diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-25 23:29:30 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-25 23:29:30 +0200 |
commit | 0ecc6b0693f0b4f5ff5dbe95b149e6249f2a2078 (patch) | |
tree | f6e12d8a658856d3b43c9f077025feb7501cc332 /data/CVE | |
parent | 0c0a6649ef76bb388cfbcde88fb847c677699ee5 (diff) |
Use HTTPs for repo.or.cz git repository references
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2011.list | 2 | ||||
-rw-r--r-- | data/CVE/2013.list | 2 | ||||
-rw-r--r-- | data/CVE/2016.list | 6 | ||||
-rw-r--r-- | data/CVE/2017.list | 8 | ||||
-rw-r--r-- | data/CVE/2018.list | 2 |
5 files changed, 10 insertions, 10 deletions
diff --git a/data/CVE/2011.list b/data/CVE/2011.list index f1cd3653b7..94227a60be 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -8312,7 +8312,7 @@ CVE-2011-2194 (Integer overflow in the XSPF playlist parser in VideoLAN VLC medi {DSA-2257-1} - vlc 1.1.10-1 [lenny] - vlc <not-affected> (Vulnerable code not present) - NOTE: http://repo.or.cz/w/vlc.git/commitdiff/cd929923ff49175a501bb3e9553a683bc42ff61c + NOTE: https://repo.or.cz/w/vlc.git/commitdiff/cd929923ff49175a501bb3e9553a683bc42ff61c CVE-2011-2190 (The generate_admin_password function in Cherokee before 1.2.99 uses ti ...) - cherokee 1.0.14-1 (low; bug #647205) [squeeze] - cherokee 1.0.8-5+squeeze1 diff --git a/data/CVE/2013.list b/data/CVE/2013.list index ba6019364e..7bd51c2f37 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -66,7 +66,7 @@ CVE-2013-7464 (In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not - zoneminder <not-affected> (Vulnerable code never in a embedded copy version for zoneminder) - cacti <not-affected> (Vulnerable code never in any release inclusing embedded copy, i.e. pre 1.0.4) NOTE: Issue is in embedded csrf-magic - NOTE: http://repo.or.cz/csrf-magic.git/commit/9d2537f70d58b16aeba89779aaf1573b8d618e11 (v1.0.4) + NOTE: https://repo.or.cz/csrf-magic.git/commit/9d2537f70d58b16aeba89779aaf1573b8d618e11 (v1.0.4) CVE-2013-7463 (The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use ...) NOT-FOR-US: aescrypt gem for Ruby CVE-2013-7462 (A directory traversal vulnerability in the web application in McAfee ( ...) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 3df4bff04f..556f1cb8a5 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -14533,7 +14533,7 @@ CVE-2016-6264 (Integer signedness error in libc/string/arm/memset.S in uClibc an - uclibc-ng <itp> (bug #811275) - uclibc <unfixed> (unimportant) NOTE: Just for cross-compiling, not used for actual packages - NOTE: http://repo.or.cz/uclibc-ng.git/commit/e3848e3dd64a8d6437531488fe341354bc02eaed + NOTE: https://repo.or.cz/uclibc-ng.git/commit/e3848e3dd64a8d6437531488fe341354bc02eaed NOTE: http://mailman.uclibc-ng.org/pipermail/devel/2016-July/001067.html NOTE: Fixed in 1.0.16 of uClibc-ng CVE-2016-6263 (The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn be ...) @@ -26449,13 +26449,13 @@ CVE-2016-2224 (The __decode_dotted function in libc/inet/resolv.c in uClibc-ng b {DLA-561-1} - uclibc <unfixed> (unimportant) NOTE: Just for cross-compiling, not used for actual packages - NOTE: http://repo.or.cz/uclibc-ng.git/commit/d9c3a16dcab57d6b56225b9a67e9119cc9e2e4ac + NOTE: https://repo.or.cz/uclibc-ng.git/commit/d9c3a16dcab57d6b56225b9a67e9119cc9e2e4ac NOTE: https://www.openwall.com/lists/oss-security/2016/02/05/2 CVE-2016-2225 (The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng bef ...) {DLA-561-1} - uclibc <unfixed> (unimportant) NOTE: Just for cross-compiling, not used for actual packages - NOTE: http://repo.or.cz/uclibc-ng.git/commit/6932f2282ba0578d6ca2f21eead920d6b78bc93c + NOTE: https://repo.or.cz/uclibc-ng.git/commit/6932f2282ba0578d6ca2f21eead920d6b78bc93c NOTE: https://www.openwall.com/lists/oss-security/2016/02/05/2 CVE-2016-2216 (The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 ...) - nodejs 4.3.0~dfsg-1 (unimportant) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 29ac6be719..cbc56b8001 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -3176,7 +3176,7 @@ CVE-2017-17819 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address [jessie] - nasm <no-dsa> (Minor issue) [wheezy] - nasm <no-dsa> (Minor issue) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392435 - NOTE: http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af (nasm-2.13.02rc3) + NOTE: https://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af (nasm-2.13.02rc3) CVE-2017-17818 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over ...) - nasm 2.13.02-0.1 [stretch] - nasm <no-dsa> (Minor issue) @@ -3200,7 +3200,7 @@ CVE-2017-17815 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address [stretch] - nasm <no-dsa> (Minor issue) [jessie] - nasm <no-dsa> (Minor issue) [wheezy] - nasm <no-dsa> (Minor issue) - NOTE: http://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3 (nasm-2.13.02rc3) + NOTE: https://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3 (nasm-2.13.02rc3) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392436 CVE-2017-17814 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_d ...) - nasm 2.13.02-0.1 @@ -3219,7 +3219,7 @@ CVE-2017-17812 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffe [stretch] - nasm <no-dsa> (Minor issue) [jessie] - nasm <no-dsa> (Minor issue) [wheezy] - nasm <no-dsa> (Minor issue) - NOTE: http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9 (nasm-2.13.02rc3) + NOTE: https://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9 (nasm-2.13.02rc3) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392424 CVE-2017-17811 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over ...) - nasm 2.13.02-0.1 @@ -3232,7 +3232,7 @@ CVE-2017-17810 (In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown [stretch] - nasm <no-dsa> (Minor issue) [jessie] - nasm <no-dsa> (Minor issue) [wheezy] - nasm <no-dsa> (Minor issue) - NOTE: http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4 (nasm-2.13.02rc3) + NOTE: https://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4 (nasm-2.13.02rc3) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392431 CVE-2017-17809 (In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservic ...) NOT-FOR-US: Golden Frog VyprVPN diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 6ce455e61d..6b37ac66ce 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -32757,7 +32757,7 @@ CVE-2018-8881 (Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over- [jessie] - nasm <no-dsa> (Minor issue) [wheezy] - nasm <ignored> (Minor issue) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392446 - NOTE: http://repo.or.cz/nasm.git/commit/3144e84add8b152cc7a71e44617ce6f21daa4ba3 (nasm-2.13.02rc3) + NOTE: https://repo.or.cz/nasm.git/commit/3144e84add8b152cc7a71e44617ce6f21daa4ba3 (nasm-2.13.02rc3) CVE-2018-8880 (Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check ...) NOT-FOR-US: Lutron Quantum BACnet Integration CVE-2018-8879 (Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS device ...) |