[Git][security-tracker-team/security-tracker][master] axtls entered the archive, move from itp status to unfixed for further checks

Salvatore Bonaccorso carnil at debian.org
Mon Jan 13 21:18:00 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e9820224 by Salvatore Bonaccorso at 2020-01-13T22:17:22+01:00
axtls entered the archive, move from itp status to unfixed for further checks

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -44004,7 +44004,7 @@ CVE-2019-9974 (diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-002
 CVE-2019-9973
 	RESERVED
 CVE-2019-10013 (The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS t ...)
-	- axtls <itp> (bug #932027)
+	- axtls <unfixed>
 CVE-2019-10012 (Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote at ...)
 	NOT-FOR-US: Jenzabar
 CVE-2019-10011 (ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campu ...)
@@ -45789,7 +45789,7 @@ CVE-2019-9691
 CVE-2019-9690
 	RESERVED
 CVE-2019-9689 (process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2 ...)
-	- axtls <itp> (bug #932027)
+	- axtls <unfixed>
 CVE-2019-9688 (sftnow through 2018-12-29 allows index.php?g=Admin&m=User&a=ad ...)
 	NOT-FOR-US: sftnow
 CVE-2019-9687 (PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF ...)
@@ -47840,7 +47840,7 @@ CVE-2019-8983 (MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1
 CVE-2019-8982 (com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishan ...)
 	NOT-FOR-US: WaveMaker Studio
 CVE-2019-8981 (tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overfl ...)
-	- axtls <itp> (bug #932027)
+	- axtls <unfixed>
 CVE-2018-20784 (In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf ...)
 	- linux 4.19.16-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -81002,7 +81002,7 @@ CVE-2018-16255 (** DISPUTED ** There is an XSS vulnerability in WP All Import pl
 CVE-2018-16254 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...)
 	NOT-FOR-US: WP All Import plugin for WordPress
 CVE-2018-16253 (In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS# ...)
-	- axtls <itp> (bug #932027)
+	- axtls <unfixed>
 CVE-2018-16252 (FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML Exter ...)
 	NOT-FOR-US: FsPro Labs Event Log Explorer
 CVE-2018-16251 (A "search for user discovery" injection issue exists in Creatiwity wit ...)
@@ -81245,9 +81245,9 @@ CVE-2018-16151 (In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the
 	- strongswan 5.7.0-1
 	NOTE: https://strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
 CVE-2018-16150 (In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS# ...)
-	- axtls <itp> (bug #932027)
+	- axtls <unfixed>
 CVE-2018-16149 (In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS# ...)
-	- axtls <itp> (bug #932027)
+	- axtls <unfixed>
 CVE-2018-16148 (The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monito ...)
 	NOT-FOR-US: Opsview Monitor
 CVE-2018-16147 (The data parameter of the /settings/api/router endpoint in Opsview Mon ...)
@@ -109454,7 +109454,7 @@ CVE-2017-1000417 (MatrixSSL version 3.7.2 adopts a collision-prone OID compariso
 	- matrixssl <removed>
 	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
 CVE-2017-1000416 (axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting i ...)
-	- axtls <itp> (bug #932027)
+	- axtls <unfixed>
 CVE-2018-6003 (An issue was discovered in the _asn1_decode_simple_ber function in dec ...)
 	{DSA-4106-1}
 	- libtasn1-6 4.13-2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9820224f24908fc102344208d44d97161804aa1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9820224f24908fc102344208d44d97161804aa1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200113/9fd74cdc/attachment.html>

More information about the debian-security-tracker-commits mailing list