[Git][security-tracker-team/security-tracker][master] 2 commits: Update information on CVE-2019-20159
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 16 21:47:15 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e96ff8bb by Salvatore Bonaccorso at 2020-01-16T22:22:33+01:00
Update information on CVE-2019-20159
experimental version of gpac would be affected, but as unstable is not
we do not explicitly track it now as the next upload to experimental
will be rebased likely including the fix (so unstable will never be
affected).
Reference introducing commit for CVE-2019-20159.
- - - - -
9c250d16 by Salvatore Bonaccorso at 2020-01-16T22:46:31+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4804,12 +4804,10 @@ CVE-2019-20160 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
NOTE: https://github.com/gpac/gpac/issues/1334
NOTE: https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e
CVE-2019-20159 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
- - gpac <unfixed>
- [buster] - gpac <not-affected> (vulnerable code introduced in 0.7.0)
- [stretch] - gpac <not-affected> (vulnerable code introduced in 0.7.0)
- [jessie] - gpac <not-affected> (vulnerable code introduced in 0.7.0)
+ - gpac <not-affected> (Vulnerable code introduced in 0.7.0)
NOTE: https://github.com/gpac/gpac/issues/1321
- NOTE: https://github.com/gpac/gpac/commit/e4c1f09ab9618b6af3bec6b94b8b349f2d01dbf8
+ NOTE: Introduced in: https://github.com/gpac/gpac/commit/261fab7f51479ae8b1732350d9d4cc456c4919af (v0.7.0)
+ NOTE: Fixed by: https://github.com/gpac/gpac/commit/e4c1f09ab9618b6af3bec6b94b8b349f2d01dbf8
CVE-2019-20158
RESERVED
CVE-2019-20157
@@ -7331,7 +7329,7 @@ CVE-2019-20099
CVE-2019-20098
RESERVED
CVE-2019-20097 (Bitbucket Server and Bitbucket Data Center versions starting from 1.0. ...)
- TODO: check
+ NOT-FOR-US: Bitbucket Server and Bitbucket Data Center
CVE-2019-20096 (In the Linux kernel before 5.1, there is a memory leak in __feat_regis ...)
- linux 5.2.6-1
[jessie] - linux 3.16.72-1
@@ -14024,7 +14022,7 @@ CVE-2019-19280
CVE-2019-19279
RESERVED
CVE-2019-19278 (A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 ...)
- TODO: check
+ NOT-FOR-US: SINAMICS
CVE-2019-19277
RESERVED
CVE-2019-19276
@@ -28996,11 +28994,11 @@ CVE-2019-15014 (A command injection vulnerability exists in the Zingbox Inspecto
CVE-2019-15013 (The WorkflowResource class removeStatus method in Jira before version ...)
NOT-FOR-US: Atlassian
CVE-2019-15012 (Bitbucket Server and Bitbucket Data Center from version 4.13. before 5 ...)
- TODO: check
+ NOT-FOR-US: Bitbucket Server and Bitbucket Data Center
CVE-2019-15011 (The ListEntityLinksServlet resource in Application Links before versio ...)
NOT-FOR-US: Application Links
CVE-2019-15010 (Bitbucket Server and Bitbucket Data Center versions starting from vers ...)
- TODO: check
+ NOT-FOR-US: Bitbucket Server and Bitbucket Data Center
CVE-2019-15009 (The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and ...)
NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2019-15008 (The /plugins/servlet/branchreview resource in Atlassian Fisheye and Cr ...)
@@ -38924,9 +38922,9 @@ CVE-2019-12000
CVE-2019-11999
RESERVED
CVE-2019-11998 (HPE Superdome Flex Server is vulnerable to multiple remote vulnerabili ...)
- TODO: check
+ NOT-FOR-US: HPE Superdome Flex Server
CVE-2019-11997 (A potential security vulnerability has been identified in HPE enhanced ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-11996 (Potential security vulnerabilities have been identified with HPE Nimbl ...)
NOT-FOR-US: HPE
CVE-2019-11995 (Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unaut ...)
@@ -47053,7 +47051,7 @@ CVE-2019-9511 (Some HTTP/2 implementations are vulnerable to window size manipul
NOTE: https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
NOTE: https://github.com/nghttp2/nghttp2/releases/tag/v1.39.2
CVE-2019-9510 (A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-9509
RESERVED
CVE-2019-9508
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b967ad692175d6a5dc5b8a4958e50abe1976a221...9c250d16845c6840822fb2e5b7346f57f371466f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b967ad692175d6a5dc5b8a4958e50abe1976a221...9c250d16845c6840822fb2e5b7346f57f371466f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200116/c07c438a/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list