Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9a13ddea by security tracker role at 2019-02-07T08:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2019-7579
+ RESERVED
+CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 has ...)
+ TODO: check
+CVE-2019-7577 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 has ...)
+ TODO: check
+CVE-2019-7576 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 has ...)
+ TODO: check
+CVE-2019-7575 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 has ...)
+ TODO: check
+CVE-2019-7574 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 has ...)
+ TODO: check
+CVE-2019-7573 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 has ...)
+ TODO: check
+CVE-2019-7572 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 has ...)
+ TODO: check
+CVE-2019-7571
+ RESERVED
+CVE-2019-7570 (A CSRF vulnerability was found in PbootCMS v1.3.6 that can
delete users ...)
+ TODO: check
+CVE-2019-7569 (An issue was discovered in DOYO (aka doyocms) 2.3(20140425
update). ...)
+ TODO: check
+CVE-2019-7568 (An issue was discovered in baijiacms V4 that can result in
time-based ...)
+ TODO: check
+CVE-2019-7567 (An issue was discovered in Waimai Super Cms 20150505. ...)
+ TODO: check
+CVE-2019-7566 (CSZ CMS 1.1.8 has CSRF via admin/users/new/add. ...)
+ TODO: check
+CVE-2019-7565
+ RESERVED
+CVE-2019-7564
+ RESERVED
+CVE-2019-7563
+ RESERVED
+CVE-2019-7562
+ RESERVED
+CVE-2019-7561
+ RESERVED
+CVE-2019-7560 (In parser/btorsmt2.c in Boolector 3.0.0, opening a specially
crafted ...)
+ TODO: check
+CVE-2019-7559 (In btor2parser/btor2parser.c in Boolector Btor2Tools before
2019-01-15, ...)
+ TODO: check
+CVE-2019-7558
+ RESERVED
+CVE-2019-7557
+ RESERVED
+CVE-2019-7556
+ RESERVED
+CVE-2019-7555
+ RESERVED
+CVE-2019-7554
+ RESERVED
+CVE-2019-7553
+ RESERVED
+CVE-2019-7552
+ RESERVED
+CVE-2019-7551
+ RESERVED
+CVE-2019-7550
+ RESERVED
+CVE-2019-7549
+ RESERVED
+CVE-2019-7548 (SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter
can be ...)
+ TODO: check
+CVE-2019-7547 (An issue was discovered in SIDU 6.0. Because the database name
is not ...)
+ TODO: check
+CVE-2019-7546 (An issue was discovered in SIDU 6.0. The dbs parameter of the
conn.php ...)
+ TODO: check
+CVE-2019-7545 (In DbNinja 3.2.7, the Add Host function of the Manage Hosts
pages has a ...)
+ TODO: check
+CVE-2019-7544 (An issue was discovered in MyWebSQL 3.7. The Add User function
of the ...)
+ TODO: check
+CVE-2019-7543 (In KindEditor 4.1.11, the php/demo.php content1 parameter has a
...)
+ TODO: check
+CVE-2019-7542
+ RESERVED
+CVE-2018-20763 (In GPAC through 0.7.2, gf_text_get_utf8_line in ...)
+ TODO: check
+CVE-2018-20762 (GPAC version 0.7.2 and earlier has a buffer overflow
vulnerability in ...)
+ TODO: check
+CVE-2018-20761 (GPAC version 0.7.2 and earlier has a Buffer Overflow
vulnerability in ...)
+ TODO: check
+CVE-2018-20760 (In GPAC 0.7.2, gf_text_get_utf8_line in
media_tools/text_import.c in ...)
+ TODO: check
CVE-2019-7541
RESERVED
CVE-2019-7540
@@ -2418,8 +2502,7 @@ CVE-2019-6519 (WebAccess/SCADA, Version 8.3. An improper
authentication vulnerab
NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-6518
RESERVED
-CVE-2019-6517
- RESERVED
+CVE-2019-6517 (BD FACSLyric Research Use Only, Windows 10 Professional
Operating ...)
NOT-FOR-US: BD FACSLyric
CVE-2019-6516
RESERVED
@@ -2521,7 +2604,7 @@ CVE-2019-6488 (The string component in the GNU C Library
(aka glibc or libc6) th
CVE-2019-6487 (TP-Link WDR Series devices through firmware v3 (such as
TL-WDR5620 ...)
NOT-FOR-US: TP-Link
CVE-2019-6486 (Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and
P-384 ...)
- {DSA-4380-1 DSA-4379-1}
+ {DSA-4380-1 DSA-4379-1 DLA-1664-1}
- golang-1.12 1.12~beta2-2 (bug #920548)
- golang-1.11 1.11.5-1
- golang-1.10 <removed>
@@ -5933,6 +6016,7 @@ CVE-2019-5011
RESERVED
CVE-2019-5010 [NULL pointer dereference using a specially crafted X509
certificate]
RESERVED
+ {DLA-1663-1}
- python3.7 3.7.2-2 (bug #921064)
- python3.6 <unfixed> (bug #921063)
- python3.5 <removed>
@@ -8344,28 +8428,26 @@ CVE-2019-3826 [Stored DOM cross-site scripting (XSS)
attack via crafted URL]
- prometheus <unfixed>
[stretch] - prometheus <not-affected> (Only affects 2.1.0 onwards)
NOTE: https://github.com/prometheus/prometheus/pull/5163
-CVE-2019-3825 [lock screen bypass when timed login is enabled]
- RESERVED
+CVE-2019-3825 (A vulnerability was discovered in gdm before 3.31.4. When timed
login ...)
