[sarge] - geoip <no-dsa> (Minor issue)
 CVE-2007-0158 (thttpd 2007 has buffer underflow. ...)
-	TODO: check
+	- thttpd <removed>
 CVE-2007-0157 (Array index error in the uri_lookup function in the URI parser for neo ...)
 	- neon26 0.26.2-3.1 (medium; bug #404723)
 	NOTE: neon25 doesn't have the uri_lookup macro



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/073a0b93eb31aa1e7d9b988f2bd86d98ed51183a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/073a0b93eb31aa1e7d9b988f2bd86d98ed51183a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200110/2212033e/attachment.html>

More information about the debian-security-tracker-commits mailing list