[Git][security-tracker-team/security-tracker][master] automatic update

Mon, 25 Feb 2019 12:11:20 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1339558c by security tracker role at 2019-02-25T20:10:26Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2019-9155
+       RESERVED
+CVE-2019-9154
+       RESERVED
+CVE-2019-9153
+       RESERVED
+CVE-2019-9152 (An issue was discovered in the HDF HDF5 1.10.4 library. There 
is an out ...)
+       TODO: check
+CVE-2019-9151 (An issue was discovered in the HDF HDF5 1.10.4 library. There 
is an out ...)
+       TODO: check
+CVE-2019-9150
+       RESERVED
+CVE-2019-9149
+       RESERVED
+CVE-2019-9148
+       RESERVED
+CVE-2019-9147
+       RESERVED
+CVE-2019-9146 (Jamf Self Service 10.9.0 allows man-in-the-middle attackers to 
obtain a ...)
+       TODO: check
+CVE-2019-9145 (An issue was discovered in Hsycms V1.1. There is an XSS 
vulnerability ...)
+       TODO: check
+CVE-2019-9144 (An issue was discovered in Exiv2 0.27. There is infinite 
recursion at ...)
+       TODO: check
+CVE-2019-9143 (An issue was discovered in Exiv2 0.27. There is infinite 
recursion at ...)
+       TODO: check
+CVE-2019-9142 (An issue was discovered in b3log Symphony (aka Sym) before 
v3.4.7. XSS ...)
+       TODO: check
+CVE-2019-9141
+       RESERVED
+CVE-2019-9140
+       RESERVED
+CVE-2019-9139
+       RESERVED
+CVE-2019-9138
+       RESERVED
+CVE-2019-9137
+       RESERVED
+CVE-2019-9136
+       RESERVED
+CVE-2019-9135
+       RESERVED
+CVE-2019-9134
+       RESERVED
+CVE-2019-9133
+       RESERVED
+CVE-2019-9132
+       RESERVED
 CVE-2019-9131
        RESERVED
 CVE-2019-9130
@@ -4066,7 +4114,8 @@ CVE-2017-18362 (ConnectWise ManagedITSync integration 
through 2017 for Kaseya VS
        NOT-FOR-US: ConnectWise ManagedITSync
 CVE-2016-1000282 (Haraka version 2.8.8 and earlier comes with a plugin for 
processing ...)
        NOT-FOR-US: Haraka
-CVE-2016-1000276 (Audacity version 2.1.2 is vulnerable to DLL Hijack, it tries 
to load ...)
+CVE-2016-1000276
+       REJECTED
        TODO: check, probably a dupe of CVE-2017-1000010
 CVE-2016-1000271 (Joomla extension DT Register version before 3.1.12 (Joomla 
3.x) / ...)
        NOT-FOR-US: Joomla extension
@@ -18713,8 +18762,8 @@ CVE-2019-1691 (A vulnerability in the detection engine 
of Cisco Firepower Threat
        NOT-FOR-US: Cisco
 CVE-2019-1690
        RESERVED
-CVE-2019-1689
-       RESERVED
+CVE-2019-1689 (A vulnerability in the client application for iOS of Cisco 
Webex Teams ...)
+       TODO: check
 CVE-2019-1688 (A vulnerability in the management web interface of Cisco 
Network ...)
        NOT-FOR-US: Cisco
 CVE-2019-1687
@@ -18725,8 +18774,8 @@ CVE-2019-1685 (A vulnerability in the Security 
Assertion Markup Language (SAML)
        NOT-FOR-US: Cisco
 CVE-2019-1684 (A vulnerability in the Cisco Discovery Protocol or Link Layer 
...)
        NOT-FOR-US: Cisco
-CVE-2019-1683
-       RESERVED
+CVE-2019-1683 (A vulnerability in the certificate handling component of the 
Cisco ...)
+       TODO: check
 CVE-2019-1682
        RESERVED
 CVE-2019-1681 (A vulnerability in the TFTP service of Cisco Network 
Convergence ...)
@@ -25565,13 +25614,13 @@ CVE-2018-18521 (Divide-by-zero vulnerabilities in the 
function arlib_add_symbols
        [stretch] - elfutils <no-dsa> (Minor issue)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23786
        NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html
-        NOTE: 
https://sourceware.org/git/?p=elfutils.git;a=commit;h=2b16a9be69939822dcafe075413468daac98b327
+       NOTE: 
https://sourceware.org/git/?p=elfutils.git;a=commit;h=2b16a9be69939822dcafe075413468daac98b327
 CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function 
elf_end in ...)
