[Git][security-tracker-team/security-tracker][master] 2 commits: Update information on CVE-2019-20159

Salvatore Bonaccorso carnil at debian.org
Thu Jan 16 21:47:15 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e96ff8bb by Salvatore Bonaccorso at 2020-01-16T22:22:33+01:00
Update information on CVE-2019-20159

experimental version of gpac would be affected, but as unstable is not
we do not explicitly track it now as the next upload to experimental
will be rebased likely including the fix (so unstable will never be
affected).

Reference introducing commit for CVE-2019-20159.

- - - - -
9c250d16 by Salvatore Bonaccorso at 2020-01-16T22:46:31+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4804,12 +4804,10 @@ CVE-2019-20160 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
 	NOTE: https://github.com/gpac/gpac/issues/1334
 	NOTE: https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e
 CVE-2019-20159 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
-	- gpac <unfixed>
-	[buster] - gpac <not-affected> (vulnerable code introduced in 0.7.0)
-	[stretch] - gpac <not-affected> (vulnerable code introduced in 0.7.0)
-	[jessie] - gpac <not-affected> (vulnerable code introduced in 0.7.0)
+	- gpac <not-affected> (Vulnerable code introduced in 0.7.0)
 	NOTE: https://github.com/gpac/gpac/issues/1321
-	NOTE: https://github.com/gpac/gpac/commit/e4c1f09ab9618b6af3bec6b94b8b349f2d01dbf8
+	NOTE: Introduced in: https://github.com/gpac/gpac/commit/261fab7f51479ae8b1732350d9d4cc456c4919af (v0.7.0)
+	NOTE: Fixed by: https://github.com/gpac/gpac/commit/e4c1f09ab9618b6af3bec6b94b8b349f2d01dbf8
 CVE-2019-20158
 	RESERVED
 CVE-2019-20157
@@ -7331,7 +7329,7 @@ CVE-2019-20099
 CVE-2019-20098
 	RESERVED
 CVE-2019-20097 (Bitbucket Server and Bitbucket Data Center versions starting from 1.0. ...)
-	TODO: check
+	NOT-FOR-US: Bitbucket Server and Bitbucket Data Center
 CVE-2019-20096 (In the Linux kernel before 5.1, there is a memory leak in __feat_regis ...)
 	- linux 5.2.6-1
 	[jessie] - linux 3.16.72-1
@@ -14024,7 +14022,7 @@ CVE-2019-19280
 CVE-2019-19279
 	RESERVED
 CVE-2019-19278 (A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180  ...)
-	TODO: check
+	NOT-FOR-US: SINAMICS
 CVE-2019-19277
 	RESERVED
 CVE-2019-19276
@@ -28996,11 +28994,11 @@ CVE-2019-15014 (A command injection vulnerability exists in the Zingbox Inspecto
 CVE-2019-15013 (The WorkflowResource class removeStatus method in Jira before version  ...)
 	NOT-FOR-US: Atlassian
 CVE-2019-15012 (Bitbucket Server and Bitbucket Data Center from version 4.13. before 5 ...)
-	TODO: check
+	NOT-FOR-US: Bitbucket Server and Bitbucket Data Center
 CVE-2019-15011 (The ListEntityLinksServlet resource in Application Links before versio ...)
 	NOT-FOR-US: Application Links
 CVE-2019-15010 (Bitbucket Server and Bitbucket Data Center versions starting from vers ...)
-	TODO: check
+	NOT-FOR-US: Bitbucket Server and Bitbucket Data Center
 CVE-2019-15009 (The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and  ...)
 	NOT-FOR-US: Atlassian Fisheye and Crucible
 CVE-2019-15008 (The /plugins/servlet/branchreview resource in Atlassian Fisheye and Cr ...)
@@ -38924,9 +38922,9 @@ CVE-2019-12000
 CVE-2019-11999
 	RESERVED
 CVE-2019-11998 (HPE Superdome Flex Server is vulnerable to multiple remote vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: HPE Superdome Flex Server
 CVE-2019-11997 (A potential security vulnerability has been identified in HPE enhanced ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2019-11996 (Potential security vulnerabilities have been identified with HPE Nimbl ...)
 	NOT-FOR-US: HPE
 CVE-2019-11995 (Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unaut ...)
@@ -47053,7 +47051,7 @@ CVE-2019-9511 (Some HTTP/2 implementations are vulnerable to window size manipul
 	NOTE: https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
 	NOTE: https://github.com/nghttp2/nghttp2/releases/tag/v1.39.2
 CVE-2019-9510 (A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-9509
 	RESERVED
 CVE-2019-9508



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b967ad692175d6a5dc5b8a4958e50abe1976a221...9c250d16845c6840822fb2e5b7346f57f371466f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b967ad692175d6a5dc5b8a4958e50abe1976a221...9c250d16845c6840822fb2e5b7346f57f371466f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200116/c07c438a/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list