Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e7e16f99 by security tracker role at 2019-04-09T08:10:10Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2019-11027
+ RESERVED
+CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0
has infini ...)
+ TODO: check
+CVE-2019-11025 (In clearFilter() in utilities.php in Cacti before 1.2.3, no
escaping o ...)
+ TODO: check
+CVE-2019-11024 (The load_pnm function in frompnm.c in libsixel.a in libsixel
1.8.2 has ...)
+ TODO: check
+CVE-2019-11023 (The agroot() function in cgraph\obj.c in libcgraph.a in
Graphviz 2.39. ...)
+ TODO: check
+CVE-2019-11022
+ RESERVED
+CVE-2019-11021
+ RESERVED
+CVE-2019-11020
+ RESERVED
+CVE-2019-11019
+ RESERVED
+CVE-2019-11018 (application\admin\controller\User.php in ThinkAdmin V4.0 does
not prev ...)
+ TODO: check
+CVE-2019-11017
+ RESERVED
+CVE-2019-11016 (Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open
redirect. ...)
+ TODO: check
+CVE-2019-11015
+ RESERVED
+CVE-2019-11014 (The VStarCam vstc.vscam.client library and vstc.vscam shared
object, a ...)
+ TODO: check
+CVE-2019-11013
+ RESERVED
+CVE-2019-11012
+ RESERVED
CVE-2019-11011
RESERVED
CVE-2019-11010 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory
leak in ...)
@@ -239,26 +271,26 @@ CVE-2019-10904 (Roundup 1.6 allows XSS via the URI
because frontends/roundup.cgi
NOTE: https://github.com/python/bugs.python.org/issues/34
NOTE: https://issues.roundup-tracker.org/issue2551035
NOTE:
https://bitbucket.org/python/roundup/commits/51682dc2cd7e28421d749117c25bec58f632ee5f
-CVE-2019-10903
- RESERVED
-CVE-2019-10902
- RESERVED
-CVE-2019-10901
- RESERVED
-CVE-2019-10900
- RESERVED
-CVE-2019-10899
- RESERVED
-CVE-2019-10898
- RESERVED
-CVE-2019-10897
- RESERVED
-CVE-2019-10896
- RESERVED
-CVE-2019-10895
- RESERVED
-CVE-2019-10894
- RESERVED
+CVE-2019-10903 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the
DCERPC SP ...)
+ TODO: check
+CVE-2019-10902 (In Wireshark 3.0.0, the TSDNS dissector could crash. This was
addresse ...)
+ TODO: check
+CVE-2019-10901 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the
LDSS diss ...)
+ TODO: check
+CVE-2019-10900 (In Wireshark 3.0.0, the Rbm dissector could go into an
infinite loop. ...)
+ TODO: check
+CVE-2019-10899 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the
SRVLOC di ...)
+ TODO: check
+CVE-2019-10898 (In Wireshark 3.0.0, the GSUP dissector could go into an
infinite loop. ...)
+ TODO: check
+CVE-2019-10897 (In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an
infinit ...)
+ TODO: check
+CVE-2019-10896 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the
DOF disse ...)
+ TODO: check
+CVE-2019-10895 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the
NetScaler ...)
+ TODO: check
+CVE-2019-10894 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the
GSS-API d ...)
+ TODO: check
CVE-2019-10893
RESERVED
CVE-2019-10892
@@ -924,16 +956,16 @@ CVE-2019-10636
RESERVED
CVE-2019-10635
RESERVED
-CVE-2019-10634
- RESERVED
-CVE-2019-10633
- RESERVED
-CVE-2019-10632
- RESERVED
-CVE-2019-10631
- RESERVED
-CVE-2019-10630
- RESERVED
+CVE-2019-10634 (An XSS vulnerability in the Zyxel NAS 326 version 5.21 and
below allow ...)
+ TODO: check
+CVE-2019-10633 (An eval injection vulnerability in the Python web server
routing on th ...)
