diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-23 23:22:22 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-23 23:22:22 +0200 |
commit | 3a473c0d170e451c163f802a455517e3e7bf6110 (patch) | |
tree | 426c9bbd77c84ec80c47cfba6667198b8a1cd00a /data/CVE | |
parent | 213ce28d6a12bf80dc855ce2907ab9c3ab25f36e (diff) |
Replace nonworking https://cgit.kde.org referenes with github commits
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/list.2013 | 4 | ||||
-rw-r--r-- | data/CVE/list.2016 | 14 | ||||
-rw-r--r-- | data/CVE/list.2017 | 10 | ||||
-rw-r--r-- | data/CVE/list.2018 | 8 | ||||
-rw-r--r-- | data/CVE/list.2019 | 8 | ||||
-rw-r--r-- | data/CVE/list.2020 | 4 |
6 files changed, 24 insertions, 24 deletions
diff --git a/data/CVE/list.2013 b/data/CVE/list.2013 index 9333c7dc0d..d9de6da437 100644 --- a/data/CVE/list.2013 +++ b/data/CVE/list.2013 @@ -14135,8 +14135,8 @@ CVE-2013-2074 (kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allow - kde4libs 4:4.10.5-1 (low; bug #707776) [squeeze] - kde4libs <no-dsa> (Minor issue) NOTE: https://bugs.kde.org/show_bug.cgi?id=319428 - NOTE: https://cgit.kde.org/kdelibs.git/commit/?h=KDE/4.14&id=65d736dab592bced4410ccfa4699de89f78c96ca - NOTE: https://cgit.kde.org/kdelibs.git/commit/?h=KDE/4.14&id=898135a59d91184692ed1bcee8bb4c6d80d6f7b9 + NOTE: https://github.com/KDE/kdelibs/commit/65d736dab592bced4410ccfa4699de89f78c96ca + NOTE: https://github.com/KDE/kdelibs/commit/898135a59d91184692ed1bcee8bb4c6d80d6f7b9 CVE-2013-2073 (Transifex command-line client before 0.9 does not validate X.509 certi ...) - transifex-client 0.9-1 (low) [wheezy] - transifex-client <no-dsa> (Minor issue) diff --git a/data/CVE/list.2016 b/data/CVE/list.2016 index 711b316508..df9a87fe45 100644 --- a/data/CVE/list.2016 +++ b/data/CVE/list.2016 @@ -9260,20 +9260,20 @@ CVE-2016-7969 (The wrap_lines_smart function in ass_render.c in libass before 0. CVE-2016-7968 (KMail since version 5.3.0 used a QWebEngine based viewer that had Java ...) - kf5-messagelib <not-affected> (Doesn't use qtwebengine, see bug #853241) NOTE: https://www.kde.org/info/security/advisory-20161006-3.txt - NOTE: Would by fixed by: https://cgit.kde.org/messagelib.git/commit/?id=f601f9ffb706f7d3a5893b04f067a1f75da62c99 + NOTE: Would by fixed by: https://github.com/KDE/messagelib/commit/f601f9ffb706f7d3a5893b04f067a1f75da62c99 NOTE: and building with Qt 5.7.0. NOTE: Following patches partly sanitize mails but still make it possible to inject code: - NOTE: https://cgit.kde.org/messagelib.git/commit/?id=3503b75e9c79c3861e182588a0737baf165abd23 (v16.08.2) - NOTE: https://cgit.kde.org/messagelib.git/commit/?id=a8744798dfdf8e41dd6a378e48662c66302b0019 (v16.08.2) - NOTE: https://cgit.kde.org/messagelib.git/commit/?id=77976584a4ed2797437a2423704abdd7ece7834a (v16.08.2) - NOTE: https://cgit.kde.org/messagelib.git/commit/?id=fb1be09360c812d24355076da544030a67b736fc (v16.08.2) - NOTE: https://cgit.kde.org/messagelib.git/commit/?id=0402c17a8ead92188971cb604d905b3072d56a73 (v16.08.2) + NOTE: https://github.com/KDE/messagelib/commit/3503b75e9c79c3861e182588a0737baf165abd23 (v16.08.2) + NOTE: https://github.com/KDE/messagelib/commit/a8744798dfdf8e41dd6a378e48662c66302b0019 (v16.08.2) + NOTE: https://github.com/KDE/messagelib/commit/77976584a4ed2797437a2423704abdd7ece7834a (v16.08.2) + NOTE: https://github.com/KDE/messagelib/commit/fb1be09360c812d24355076da544030a67b736fc (v16.08.2) + NOTE: https://github.com/KDE/messagelib/commit/0402c17a8ead92188971cb604d905b3072d56a73 (v16.08.2) NOTE: The issue is mitigated with the fixes applied for CVE-2016-7966, and a NOTE: user protected from this CVE by only viewing plain text mails. CVE-2016-7967 (KMail since version 5.3.0 used a QWebEngine based viewer that had Java ...) - kf5-messagelib <not-affected> (Doesn't use qtwebengine, see bug #853241) NOTE: https://www.kde.org/info/security/advisory-20161006-2.txt - NOTE: Fixed by: https://cgit.kde.org/messagelib.git/commit/?id=dfc6a86f1b25f1da04b8f1df5320fcdd7085bcc1 (16.11.80) + NOTE: Fixed