[Git][security-tracker-team/security-tracker][master] Review some old piwik related ITPs and reassociate with now packaged matomo
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 29 19:22:58 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
85f1cfe9 by Salvatore Bonaccorso at 2025-01-29T20:22:48+01:00
Review some old piwik related ITPs and reassociate with now packaged matomo
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -605062,9 +605062,9 @@ CVE-2015-7818 (The administration-panel web service in IBM System Networking Swi
CVE-2015-7817 (Race condition in the administration-panel web service in IBM System N ...)
NOT-FOR-US: IBM
CVE-2015-7816 (The DisplayTopKeywords function in plugins/Referrers/Controller.php in ...)
- - matomo <itp> (bug #448532)
+ - matomo <not-affected> (Fixed before initial upload to Debian)
CVE-2015-7815 (Directory traversal vulnerability in core/ViewDataTable/Factory.php in ...)
- - matomo <itp> (bug #448532)
+ - matomo <not-affected> (Fixed before initial upload to Debian)
CVE-2015-7814 (Race condition in the relinquish_memory function in arch/arm/domain.c ...)
{DSA-3414-1}
- xen 4.6.0-1
@@ -665079,7 +665079,7 @@ CVE-2013-2634 (net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initial
- linux 3.2.41-2
- linux-2.6 <removed>
CVE-2013-2633 (Piwik before 1.11 accepts input from a POST request instead of a GET r ...)
- - piwik <itp> (bug #506933)
+ - matomo <not-affected> (Fixed before initial upload to Debian)
CVE-2013-2632 (Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, ...)
- libv8 <removed>
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
@@ -667547,7 +667547,7 @@ CVE-2013-1845 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x be
[wheezy] - subversion 1.6.17dfsg-4+deb7u2
NOTE: http://subversion.apache.org/security/CVE-2013-1845-advisory.txt
CVE-2013-1844 (Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows r ...)
- - piwik <itp> (bug #506933)
+ - matomo <not-affected> (Fixed before initial upload to Debian)
CVE-2013-1843 (Open redirect vulnerability in the Access tracking mechanism in TYPO3 ...)
{DSA-2646-1}
- typo3-src 4.5.19+dfsg1-5 (bug #702574)
@@ -672696,13 +672696,13 @@ CVE-2013-0197 (Cross-site scripting (XSS) vulnerability in the filter_draw_selec
CVE-2013-0196 (A CSRF issue was found in OpenShift Enterprise 1.2. The web console is ...)
NOT-FOR-US: OpenShift
CVE-2013-0195 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attack ...)
- - piwik <itp> (bug #506933)
+ - matomo <not-affected> (Fixed before initial upload to Debian)
NOTE: http://piwik.org/blog/2013/01/piwik-1-10/
CVE-2013-0194 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attack ...)
- - piwik <itp> (bug #506933)
+ - matomo <not-affected> (Fixed before initial upload to Debian)
NOTE: http://piwik.org/blog/2013/01/piwik-1-10/
CVE-2013-0193 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attack ...)
- - piwik <itp> (bug #506933)
+ - matomo <not-affected> (Fixed before initial upload to Debian)
NOTE: http://piwik.org/blog/2013/01/piwik-1-10/
CVE-2013-0192 (File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin ca ...)
NOT-FOR-US: Simple Machines Forum
@@ -678067,7 +678067,7 @@ CVE-2012-4542 (block/scsi_ioctl.c in the Linux kernel through 3.8 does not prope
[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
NOTE: No upstream fix seems to be planned/treated as non-issue. Marking as unimportant
CVE-2012-4541 (Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows re ...)
- - piwik <itp> (bug #506933)
+ - matomo <not-affected> (Fixed before initial upload to Debian)
CVE-2012-4540 (Off-by-one error in the invoke function in IcedTeaScriptablePluginObje ...)
{DSA-2768-1}
- icedtea-web 1.3.1-1 (bug #692608)
@@ -689319,7 +689319,7 @@ CVE-2011-4943 (ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (f
CVE-2011-4942 (Multiple cross-site scripting (XSS) vulnerabilities in admin/configura ...)
NOT-FOR-US: Geeklog
CVE-2011-4941 (Unspecified vulnerability in Piwik 1.2 through 1.4 allows remote attac ...)
- - piwik <itp> (bug #506933)
+ - matomo <not-affected> (Fixed before initial upload to Debian)
CVE-2011-4940 (The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPSe ...)
