Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
00540ac4 by security tracker role at 2019-03-01T08:10:23Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2019-9487
+ RESERVED
+CVE-2019-9486
+ RESERVED
+CVE-2019-9485
+ RESERVED
+CVE-2019-9484 (The Glen Dimplex Deutschland GmbH implementation of the Carel
pCOWeb ...)
+ TODO: check
+CVE-2019-9483 (Amazon Ring Doorbell before 3.4.7 mishandles encryption, which
allows ...)
+ TODO: check
+CVE-2019-9482 (In MISP 2.4.102, an authenticated user can view sightings that
they ...)
+ TODO: check
CVE-2019-9481
RESERVED
CVE-2019-9480
@@ -607,6 +619,7 @@ CVE-2019-9188
RESERVED
CVE-2019-9187 [Server-side request forgery via aggregate plugin]
RESERVED
+ {DSA-4399-1}
- ikiwiki 3.20190228-1
NOTE: https://ikiwiki.info/security/#cve-2019-9187
NOTE: https://www.openwall.com/lists/oss-security/2019/02/28/1
@@ -1063,7 +1076,7 @@ CVE-2019-9025 (An issue was discovered in PHP 7.3.x
before 7.3.1. An invalid mul
NOTE: Fixed in 7.3.1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77367
CVE-2019-9024 (An issue was discovered in PHP before 5.6.40, 7.x before
7.1.26, 7.2.x ...)
- {DLA-1679-1}
+ {DSA-4398-1 DLA-1679-1}
- php7.3 7.3.1-1
- php7.0 <removed>
- php5 <removed>
@@ -1071,7 +1084,7 @@ CVE-2019-9024 (An issue was discovered in PHP before
5.6.40, 7.x before 7.1.26,
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77380
NOTE:
https://github.com/php/php-src/commit/4feb9e66ff9636ad44bc23a91b7ebd37d83ddf1d
(7.1)
CVE-2019-9023 (An issue was discovered in PHP before 5.6.40, 7.x before
7.1.26, 7.2.x ...)
- {DLA-1679-1}
+ {DSA-4398-1 DLA-1679-1}
- php7.3 7.3.1-1
- php7.0 <removed>
- php5 <removed>
@@ -1088,6 +1101,7 @@ CVE-2019-9023 (An issue was discovered in PHP before
5.6.40, 7.x before 7.1.26,
NOTE:
https://github.com/php/php-src/commit/28362ed4fae6969b5a8878591a5a06eadf114e03
(7.1)
NOTE:
https://github.com/php/php-src/commit/9d6c59eeea88a3e9d7039cb4fed5126ef704593a
(7.1)
CVE-2019-9022 (An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before
7.2.14, ...)
+ {DSA-4398-1}
- php7.3 7.3.2-1
- php7.0 <removed>
- php5 <removed>
@@ -1095,7 +1109,7 @@ CVE-2019-9022 (An issue was discovered in PHP 7.x before
7.1.26, 7.2.x before 7.
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77369
NOTE:
https://github.com/php/php-src/commit/8d3dfabef459fe7815e8ea2fd68753fd17859d7b
(7.1)
CVE-2019-9021 (An issue was discovered in PHP before 5.6.40, 7.x before
7.1.26, 7.2.x ...)
- {DLA-1679-1}
+ {DSA-4398-1 DLA-1679-1}
- php7.3 7.3.1-1
- php7.0 <removed>
- php5 <removed>
@@ -1103,7 +1117,7 @@ CVE-2019-9021 (An issue was discovered in PHP before
5.6.40, 7.x before 7.1.26,
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77247
NOTE:
https://github.com/php/php-src/commit/78bd3477745f1ada9578a79f61edb41886bec1cb
(7.1)
CVE-2019-9020 (An issue was discovered in PHP before 5.6.40, 7.x before
7.1.26, 7.2.x ...)
- {DLA-1679-1}
+ {DSA-4398-1 DLA-1679-1}
- php7.3 7.3.1-1
- php7.0 <removed>
- php5 <removed>
@@ -1317,6 +1331,7 @@ CVE-2019-8943 (WordPress through 5.0.3 allows Path
Traversal in wp_crop_image().