+ TODO: check
+CVE-2019-10632 (A directory traversal vulnerability in the file browser
component on t ...)
+ TODO: check
+CVE-2019-10631 (Shell Metacharacter Injection in the package installer on
Zyxel NAS 32 ...)
+ TODO: check
+CVE-2019-10630 (A plaintext password vulnerability in the Zyxel NAS 326
through 5.21 a ...)
+ TODO: check
CVE-2019-10629
RESERVED
CVE-2019-10628
@@ -4012,6 +4044,7 @@ CVE-2019-9633 (gio/gsocketclient.c in GNOME GLib 2.59.2
does not ensure that a p
CVE-2019-9632 (ESAFENET CDG V3 and V5 has an arbitrary file download
vulnerability vi ...)
NOT-FOR-US: ESAFENET CDG
CVE-2019-9631 (Poppler 0.74.0 has a heap-based buffer over-read in the
CairoRescaleBo ...)
+ {DLA-1752-1}
- poppler <unfixed> (bug #926673)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/736
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/8122f6d6d409b53151a20c5578fc525ee97315e8
@@ -17558,6 +17591,7 @@ CVE-2019-3843
RESERVED
CVE-2019-3842 [unsafe environment usage in pam_systemd]
RESERVED
+ {DSA-4428-1}
- systemd 241-3
NOTE: https://bugs.launchpad.net/bugs/1812316
NOTE:
https://github.com/systemd/systemd/commit/83d4ab55336ff8a0643c6aa627b31e351a24040a
@@ -24170,8 +24204,7 @@ CVE-2019-1800
RESERVED
CVE-2019-1799
RESERVED
-CVE-2019-1798 [A use-after-free condition may occur when scanning nested RAR
archives]
- RESERVED
+CVE-2019-1798 (A vulnerability in the Portable Executable (PE) file scanning
function ...)
- libclamunrar 0.101.2-1
[stretch] - libclamunrar <not-affected> (Vulnerable code only present
in 0.101.1 and 0.101.0)
[jessie] - libclamunrar <not-affected> (Vulnerable code only present in
0.101.1 and 0.101.0)
@@ -24200,13 +24233,11 @@ CVE-2019-1789 [An out-of-bounds heap read condition
when scanning PE files]
- clamav 0.101.2+dfsg-1
[stretch] - clamav <no-dsa> (Already fixed via SUA, pending inclusion
in next point release)
NOTE:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
-CVE-2019-1788 [An out-of-bounds heap write condition when scanning OLE2 files]
- RESERVED
+CVE-2019-1788 (A vulnerability in the Object Linking & Embedding (OLE2)
file scan ...)
- clamav 0.101.2+dfsg-1
[stretch] - clamav <no-dsa> (Already fixed via SUA, pending inclusion
in next point release)
NOTE:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
-CVE-2019-1787 [An out-of-bounds heap read condition when scanning PDF
documents]
- RESERVED
+CVE-2019-1787 (A vulnerability in the Portable Document Format (PDF) scanning
functio ...)
- clamav 0.101.2+dfsg-1
[stretch] - clamav <no-dsa> (Already fixed via SUA, pending inclusion
in next point release)
NOTE:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
@@ -27057,8 +27088,8 @@ CVE-2019-0823
RESERVED
CVE-2019-0822
RESERVED
-CVE-2019-0821
- RESERVED
+CVE-2019-0821 (An information disclosure vulnerability exists in the way that
the Win ...)
+ TODO: check
CVE-2019-0820
RESERVED
CVE-2019-0819
@@ -27067,8 +27098,7 @@ CVE-2019-0818
RESERVED
CVE-2019-0817
RESERVED
-CVE-2019-0816 [extra ssh keys added to authorized_keys]
- RESERVED
+CVE-2019-0816 (A security feature bypass exists in Azure SSH Keypairs, due to
a chang ...)
