[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Mon Mar 9 08:42:51 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
76bfb7f0 by Moritz Muehlenhoff at 2020-03-09T09:42:29+01:00
NFUs
imagemagick triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,9 +27,9 @@ CVE-2020-10222 (npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap C
CVE-2020-10221 (lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows re ...)
TODO: check
CVE-2019-20504 (service/krashrpt.php in Quest KACE K1000 Systems Management Appliance ...)
- TODO: check
+ NOT-FOR-US: Quest KACE
CVE-2016-11021 (setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remot ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2020-10220 (An issue was discovered in rConfig through 3.9.4. The web interface is ...)
NOT-FOR-US: rConfig
CVE-2020-10219
@@ -47,7 +47,7 @@ CVE-2020-10214 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Th
CVE-2020-10213 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...)
NOT-FOR-US: D-Link
CVE-2020-10212 (upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via ...)
- TODO: check
+ NOT-FOR-US: Responsive FileManager
CVE-2020-10211
RESERVED
CVE-2020-10210
@@ -1008,7 +1008,7 @@ CVE-2020-9758
CVE-2020-9757 (The Seomatic component before 3.2.46 for Craft CMS allows Server-Side ...)
NOT-FOR-US: Seomatic component for Craft CMS
CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insuff ...)
- TODO: check
+ NOT-FOR-US: Patriot Viper RGB Driver
CVE-2020-9755
RESERVED
CVE-2020-9754
@@ -1481,9 +1481,9 @@ CVE-2020-9533
CVE-2020-9532
RESERVED
CVE-2020-9531 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In t ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-9530 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-9529
RESERVED
CVE-2020-9528
@@ -1611,7 +1611,7 @@ CVE-2020-9472
CVE-2020-9471
RESERVED
CVE-2020-9470 (An issue was discovered in Wing FTP Server 6.2.5 before February 2020. ...)
- TODO: check
+ NOT-FOR-US: Wing FTP Server
CVE-2020-9469
RESERVED
CVE-2020-9468
@@ -42781,7 +42781,9 @@ CVE-2019-13455 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerabi
[stretch] - xymon 4.3.28-2+deb9u1
NOTE: https://lists.xymon.com/archive/2019-July/046570.html
CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLay ...)
- - imagemagick <unfixed> (bug #931740)
+ - imagemagick <unfixed> (low; bug #931740)
+ [buster] - imagemagick <ignored> (Minor issue)
+ [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (low impact issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1629
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4
@@ -44132,7 +44134,9 @@ CVE-2019-12978 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerab
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1519
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ae1ded6140bfa8ae9f6dcba5413b72d98ed94614
CVE-2019-12977 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
- - imagemagick <unfixed> (bug #931191)
+ - imagemagick <unfixed> (low; bug #931191)
+ [buster] - imagemagick <ignored> (Minor issue)
+ [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1518
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6103897fae2ed47e24b9cf7de719eea877b0504
@@ -44144,7 +44148,9 @@ CVE-2019-12975 (ImageMagick 7.0.8-34 has a memory leak vulnerability in the Writ
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1517
CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in coders/pa ...)
{DLA-1888-1}
- - imagemagick <unfixed> (bug #931196)
+ - imagemagick <unfixed> (low; bug #931196)
+ [buster] - imagemagick <ignored> (Minor issue)
+ [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1515
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24
CVE-2019-12973 (In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_c ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76bfb7f0c135c4b1d053aab799713767298ae7df
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76bfb7f0c135c4b1d053aab799713767298ae7df
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200309/45a45ba4/attachment.html>
More information about the debian-security-tracker-commits
mailing list