Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7c906253 by security tracker role at 2019-02-27T08:10:55Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2019-9209
+ RESERVED
+CVE-2019-9208
+ RESERVED
+CVE-2019-9207
+ RESERVED
+CVE-2019-9206
+ RESERVED
+CVE-2019-9205
+ RESERVED
+CVE-2019-9204
+ RESERVED
+CVE-2019-9203
+ RESERVED
+CVE-2019-9202
+ RESERVED
+CVE-2019-9201 (Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC
151 ...)
+ TODO: check
+CVE-2019-9200 (A heap-based buffer underwrite exists in ImageStream::getLine()
located ...)
+ TODO: check
+CVE-2019-9199 (PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp
in ...)
+ TODO: check
+CVE-2019-9198
+ RESERVED
+CVE-2019-9197
+ RESERVED
+CVE-2019-9196
+ RESERVED
CVE-2019-9195 (util/src/zip.rs in Grin before 1.0.2 mishandles suspicious
files in an ...)
NOT-FOR-US: Grin
CVE-2019-9194 (elFinder before 2.1.48 has a command injection vulnerability in
the PHP ...)
@@ -5066,8 +5094,8 @@ CVE-2019-7008
RESERVED
CVE-2019-7007
RESERVED
-CVE-2019-7006
- RESERVED
+CVE-2019-7006 (Avaya one-X Communicator uses weak cryptographic algorithms in
the ...)
+ TODO: check
CVE-2019-7005
RESERVED
CVE-2019-7004
@@ -17024,6 +17052,7 @@ CVE-2018-20098 (There is a heap-based buffer over-read
in ...)
NOTE:
https://github.com/Exiv2/exiv2/commit/eff0f52d0466d81beabf304e2500f3039fd90252
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206
CVE-2018-20097 (There is a SEGV in
Exiv2::Internal::TiffParserWorker::findPrimaryGroups ...)
+ {DLA-1691-1}
- exiv2 <unfixed> (low)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/590
@@ -22906,6 +22935,7 @@ CVE-2018-19537 (TP-Link Archer C5 devices through
V2_160201_US allow remote comm
CVE-2018-19536
RESERVED
CVE-2018-19535 (In Exiv2 0.26 and previous versions, PngChunk::readRawProfile
in ...)
+ {DLA-1691-1}
- exiv2 <unfixed> (bug #915135)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/428
@@ -24338,6 +24368,7 @@ CVE-2018-19110 (The skin-management feature in tianti
2.3 allows remote authenti
CVE-2018-19109 (tianti 2.3 allows remote authenticated users to bypass
intended ...)
NOT-FOR-US: tianti
CVE-2018-19108 (In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp
in the PSD ...)
+ {DLA-1691-1}
- exiv2 <unfixed> (bug #913272)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/426
@@ -24345,6 +24376,7 @@ CVE-2018-19108 (In Exiv2 0.26,
Exiv2::PsdImage::readMetadata in psdimage.cpp in
NOTE:
https://github.com/Exiv2/exiv2/commit/68966932510213b5656fcf433ab6d7e26f48e23b
NOTE:
https://github.com/Exiv2/exiv2/commit/b7c71f3ad0386cd7af3b73443c0615ada073f0d5
CVE-2018-19107 (In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called
from ...)
+ {DLA-1691-1}
- exiv2 <unfixed> (bug #913273)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/427
@@ -28300,6 +28332,7 @@ CVE-2018-17582 (Tcpreplay v4.3.0 beta1 contains a
heap-based buffer over-read. T
NOTE: https://github.com/appneta/tcpreplay/issues/484
NOTE:
https://github.com/appneta/tcpreplay/commit/68f67b1a3a4d319543692afb5bd5b191ec984287
CVE-2018-17581 (CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2
0.26 has ...)
+ {DLA-1691-1}
- exiv2 <unfixed> (low; bug #910060)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/460
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c906253127e61317265b44aae7c9972c7e863a4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c906253127e61317265b44aae7c9972c7e863a4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