- gdm3 <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/gdm/issues/460
CVE-2019-3824
RESERVED
-CVE-2019-3823 [curl: SMTP end-of-response out-of-bounds read]
- RESERVED
+CVE-2019-3823 (libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to
a heap ...)
+ {DSA-4386-1}
- curl 7.64.0-1
NOTE: https://curl.haxx.se/docs/CVE-2019-3823.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484
NOTE: Introduced by:
https://github.com/curl/curl/commit/2766262a68688c1dd8143f9c4be84b46c408b70a
-CVE-2019-3822 [curl: NTLMv2 type-3 header stack buffer overflow]
- RESERVED
+CVE-2019-3822 (libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to
a ...)
+ {DSA-4386-1}
- curl 7.64.0-1
NOTE: https://curl.haxx.se/docs/CVE-2019-3822.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/50c9484278c63b958655a717844f0721263939cc
NOTE: Introduced by:
https://github.com/curl/curl/commit/86724581b6c02d160b52f817550cfdfc9c93af62
CVE-2019-3821
RESERVED
-CVE-2019-3820 [partial lock screen bypass]
- RESERVED
+CVE-2019-3820 (It was discovered that the gnome-shell lock screen since
version ...)
- gnome-shell 3.30.2-3 (bug #921490)
[jessie] - gnome-shell <not-affected> (Vulnerable code not present)
NOTE: Introduced by: https://bugzilla.gnome.org/show_bug.cgi?id=745039
@@ -10019,6 +10101,7 @@ CVE-2018-20408 (An issue was discovered in Bento4
1.5.1-627. There is a memory l
CVE-2018-20407 (An issue was discovered in Bento4 1.5.1-627. There is a memory
leak in ...)
NOT-FOR-US: Bento4
CVE-2018-20406 (Modules/_pickle.c in Python before 3.7.1 has an integer
overflow via a ...)
+ {DLA-1663-1}
- python3.7 3.7.0-7
- python3.6 3.6.7~rc1-1
- python3.5 <removed>
@@ -10619,7 +10702,7 @@ CVE-2018-20248 (In Foxit Quick PDF Library (all
versions prior to 16.12), issue
CVE-2018-20247 (In Foxit Quick PDF Library (all versions prior to 16.12),
issue where ...)
NOT-FOR-US: Foxit Quick PDF Library
CVE-2018-20246
- RESERVED
+ REJECTED
CVE-2018-20245 (The LDAP auth backend
(airflow.contrib.auth.backends.ldap_auth) prior ...)
NOT-FOR-US: Apache Airflow
CVE-2018-20244
@@ -25244,7 +25327,7 @@ CVE-2018-17204 (An issue was discovered in Open vSwitch
(OvS) 2.7.x through 2.7.
NOTE:
https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde
(branch-2.7)
NOTE: ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
CVE-2018-17203
- RESERVED
+ REJECTED
CVE-2018-17202
RESERVED
CVE-2018-17201
@@ -25991,8 +26074,8 @@ CVE-2018-16892
RESERVED
CVE-2018-16891
RESERVED
-CVE-2018-16890 [curl: NTLM type-2 out-of-bounds buffer read]
- RESERVED
+CVE-2018-16890 (libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to
a heap ...)
+ {DSA-4386-1}
- curl 7.64.0-1
NOTE: https://curl.haxx.se/docs/CVE-2018-16890.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb
@@ -47417,6 +47500,7 @@ CVE-2018-8791 (rdesktop versions up to and including
v1.8.3 contain an Out-Of-Bo
CVE-2018-8790
RESERVED
CVE-2018-8789 (FreeRDP prior to version 2.0.0-rc4 contains several
Out-Of-Bounds ...)
+ {DLA-1666-1}
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6
@@ -47425,10 +47509,12 @@ CVE-2018-8788 (FreeRDP prior to version 2.0.0-rc4
contains an Out-Of-Bounds Writ
- freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659
CVE-2018-8787 (FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow
that ...)
+ {DLA-1666-1}
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a
CVE-2018-8786 (FreeRDP prior to version 2.0.0-rc4 contains an Integer
Truncation that ...)
+ {DLA-1666-1}
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3
@@ -49774,8 +49860,8 @@ CVE-2018-7841
RESERVED
CVE-2018-7840
RESERVED
-CVE-2018-7839
- RESERVED
+CVE-2018-7839 (A Cryptographic Issue (CWE-310) vulnerability exists in IIoT
Monitor ...)