- cloud-init <unfixed> (low; bug #926043)
[buster] - cloud-init <no-dsa> (Doesn't affect default provisioning for
Azure, only limited use cases)
[stretch] - cloud-init <no-dsa> (Doesn't affect default provisioning
for Azure, only limited use cases)
@@ -27087,18 +27117,17 @@ CVE-2019-0811
RESERVED
CVE-2019-0810
RESERVED
-CVE-2019-0809
- RESERVED
-CVE-2019-0808
- RESERVED
+CVE-2019-0809 (A remote code execution vulnerability exists when the Visual
Studio C+ ...)
+ TODO: check
+CVE-2019-0808 (An elevation of privilege vulnerability exists in Windows when
the Win ...)
+ TODO: check
CVE-2019-0807
RESERVED
CVE-2019-0806
RESERVED
CVE-2019-0805
RESERVED
-CVE-2019-0804
- RESERVED
+CVE-2019-0804 (An information disclosure vulnerability exists in the way Azure
WaLinu ...)
{DSA-4406-1 DLA-1709-1}
- waagent 2.2.34-3
CVE-2019-0803
@@ -27111,10 +27140,10 @@ CVE-2019-0800
RESERVED
CVE-2019-0799
RESERVED
-CVE-2019-0798
- RESERVED
-CVE-2019-0797
- RESERVED
+CVE-2019-0798 (A spoofing vulnerability exists when a Lync Server or Skype for
Busine ...)
+ TODO: check
+CVE-2019-0797 (An elevation of privilege vulnerability exists in Windows when
the Win ...)
+ TODO: check
CVE-2019-0796
RESERVED
CVE-2019-0795
@@ -27139,73 +27168,72 @@ CVE-2019-0786
RESERVED
CVE-2019-0785
RESERVED
-CVE-2019-0784
- RESERVED
-CVE-2019-0783
- RESERVED
-CVE-2019-0782
- RESERVED
+CVE-2019-0784 (A remote code execution vulnerability exists in the way that
the Activ ...)
+ TODO: check
+CVE-2019-0783 (A remote code execution vulnerability exists in the way that
the scrip ...)
+ TODO: check
+CVE-2019-0782 (An information disclosure vulnerability exists when the Windows
kernel ...)
+ TODO: check
CVE-2019-0781
RESERVED
-CVE-2019-0780
- RESERVED
-CVE-2019-0779
- RESERVED
-CVE-2019-0778
- RESERVED
-CVE-2019-0777
- RESERVED
-CVE-2019-0776
- RESERVED
-CVE-2019-0775
- RESERVED
-CVE-2019-0774
- RESERVED
-CVE-2019-0773
- RESERVED
-CVE-2019-0772
- RESERVED
-CVE-2019-0771
- RESERVED
-CVE-2019-0770
- RESERVED
-CVE-2019-0769
- RESERVED
-CVE-2019-0768
- RESERVED
-CVE-2019-0767
- RESERVED
-CVE-2019-0766
- RESERVED
-CVE-2019-0765
- RESERVED
+CVE-2019-0780 (A remote code execution vulnerability exists in the way that
Microsoft ...)
+ TODO: check
+CVE-2019-0779 (A remote code execution vulnerability exists when Microsoft
Edge impro ...)
+ TODO: check
+CVE-2019-0778 (A cross-site-scripting (XSS) vulnerability exists when
Microsoft Share ...)
+ TODO: check
+CVE-2019-0777 (A Cross-site Scripting (XSS) vulnerability exists when Team
Foundation ...)
+ TODO: check
+CVE-2019-0776 (An information disclosure vulnerability exists when the win32k
compone ...)
+ TODO: check
+CVE-2019-0775 (An information disclosure vulnerability exists when the Windows
kernel ...)
+ TODO: check
+CVE-2019-0774 (An information disclosure vulnerability exists when the Windows
GDI co ...)
