Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aee3a5d4 by security tracker role at 2019-01-28T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2019-6989
+ RESERVED
+CVE-2019-6988 (An issue was discovered in OpenJPEG 2.3.0. It allows remote
attackers ...)
+ TODO: check
+CVE-2019-6987
+ RESERVED
+CVE-2019-6986 (SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker
to ...)
+ TODO: check
+CVE-2019-6985 (An issue was discovered in Foxit 3D Plugin Beta before
9.4.0.16807 for ...)
+ TODO: check
+CVE-2019-6984 (An issue was discovered in Foxit 3D Plugin Beta before
9.4.0.16807 for ...)
+ TODO: check
+CVE-2019-6983 (An issue was discovered in Foxit 3D Plugin Beta before
9.4.0.16807 for ...)
+ TODO: check
+CVE-2019-6982 (An issue was discovered in Foxit 3D Plugin Beta before
9.4.0.16807 for ...)
+ TODO: check
+CVE-2019-6981
+ RESERVED
+CVE-2019-6980
+ RESERVED
+CVE-2019-6979 (An issue was discovered in the User IP History Logs (aka ...)
+ TODO: check
+CVE-2018-20745 (Yii 2.x through 2.0.15.1 actively converts a wildcard CORS
policy into ...)
+ TODO: check
+CVE-2018-20744 (The Olivier Poitrey Go CORS handler through 1.3.0 actively
converts a ...)
+ TODO: check
CVE-2019-6978 (The GD Graphics Library (aka LibGD) 2.2.5 has a double free in
the ...)
- libgd2 <unfixed>
NOTE: https://github.com/libgd/libgd/issues/492
@@ -1944,6 +1970,7 @@ CVE-2019-6135 (An issue has been found in libIEC61850
v1.3.1. Memory_malloc in .
CVE-2019-6134
RESERVED
CVE-2019-6133 (In PolicyKit (aka polkit) 0.115, the "start time"
protection mechanism ...)
+ {DLA-1644-1}
- policykit-1 0.105-25 (bug #918985)
[stretch] - policykit-1 <no-dsa> (Minor issue, kernel mitigation will
land in next 4.9.x rebase)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
@@ -6845,8 +6872,7 @@ CVE-2019-3817
NOT-FOR-US: libcomps
CVE-2019-3816
RESERVED
-CVE-2019-3815 [systemd: memory leak in journald-server.c introduced by fix for
CVE-2018-16864]
- RESERVED
+CVE-2019-3815 (A memory leak was discovered in the backport of fixes for ...)
- systemd <not-affected> (This only affected backports to older suites,
not the version in sid)
[stretch] - systemd 232-25+deb9u8
[jessie] - systemd <not-affected> (Broken fix for CVE-2018-16864 not
applied)
@@ -7325,8 +7351,8 @@ CVE-2019-3595
RESERVED
CVE-2019-3594
RESERVED
-CVE-2019-3593
- RESERVED
+CVE-2019-3593 (Exploitation of Privilege/Trust vulnerability in Microsoft
Windows ...)
+ TODO: check
CVE-2019-3592
RESERVED
CVE-2019-3591
@@ -13829,7 +13855,7 @@ CVE-2018-19875
CVE-2018-19874
RESERVED
CVE-2018-19873 (An issue was discovered in Qt before 5.11.3. QBmpHandler has a
buffer ...)
- {DLA-1627-1}
+ {DSA-4374-1 DLA-1627-1}
[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
- qtbase-opensource-src 5.11.3+dfsg-2 (low)
- qt4-x11 <unfixed> (low)
@@ -13850,7 +13876,7 @@ CVE-2018-19871 (An issue was discovered in Qt before
5.11.3. There is QTgaFile .
NOTE: https://codereview.qt-project.org/#/c/237761/
NOTE: qt4-x11 affected in src/plugins/imageformats/tga/qtgafile.cpp
CVE-2018-19870 (An issue was discovered in Qt before 5.11.3. A malformed GIF
image ...)