+ TODO: check
CVE-2018-7838
RESERVED
CVE-2018-7837 (An Improper Restriction of XML External Entity Reference
('XXE') ...)
@@ -49818,16 +49904,16 @@ CVE-2018-7819
RESERVED
CVE-2018-7818
RESERVED
-CVE-2018-7817
- RESERVED
+CVE-2018-7817 (A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2
v5.1 ...)
+ TODO: check
CVE-2018-7816
RESERVED
-CVE-2018-7815
- RESERVED
-CVE-2018-7814
- RESERVED
-CVE-2018-7813
- RESERVED
+CVE-2018-7815 (A Type Confusion (CWE-843) vulnerability exists in Eurotherm by
...)
+ TODO: check
+CVE-2018-7814 (A Stack-based Buffer Overflow (CWE-121) vulnerability exists in
...)
+ TODO: check
+CVE-2018-7813 (A Type Confusion (CWE-843) vulnerability exists in Eurotherm by
...)
+ TODO: check
CVE-2018-7812 (An Information Exposure through Discrepancy vulnerability
exists in ...)
NOT-FOR-US: Schneider Electric
CVE-2018-7811 (An Unverified Password Change vulnerability exists in the
embedded web ...)
@@ -61275,10 +61361,10 @@ CVE-2018-3983
RESERVED
CVE-2018-3982 (An exploitable arbitrary write vulnerability exists in the Word
...)
NOT-FOR-US: Atlantis Word Processor
-CVE-2018-3981 (An exploitable uninitialized pointer vulnerability exists in
the Word ...)
+CVE-2018-3981 (An exploitable out-of-bounds write exists in the TIFF-parsing
...)
NOT-FOR-US: Atlantis Word Processor
-CVE-2018-3980
- RESERVED
+CVE-2018-3980 (An exploitable out-of-bounds write exists in the TIFF-parsing
...)
+ TODO: check
CVE-2018-3979
RESERVED
CVE-2018-3978 (An exploitable out-of-bounds write vulnerability exists in the
Word ...)
@@ -61292,14 +61378,14 @@ CVE-2018-3977 (An exploitable code execution
vulnerability exists in the XCF ima
[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645
NOTE: https://hg.libsdl.org/SDL_image/rev/170d7d32e4a8
-CVE-2018-3976
- RESERVED
+CVE-2018-3976 (An exploitable out-of-bounds write exists in the CALS Raster
file ...)
+ TODO: check
CVE-2018-3975 (An exploitable uninitialized variable vulnerability exists in
the ...)
NOT-FOR-US: Atlantis Word Processor
CVE-2018-3974
RESERVED
-CVE-2018-3973
- RESERVED
+CVE-2018-3973 (An exploitable out of bounds write exists in the CAL parsing
...)
+ TODO: check
CVE-2018-3972 (An exploitable code execution vulnerability exists in the Levin
...)
NOT-FOR-US: Epee library
CVE-2018-3971 (An exploitable arbitrary write vulnerability exists in the
0x2222CC ...)
@@ -136665,7 +136751,7 @@ CVE-2016-5687 (The VerticalFilter function in the DDS
coder in ImageMagick befor
NOTE:
https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/0b7172f2ba2c9e664d4df148e7d6e14a50edb57a
CVE-2016-5699 (CRLF injection vulnerability in the HTTPConnection.putheader
function ...)
- {DLA-522-1}
+ {DLA-1663-1 DLA-522-1}
- python3.5 <not-affected> (Fixed with initial upload to Debian)
- python3.4 3.4.4~rc1-1
- python2.7 2.7.10~rc1-1
@@ -137236,7 +137322,7 @@ CVE-2016-6211 (The User module in Drupal 7.x before
7.44 allows remote authentic
NOTE: https://gist.github.com/lamby/4697fea399f3f01ca6de3ce9ed79fce7
tarball diff
NOTE: https://gist.github.com/lamby/dbeda4d49f48a32aa0dd4b3ed7f06a13
filtered diff
CVE-2016-5636 (Integer overflow in the get_data function in zipimport.c in
CPython ...)
- {DLA-522-1}
+ {DLA-1663-1 DLA-522-1}
- python3.5 3.5.2~rc1-1
- python3.4 <removed>
- python2.7 2.7.12~rc1-1
@@ -153100,7 +153186,7 @@ CVE-2016-0773 (PostgreSQL before 9.1.20, 9.2.x before
9.2.15, 9.3.x before 9.3.1
[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only
provides PL/Perl)
NOTE:
http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=3bb3f42f3749d40b8d4de65871e8d828b18d4a45
CVE-2016-0772 (The smtplib library in CPython (aka Python) before 2.7.12, 3.x
before ...)
- {DLA-871-1 DLA-522-1}
+ {DLA-1663-1 DLA-871-1 DLA-522-1}
- python3.5 3.5.2~rc1-1
- python3.4 <removed>
- python3.2 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a13ddea2f9428e904b76ab0bfa3493bf8b80892
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a13ddea2f9428e904b76ab0bfa3493bf8b80892
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
