Skip to content
Commits on Source (10)
Show whitespace changes
Inline Side-by-side
data/CVE/list
View file @ d9162aef
......@@ -75,6 +75,7 @@ CVE-2019-14249 (dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows at
- dwarfutils <unfixed> (low)
[buster] - dwarfutils <no-dsa> (Minor issue)
[stretch] - dwarfutils <no-dsa> (Minor issue)
[jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/merge-requests/4/
NOTE: Fixed by: https://sourceforge.net/p/libdwarf/code/ci/cb7198abde46c2ae29957ad460da6886eaa606ba
CVE-2019-14248 (In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows ...)
......@@ -1389,6 +1390,7 @@ CVE-2019-13618 (In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a he
- gpac <unfixed> (low; bug #932242)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
[jessie] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1250
NOTE: https://github.com/gpac/gpac/commit/c23d54ed15a70b4543e3191e6ead5097cda0878b
CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in ...)
......@@ -1400,6 +1402,7 @@ CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.
CVE-2019-13615 (libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media ...)
- libebml 1.3.6-1 (low; bug #932241)
[stretch] - libebml <no-dsa> (Minor issue)
[jessie] - libebml <no-dsa> (Minor issue)
NOTE: https://trac.videolan.org/vlc/ticket/22474
NOTE: Issue was originally reported to vlc project, but the underlying issue is
NOTE: found in the libebml library
......@@ -2518,6 +2521,7 @@ CVE-2019-13565 [openldap: ACL protections get lost if same identity uses differe
- openldap 2.4.48+dfsg-1 (low; bug #932998)
[buster] - openldap <no-dsa> (Minor issue)
[stretch] - openldap <no-dsa> (Minor issue)
[jessie] - openldap <no-dsa> (Minor issue)
NOTE: https://openldap.org/its/?findid=9052
CVE-2019-13564 (XSS exists in Ping Identity Agentless Integration Kit before 1.5. ...)
NOT-FOR-US: Ping Identity Agentless Integration Kit
......@@ -2771,6 +2775,7 @@ CVE-2019-13453 (Zipios before 0.1.7 does not properly handle certain malformed z
- zipios++ <unfixed> (low; bug #932556)
[buster] - zipios++ <no-dsa> (Minor issue)
[stretch] - zipios++ <no-dsa> (Minor issue)
[jessie] - zipios++ <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/
NOTE: Patch: https://sourceforge.net/p/zipios/code-git/ci/96e26640573410709bb863b8916a8216f4c6a546/tree/infinite_loop.patch
CVE-2019-13452
......@@ -3793,6 +3798,7 @@ CVE-2019-13057 [openldap: rootdn of any db can assert any identity]
- openldap 2.4.48+dfsg-1 (low; bug #932997)
[buster] - openldap <no-dsa> (Minor issue)
[stretch] - openldap <no-dsa> (Minor issue)
[jessie] - openldap <no-dsa> (Minor issue)
NOTE: https://openldap.org/its/?findid=9038
CVE-2019-13056 (An issue was discovered in CyberPanel through 1.8.4. On the user edit ...)
NOT-FOR-US: CyberPanel
......@@ -11111,6 +11117,7 @@ CVE-2019-10206 [disclosure data when prompted for password and template characte
- ansible <unfixed> (bug #933005)
[buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <no-dsa> (Minor issue)
[jessie] - ansible <no-dsa> (Minor issue)
NOTE: https://github.com/ansible/ansible/pull/59246
NOTE: 2.8.x https://github.com/ansible/ansible/pull/59552
NOTE: 2.7.x https://github.com/ansible/ansible/pull/59553
......@@ -12298,6 +12305,7 @@ CVE-2019-1010229
CVE-2019-1010228 (OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The im ...)
- dcmtk 3.6.4-1 (low)
[stretch] - dcmtk <no-dsa> (Minor issue)
[jessie] - dcmtk <no-dsa> (Minor issue)
NOTE: https://support.dcmtk.org/redmine/issues/858
NOTE: https://github.com/commontk/DCMTK/commit/40917614e
CVE-2019-1010227
......@@ -12383,10 +12391,12 @@ CVE-2019-1010191 (marginalia &lt; 1.6 is affected by: SQL Injection. The impact
CVE-2019-1010190 (mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact i ...)
- mgetty 1.2.1-1
[stretch] - mgetty <no-dsa> (Minor issue)
[jessie] - mgetty <no-dsa> (Minor issue)
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
CVE-2019-1010189 (mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impac ...)
- mgetty 1.2.1-1
[stretch] - mgetty <no-dsa> (Minor issue)
[jessie] - mgetty <no-dsa> (Minor issue)
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
CVE-2019-1010188
RESERVED