- {DLA-1627-1}
+ {DSA-4374-1 DLA-1627-1}
[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
- qtbase-opensource-src 5.11.3+dfsg-2 (low)
- qt4-x11 <unfixed> (low)
@@ -14077,7 +14103,7 @@ CVE-2018-19789 (An issue was discovered in Symfony
2.7.x before 2.7.50, 2.8.x be
- symfony 3.4.20+dfsg-1
NOTE:
https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path
CVE-2018-19788 (A flaw was found in PolicyKit (aka polkit) 0.115 that allows a
user ...)
- {DSA-4350-1}
+ {DSA-4350-1 DLA-1644-1}
- policykit-1 0.105-23 (bug #915332)
NOTE: https://gitlab.freedesktop.org/polkit/polkit/issues/74
NOTE: https://gitlab.freedesktop.org/polkit/polkit/merge_requests/14
@@ -14220,16 +14246,16 @@ CVE-2018-19730
RESERVED
CVE-2018-19729
RESERVED
-CVE-2018-19728
- RESERVED
-CVE-2018-19727
- RESERVED
-CVE-2018-19726
- RESERVED
+CVE-2018-19728 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier,
...)
+ TODO: check
+CVE-2018-19727 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0
have a ...)
+ TODO: check
+CVE-2018-19726 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0
have a ...)
+ TODO: check
CVE-2018-19725
RESERVED
-CVE-2018-19724
- RESERVED
+CVE-2018-19724 (Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have
a stored ...)
+ TODO: check
CVE-2018-19723
RESERVED
CVE-2018-19722 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier,
...)
@@ -19040,8 +19066,8 @@ CVE-2018-19017 (Several use after free vulnerabilities
have been identified in .
NOT-FOR-US: CX-Supervisor
CVE-2018-19016
RESERVED
-CVE-2018-19015
- RESERVED
+CVE-2018-19015 (An attacker could inject commands to launch programs and
create, ...)
+ TODO: check
CVE-2018-19014
RESERVED
NOT-FOR-US: Drager patient monitoring medical devices
@@ -24379,8 +24405,7 @@ CVE-2018-16891
RESERVED
CVE-2018-16890
RESERVED
-CVE-2018-16889 [debug logging for v4 auth does not sanitize encryption keys]
- RESERVED
+CVE-2018-16889 (Ceph does not properly sanitize encryption keys in debug
logging for ...)
- ceph <unfixed> (low; bug #918969)
[stretch] - ceph <no-dsa> (Minor issue)
[jessie] - ceph <not-affected> (Vulnerable code not present)
@@ -28093,7 +28118,7 @@ CVE-2018-15520
CVE-2018-15519
RESERVED
CVE-2018-15518 (QXmlStream in Qt 5.x before 5.11.3 has a double-free or
corruption ...)
- {DLA-1627-1}
+ {DSA-4374-1 DLA-1627-1}
[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
- qtbase-opensource-src 5.11.3+dfsg-2
NOTE:
https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
@@ -40204,8 +40229,7 @@ CVE-2018-10911 (A flaw was found in the way
dic_unserialize function of glusterf
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601657
NOTE:
https://github.com/gluster/glusterfs/commit/cc3271ebf3aacdbbc77fdd527375af78ab12ea8d
-CVE-2018-10910 [ailure in disabling Bluetooth discoverability in certain cases
may lead to the unauthorized pairing of Bluetooth devices]
- RESERVED
+CVE-2018-10910 (A bug in Bluez may allow for the Bluetooth Discoverable state
being ...)
- bluez <unfixed>
[stretch] - bluez <ignored> (Minor issue, does not affected Gnome
Bluetooth in stretch)
[jessie] - bluez <no-dsa> (Minor issue because in gnome-bluetooth <=
3.26 the D-Bus calls were synchronous and thus the issue in bluez will have no
actual affect)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/aee3a5d4ced49cef69a85cf2ba66dd96e6073ee8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/aee3a5d4ced49cef69a85cf2ba66dd96e6073ee8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