- wordpress <unfixed>
NOTE:
https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
CVE-2019-8942 (WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code
...)
+ {DSA-4401-1}
- wordpress 5.0.1+dfsg1-1
NOTE:
https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
NOTE: Issue fixed in 4.9.9 and 5.0.1 upstream
@@ -1395,6 +1410,7 @@ CVE-2019-8909 (An issue was discovered in WTCMS 1.0. It
allows remote attackers
CVE-2019-8908 (An issue was discovered in WTCMS 1.0. It allows remote
attackers to ...)
NOT-FOR-US: WTCMS
CVE-2019-8907 (do_core_note in readelf.c in libmagic.a in file 5.35 allows
remote ...)
+ {DLA-1698-1}
- file <unfixed> (bug #922968)
NOTE: https://bugs.astron.com/view.php?id=65
NOTE:
https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b
@@ -1406,6 +1422,7 @@ CVE-2019-8906 (do_core_note in readelf.c in libmagic.a in
file 5.35 has an ...)
NOTE: Introduced by:
https://github.com/file/file/commit/0ac0678c52e248fd2a632a84b638694f205aef9d
(FILE5_31)
NOTE: Fixed by:
https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f
(FILE5_36)
CVE-2019-8905 (do_core_note in readelf.c in libmagic.a in file 5.35 has a
stack-based ...)
+ {DLA-1698-1}
- file <unfixed> (bug #922968)
NOTE: https://bugs.astron.com/view.php?id=63
NOTE:
https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b
@@ -2631,7 +2648,7 @@ CVE-2019-8313 (An issue was discovered on D-Link DIR-878
devices with firmware 1
NOT-FOR-US: D-Link
CVE-2019-8312 (An issue was discovered on D-Link DIR-878 devices with firmware
1.12A1. ...)
NOT-FOR-US: D-Link
-CVE-2019-8337 (In msmtp 1.8.2, when tls_trust_file has its default
configuration, ...)
+CVE-2019-8337 (In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its
default configuration, certificate-verification results are not properly
checked. ...)
- mpop 1.4.3-1
[stretch] - mpop <not-affected> (Vulnerable code introduced later)
[jessie] - mpop <not-affected> (Vulnerable code introduced later)
@@ -6725,24 +6742,24 @@ CVE-2019-6557
RESERVED
CVE-2019-6556
RESERVED
-CVE-2019-6555
- RESERVED
+CVE-2019-6555 (Cscape, 9.80 SP4 and prior. An improper input validation
vulnerability ...)
+ TODO: check
CVE-2019-6554
RESERVED
CVE-2019-6553
RESERVED
CVE-2019-6552
RESERVED
-CVE-2019-6551
- RESERVED
+CVE-2019-6551 (Pangea Communications Internet FAX ATA all Versions 3.1.8 and
prior ...)
+ TODO: check
CVE-2019-6550
RESERVED
CVE-2019-6549 (An attacker could retrieve plain-text credentials stored in a
XML file ...)
NOT-FOR-US: PR100088 Modbus
CVE-2019-6548
RESERVED
-CVE-2019-6547
- RESERVED
+CVE-2019-6547 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor
Version ...)
+ TODO: check
CVE-2019-6546
RESERVED
CVE-2019-6545 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1
SP3 and ...)