{DLA-25-1}
- python2.7 2.7.2-8 (unimportant)
@@ -703158,13 +703158,13 @@ CVE-2011-0402 (dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assiste
{DSA-2142-1}
- dpkg 1.15.8.8
CVE-2011-0401 (Piwik before 1.1 does not properly limit the number of files stored un ...)
- - piwik <itp> (bug #506933)
+ - matomo <not-affected> (Fixed before initial upload to Debian)
CVE-2011-0400 (Cookie.php in Piwik before 1.1 does not set the secure flag for the se ...)
- - piwik <itp> (bug #506933)
+ - matomo <not-affected> (Fixed before initial upload to Debian)
CVE-2011-0399 (Piwik before 1.1 does not prevent the rendering of the login form insi ...)
- - piwik <itp> (bug #506933)
+ - matomo <not-affected> (Fixed before initial upload to Debian)
CVE-2011-0398 (The Piwik_Common::getIP function in Piwik before 1.1 does not properly ...)
- - piwik <itp> (bug #506933)
+ - matomo <not-affected> (Fixed before initial upload to Debian)
CVE-2010-4693 (Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Phot ...)
NOT-FOR-US: Coppermine Photo Gallery
CVE-2011-0397
@@ -704799,7 +704799,7 @@ CVE-2011-0006 (The ima_lsm_rule_init function in security/integrity/ima/ima_poli
CVE-2011-0005 (Cross-site scripting (XSS) vulnerability in the com_search module for ...)
NOT-FOR-US: Joomla!
CVE-2011-0004 (Multiple cross-site scripting (XSS) vulnerabilities in Piwik before 1. ...)
- - piwik <itp> (bug #506933)
+ - matomo <not-affected> (Fixed before initial upload to Debian)
CVE-2011-0003 (MediaWiki before 1.16.1, when user or site JavaScript or CSS is enable ...)
{DTSA-207-1}
- mediawiki 1:1.15.5-2
@@ -709483,7 +709483,7 @@ CVE-2010-2787 (api.php in MediaWiki before 1.15.5 does not prevent use of public
[lenny] - mediawiki <no-dsa> (Minor issue)
NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
CVE-2010-2786 (Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows re ...)
- - piwik <itp> (bug #506933)
+ - matomo <not-affected> (Fixed before initial upload to Debian)
CVE-2010-2785 (The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not ...)
{DSA-2078-1}
- kvirc 4:4.0.0-3
@@ -713270,7 +713270,7 @@ CVE-2010-1455 (The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0
CVE-2010-1454 (com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMwa ...)
NOT-FOR-US: VMware
CVE-2010-1453 (Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0. ...)
- - piwik <itp> (bug #506933)
+ - matomo <not-affected> (Fixed before initial upload to Debian)
CVE-2010-1452 (The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2. ...)
- apache2 2.2.16-1 (low)
[lenny] - apache2 2.2.9-10+lenny10
@@ -718828,7 +718828,7 @@ CVE-2009-4141 (Use-after-free vulnerability in the fasync_helper function in fs/
- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=53281b6d3
CVE-2009-4140 (Unrestricted file upload vulnerability in ofc_upload_image.php in Open ...)
- - piwik <itp> (bug #506933)
+ - matomo <not-affected> (Fixed before initial upload to Debian)
CVE-2009-4139 (Cross-site request forgery (CSRF) vulnerability in the Spacewalk Java ...)
NOT-FOR-US: spacewalk-java
CVE-2009-4138 (drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when p ...)
@@ -718838,7 +718838,7 @@ CVE-2009-4138 (drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, w
[lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed> (medium)
CVE-2009-4137 (The loadContentFromCookie function in core/Cookie.php in Piwik before ...)
- - piwik <itp> (bug #506933)
+ - matomo <not-affected> (Fixed before initial upload to Debian)
CVE-2009-4136 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1. ...)
{DSA-1964-1}
- postgresql-7.4 <removed>
@@ -729000,7 +729000,7 @@ CVE-2009-1088 (Hannon Hill Cascade Server 5.7 and other versions allows remote a
CVE-2009-1087 (Multiple argument injection vulnerabilities in PPLive.exe in PPLive 1. ...)
NOT-FOR-US: PPLive
CVE-2009-1085 (Piwik 0.2.32 and earlier stores sensitive information under the web ro ...)
- - piwik <itp> (bug #506933)
+ - matomo <not-affected> (Fixed before initial upload to Debian)
CVE-2009-1084 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not proper ...)
NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1083 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85f1cfe97a5634a3a035af66addbccfbe0df8718
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85f1cfe97a5634a3a035af66addbccfbe0df8718
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250129/c34771b9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list