        - elfutils 0.175-1 (low; bug #911414)
        [stretch] - elfutils <no-dsa> (Minor issue)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23787
        NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html
-        NOTE: 
https://sourceware.org/git/?p=elfutils.git;a=commit;h=22d2d082d57a7470fadc0eae67179553f4919209
+       NOTE: 
https://sourceware.org/git/?p=elfutils.git;a=commit;h=22d2d082d57a7470fadc0eae67179553f4919209
 CVE-2018-18519 (BestXsoftware Best Free Keylogger 5.2.9 allows local users to 
gain ...)
        NOT-FOR-US: BestXsoftware Best Free Keylogger
 CVE-2018-18518
@@ -26202,7 +26251,7 @@ CVE-2018-18310 (An invalid memory address dereference 
was discovered in ...)
        [stretch] - elfutils <no-dsa> (Minor issue)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23752
        NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html
-        NOTE: 
https://sourceware.org/git/?p=elfutils.git;a=commit;h=20f9de9b5f704cec55df92406a50bcbcfca96acd
+       NOTE: 
https://sourceware.org/git/?p=elfutils.git;a=commit;h=20f9de9b5f704cec55df92406a50bcbcfca96acd
 CVE-2018-18309 (An issue was discovered in the Binary File Descriptor (BFD) 
library ...)
        [experimental] - binutils 2.31.51.20181022-1
        - binutils <unfixed>
@@ -106269,25 +106318,25 @@ CVE-2017-7613 (elflint.c in elfutils 0.168 does not 
validate the number of secti
        [wheezy] - elfutils <no-dsa> (Minor issue)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21312
        NOTE: 
https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/
-        NOTE: 
https://sourceware.org/git/?p=elfutils.git;a=commit;h=4314716cd498bb51639db717bd7ce6182de33322
+       NOTE: 
https://sourceware.org/git/?p=elfutils.git;a=commit;h=4314716cd498bb51639db717bd7ce6182de33322
 CVE-2017-7612 (The check_sysv_hash function in elflint.c in elfutils 0.168 
allows ...)
        - elfutils 0.168-1 (bug #859991)
        [wheezy] - elfutils <no-dsa> (Minor issue)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21311
        NOTE: 
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/
-        NOTE: 
https://sourceware.org/git/?p=elfutils.git;a=commit;h=61fe61898747f63eb35a81c2261f3590a3dab8fd
+       NOTE: 
https://sourceware.org/git/?p=elfutils.git;a=commit;h=61fe61898747f63eb35a81c2261f3590a3dab8fd
 CVE-2017-7611 (The check_symtab_shndx function in elflint.c in elfutils 0.168 
allows ...)
        - elfutils 0.168-1 (bug #859992)
        [wheezy] - elfutils <no-dsa> (Minor issue)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21310
        NOTE: 
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/
-        NOTE: 
https://sourceware.org/git/?p=elfutils.git;a=commit;h=9a0d9d314a6342b56e3277bd7ad7ecb6e73a7d38
+       NOTE: 
https://sourceware.org/git/?p=elfutils.git;a=commit;h=9a0d9d314a6342b56e3277bd7ad7ecb6e73a7d38
 CVE-2017-7610 (The check_group function in elflint.c in elfutils 0.168 allows 
remote ...)
        - elfutils 0.168-1 (bug #859993)
        [wheezy] - elfutils <no-dsa> (Minor issue)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21320
        NOTE: 
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/
-        NOTE: 
https://sourceware.org/git/?p=elfutils.git;a=commit;h=fb6709f1a41b58a9557ea45b7f53ae678c660b21
+       NOTE: 
https://sourceware.org/git/?p=elfutils.git;a=commit;h=fb6709f1a41b58a9557ea45b7f53ae678c660b21
 CVE-2017-7609 (elf_compress.c in elfutils 0.168 does not validate the zlib 
compression ...)
        - elfutils 0.168-1 (bug #859994)
        [jessie] - elfutils <not-affected> (Vulnerable code not present)
@@ -106299,7 +106348,7 @@ CVE-2017-7608 (The ebl_object_note_type_name function 
in eblobjnotetypename.c in
        [wheezy] - elfutils <no-dsa> (Minor issue)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21300
        NOTE: 
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/
-        NOTE: 
https://sourceware.org/git/?p=elfutils.git;a=commit;h=b0b58c5e0b34e54194aa042f2310af58ee7de603
+       NOTE: 
https://sourceware.org/git/?p=elfutils.git;a=commit;h=b0b58c5e0b34e54194aa042f2310af58ee7de603
 CVE-2017-7607 (The handle_gnu_hash function in readelf.c in elfutils 0.168 
allows ...)
        - elfutils 0.168-1 (bug #859996)
        [jessie] - elfutils <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1339558c266e161c3d26516e48d016d65dd471e0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1339558c266e161c3d26516e48d016d65dd471e0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to