@@ -6973,6 +6990,7 @@ CVE-2019-6466
RESERVED
CVE-2019-6465 [Zone transfer controls for writable DLZ zones were not
effective]
RESERVED
+ {DLA-1697-1}
- bind9 1:9.11.5.P4+dfsg-1 (bug #922955)
NOTE: https://kb.isc.org/docs/cve-2019-6465
NOTE:
https://gitlab.isc.org/isc-projects/bind9/commit/a9307de85e147f4756c75d15aa221d2262df7d67
@@ -12838,7 +12856,7 @@ CVE-2019-3825 (A vulnerability was discovered in gdm
before 3.31.4. When timed l
NOTE: https://gitlab.gnome.org/GNOME/gdm/issues/460
CVE-2019-3824 [Out of bound read in ldb_wildcard_compare]
RESERVED
- {DSA-4397-1}
+ {DSA-4397-1 DLA-1699-1}
- ldb 2:1.5.1+really1.4.3-2
- samba <unfixed> (unimportant)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13773
@@ -17499,33 +17517,33 @@ CVE-2019-2395 (Vulnerability in the Oracle WebLogic
Server component of Oracle F
CVE-2018-20146 (An issue was discovered in Liquidware ProfileUnity before
6.8.0 with ...)
NOT-FOR-US: Liquidware ProfileUnity
CVE-2018-20153 (In WordPress before 4.9.9 and 5.x before 5.0.1, contributors
could ...)
- {DLA-1673-1}
+ {DSA-4401-1 DLA-1673-1}
- wordpress 5.0.1+dfsg1-1 (bug #916403)
NOTE:
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
CVE-2018-20152 (In WordPress before 4.9.9 and 5.x before 5.0.1, authors could
bypass ...)
- {DLA-1673-1}
+ {DSA-4401-1 DLA-1673-1}
- wordpress 5.0.1+dfsg1-1 (bug #916403)
NOTE:
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
CVE-2018-20151 (In WordPress before 4.9.9 and 5.x before 5.0.1, the
user-activation ...)
- {DLA-1673-1}
+ {DSA-4401-1 DLA-1673-1}
- wordpress 5.0.1+dfsg1-1 (bug #916403)
NOTE:
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
CVE-2018-20150 (In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs
could ...)
- {DLA-1673-1}
+ {DSA-4401-1 DLA-1673-1}
- wordpress 5.0.1+dfsg1-1 (bug #916403)
NOTE:
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
NOTE:
https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
CVE-2018-20149 (In WordPress before 4.9.9 and 5.x before 5.0.1, when the
Apache HTTP ...)
- {DLA-1673-1}
+ {DSA-4401-1 DLA-1673-1}
- wordpress 5.0.1+dfsg1-1 (bug #916403)
NOTE:
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
NOTE:
https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
CVE-2018-20148 (In WordPress before 4.9.9 and 5.x before 5.0.1, contributors
could ...)
- {DLA-1673-1}
+ {DSA-4401-1 DLA-1673-1}
- wordpress 5.0.1+dfsg1-1 (bug #916403)
NOTE:
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
CVE-2018-20147 (In WordPress before 4.9.9 and 5.x before 5.0.1, authors could
modify ...)
- {DLA-1673-1}
+ {DSA-4401-1 DLA-1673-1}
- wordpress 5.0.1+dfsg1-1 (bug #916403)
NOTE:
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
CVE-2018-20144 [Arbitrary File read in GitLab project import with Git LFS]
@@ -20550,6 +20568,7 @@ CVE-2019-1561
CVE-2019-1560
RESERVED
CVE-2019-1559 (If an application encounters a fatal protocol error and then
calls ...)
+ {DSA-4400-1}
- openssl1.0 <unfixed>
- openssl 1.1.0b-2
NOTE: OpenSSL_1_0_2-stable:
https://git.openssl.org/?p=openssl.git;a=commit;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e
@@ -61408,6 +61427,7 @@ CVE-2018-5746
RESERVED
CVE-2018-5745 [An assertion failure can occur if a trust anchor rolls over to
an unsupported key algorithm when using managed-keys]
RESERVED
+ {DLA-1697-1}
- bind9 1:9.11.5.P4+dfsg-1 (bug #922954)
NOTE: https://kb.isc.org/docs/cve-2018-5745
NOTE:
https://gitlab.isc.org/isc-projects/bind9/commit/235a64a5a4c0143b183bd55f6ed756741d4d7880
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/00540ac4323e6438127fb2bfccf6cfba98cc6b5a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/00540ac4323e6438127fb2bfccf6cfba98cc6b5a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