by: https://github.com/KDE/messagelib/commit/dfc6a86f1b25f1da04b8f1df5320fcdd7085bcc1 (16.11.80) NOTE: The issue is mitigated with the fixes applied for CVE-2016-7966, and a NOTE: user protected from this CVE by only viewing plain text mails. CVE-2016-7966 (Through a malicious URL that contained a quote character it was possib ...) diff --git a/data/CVE/list.2017 b/data/CVE/list.2017 index c1a0d25301..e5cdb920d4 100644 --- a/data/CVE/list.2017 +++ b/data/CVE/list.2017 @@ -8543,7 +8543,7 @@ CVE-2017-15925 CVE-2017-15923 (Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote ...) {DSA-4033-1 DLA-1174-1} - konversation 1.7.3-1 (bug #881586) - NOTE: https://cgit.kde.org/konversation.git/commit/?h=1.7&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0 + NOTE: https://github.com/KDE/konversation/commit/6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0 CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACT ...) {DLA-1198-1} - libextractor 1:1.6-2 (low; bug #880016) @@ -30117,8 +30117,8 @@ CVE-2017-8422 (KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local user - kauth 5.28.0-2 - kde4libs 4:4.14.26-2 NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/3 - NOTE: patch for kauth: https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a - NOTE: patch for kde4libs: https://cgit.kde.org/kdelibs.git/commit/?h=KDE/4.14&id=264e97625abe2e0334f97de17f6ffb52582888ab + NOTE: patch for kauth: https://github.com/KDE/kauth/commit/df875f725293af53399f5146362eb158b4f9216a + NOTE: patch for kde4libs: https://github.com/KDE/kdelibs/commit/264e97625abe2e0334f97de17f6ffb52582888ab NOTE: https://www.kde.org/info/security/advisory-20170510-1.txt CVE-2017-8421 (The function coff_set_alignment_hook in coffcode.h in Binary File Desc ...) - binutils 2.28-5 @@ -39963,8 +39963,8 @@ CVE-2017-5330 (ark before 16.12.1 might allow remote attackers to execute arbitr - ark 4:16.08.3-2 (bug #850874) [jessie] - ark <not-affected> (Vulnerable code introduced later) [wheezy] - ark <not-affected> (Vulnerable code introduced later) - NOTE: Fixed by: https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065 - NOTE: "Open File" action introduced in https://cgit.kde.org/ark.git/commit/?id=f1cf10f25af245823f81b8ff457a04c7593dede7 (v15.11.80) + NOTE: Fixed by: https://github.com/KDE/ark/commit/82fdfd24d46966a117fa625b68784735a40f9065 + NOTE: "Open File" action introduced in https://github.com/KDE/ark/commit/f1cf10f25af245823f81b8ff457a04c7593dede7 (v15.11.80) CVE-2017-5226 (When executing a program via the bubblewrap sandbox, the nonpriv sessi ...) - bubblewrap 0.1.5-2 (bug #850702) NOTE: https://github.com/projectatomic/bubblewrap/issues/142 diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index e6ba594409..c2438df572 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -5062,7 +5062,7 @@ CVE-2018-19516 (messagepartthemes/default/defaultrenderer.cpp in messagelib in K - kf5-messagelib 4:18.08.3-2 (bug #915039) [stretch] - kf5-messagelib <no-dsa> (Minor issue) NOTE: https://www.kde.org/info/security/advisory-20181128-1.txt - NOTE: https://cgit.kde.org/messagelib.git/commit/?id=34765909cdf8e55402a8567b48fb288839c61612 + NOTE: https://github.com/KDE/messagelib/commit/34765909cdf8e55402a8567b48fb288839c61612 CVE-2018-19515 (In Webgalamb through 7.0, system/ajax.php functionality is supposed to ...) NOT-FOR-US: Webgalamb CVE-2018-19514 (In Webgalamb through 7.0, an arbitrary code execution vulnerability co ...) @@ -12711,7 +12711,7 @@ CVE-2018-1000801 (okular version 18.08 and earlier contains a Directory Traversa {DSA-4303-1 DLA-1516-1} - okular 4:17.12.2-2.1 (bug #908168) NOTE: https://bugs.kde.org/show_bug.cgi?id=398096 - NOTE: https://cgit.kde.org/okular.git/commit/?id=8ff7abc14d41906ad978b6bc67e69693863b9d47 + NOTE: https://github.com/KDE/okular/commit/8ff7abc14d41906ad978b6bc67e69693863b9d47 CVE-2018-1000800 (zephyr-rtos version 1.12.0 contains a NULL base pointer reference vuln ...) NOT-FOR-US: zephyr-rtos CVE-2018-1000773 (WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ...) @@ -38358,8 +38358,8 @@ CVE-2018-6790 (An issue was discovered in KDE Plasma Workspace before 5.12.0. da - plasma-workspace 4:5.12.0-2 [stretch] - plasma-workspace <ignored> (Minor issue, too intrusive to backport) NOTE: https://phabricator.kde.org/D10188 - NOTE: https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c - NOTE: https://cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938 + NOTE: https://github.com/KDE/plasma-workspace/commit/5bc696b5abcdb460c1017592e80b2d7f6ed3107c + NOTE: https://github.com/KDE/plasma-workspace/commit/8164beac15ea34ec0d1564f0557fe3e742bdd938 CVE-2018-6789 (An issue was discovered in the base64d function in the SMTP listener i ...) {DSA-4110-1 DLA-1274-1} - exim4 4.90.1-1 (bug #890000) diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index 1d493963fc..49a61bcde7 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -15776,8 +15776,8 @@ CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop files [stretch] - kde4libs <no-dsa> (Minor issue) NOTE: https://gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txt NOTE: https://kde.org/info/security/advisory-20190807-1.txt - NOTE: kconfig: https://cgit.kde.org/kconfig.git/commit/?id=5d3e71b1d2ecd2cb2f910036e614ffdfc895aa22 - NOTE: kdelibs: https://cgit.kde.org/kdelibs.git/commit/?id=2c3762feddf7e66cf6b64d9058f625a715694a00 + NOTE: kconfig: https://github.com/KDE/kconfig/commit/5d3e71b1d2ecd2cb2f910036e614ffdfc895aa22 + NOTE: kdelibs: https://github.com/KDE/kdelibs/commit/2c3762feddf7e66cf6b64d9058f625a715694a00 CVE-2019-14743 (In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wo ...) NOT-FOR-US: Valve Steam Client for Windows CVE-2019-14742 @@ -26733,7 +26733,7 @@ CVE-2019-10732 (In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP e - kdepim <removed> [stretch] - kdepim <no-dsa> (Minor issue) NOTE: https://bugs.kde.org/show_bug.cgi?id=404698 - NOTE: https://cgit.kde.org/messagelib.git/commit/?id=8f9b85b664be0987014c5d2485e706ab5a198e1b (v19.04.2) + NOTE: https://github.com/KDE/messagelib/commit/8f9b85b664be0987014c5d2485e706ab5a198e1b (v19.04.2) CVE-2019-10731 RESERVED CVE-2019-10730 @@ -36433,7 +36433,7 @@ CVE-2019-7443 (KDE KAuth before 5.55 allows the passing of parameters with arbit [stretch] - kde4libs <ignored> (Minor issue) [jessie] - kde4libs <no-dsa> (Minor issue) NOTE: https://mail.kde.org/pipermail/kde-announce/2019-February/000011.html - NOTE: https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a + NOTE: https://github.com/KDE/kauth/commit/fc70fb0161c1b9144d26389434d34dd135cd3f4a CVE-2019-7442 (An XML external entity (XXE) vulnerability in the Password Vault Web A ...) NOT-FOR-US: CyberArk Enterprise Password Vault CVE-2019-7441 (** DISPUTED ** cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Chec ...) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index f1cbae185d..9dd98cc639 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -25073,7 +25073,7 @@ CVE-2020-12755 (fishProtocol::establishConnection in fish/fish.cpp in KDE kio-ex - kio-extras <unfixed> (low; bug #960306) [buster] - kio-extras <no-dsa> (Minor issue) [stretch] - kio-extras <no-dsa> (Minor issue) - NOTE: https://cgit.kde.org/kio-extras.git/commit/?id=d813cef3cecdec9af1532a40d677a203ff979145 + NOTE: https://github.com/KDE/kio-extras/commit/d813cef3cecdec9af1532a40d677a203ff979145 CVE-2020-12754 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-12753 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) @@ -27246,7 +27246,7 @@ CVE-2020-11880 (An issue was discovered in KDE KMail before 19.12.3. By using th - kdepim <removed> [stretch] - kdepim <no-dsa> (Minor issue) [jessie] - kdepim <no-dsa> (Minor issue) - NOTE: https://cgit.kde.org/kmail.git/commit/?id=2a348eccd352260f192d9b449492071bbf2b34b1 + NOTE: https://github.com/KDE/kmail/commit/2a348eccd352260f192d9b449492071bbf2b34b1 CVE-2020-11879 (An issue was discovered in GNOME Evolution before 3.35.91. By using th ...) - evolution 3.36.0-1 [buster] - evolution <no-dsa> (Minor issue) |