+ TODO: check
+CVE-2019-0773 (A remote code execution vulnerability exists in the way that
the scrip ...)
+ TODO: check
+CVE-2019-0772 (A remote code execution vulnerability exists in the way that
the VBScr ...)
+ TODO: check
+CVE-2019-0771 (A remote code execution vulnerability exists in the way that
the scrip ...)
+ TODO: check
+CVE-2019-0770 (A remote code execution vulnerability exists in the way that
the scrip ...)
+ TODO: check
+CVE-2019-0769 (A remote code execution vulnerability exists in the way that
the scrip ...)
+ TODO: check
+CVE-2019-0768 (A security feature bypass vulnerability exists when Internet
Explorer ...)
+ TODO: check
+CVE-2019-0767 (An information disclosure vulnerability exists when the Windows
kernel ...)
+ TODO: check
+CVE-2019-0766 (An elevation of privilege vulnerability exists in Windows AppX
Deploym ...)
+ TODO: check
+CVE-2019-0765 (A remote code execution vulnerability exists in the way that
comctl32. ...)
+ TODO: check
CVE-2019-0764
RESERVED
-CVE-2019-0763
- RESERVED
-CVE-2019-0762
- RESERVED
-CVE-2019-0761
- RESERVED
+CVE-2019-0763 (A remote code execution vulnerability exists when Internet
Explorer im ...)
+ TODO: check
+CVE-2019-0762 (A security feature bypass vulnerability exists when Microsoft
browsers ...)
+ TODO: check
+CVE-2019-0761 (A security feature bypass vulnerability exists when Internet
Explorer ...)
+ TODO: check
CVE-2019-0760
RESERVED
-CVE-2019-0759
- RESERVED
+CVE-2019-0759 (An information disclosure vulnerability exists when the Windows
Print ...)
+ TODO: check
CVE-2019-0758
RESERVED
-CVE-2019-0757
- RESERVED
+CVE-2019-0757 (A tampering vulnerability exists in the NuGet Package Manager
for Linu ...)
- nuget <not-affected> (NuGet older than 4.3 is not affected, bug
#926122)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1685475
NOTE: https://github.com/NuGet/Home/issues/7673
NOTE:
https://github.com/NuGet/NuGet.Client/commit/d62db666c710bf95121fe8f5c6a6cbe01985456f?w=1
NOTE: https://github.com/NuGet/Home/issues/7673#issuecomment-478738369
-CVE-2019-0756
- RESERVED
-CVE-2019-0755
- RESERVED
-CVE-2019-0754
- RESERVED
+CVE-2019-0756 (A remote code execution vulnerability exists when the Microsoft
XML Co ...)
+ TODO: check
+CVE-2019-0755 (An information disclosure vulnerability exists when the Windows
kernel ...)
+ TODO: check
+CVE-2019-0754 (A denial of service vulnerability exists when Windows
improperly handl ...)
+ TODO: check
CVE-2019-0753
RESERVED
CVE-2019-0752
@@ -27216,12 +27244,12 @@ CVE-2019-0750
RESERVED
CVE-2019-0749
RESERVED
-CVE-2019-0748
- RESERVED
+CVE-2019-0748 (A remote code execution vulnerability exists when the Microsoft
Office ...)
+ TODO: check
CVE-2019-0747
RESERVED
-CVE-2019-0746
- RESERVED
+CVE-2019-0746 (An information disclosure vulnerability exists when the
scripting engi ...)
+ TODO: check
CVE-2019-0745
RESERVED
CVE-2019-0744
@@ -27260,8 +27288,8 @@ CVE-2019-0728 (A remote code execution vulnerability
exists in Visual Studio Cod
NOT-FOR-US: Microsoft
CVE-2019-0727
RESERVED
-CVE-2019-0726
- RESERVED
+CVE-2019-0726 (A memory corruption vulnerability exists in the Windows DHCP
client wh ...)
+ TODO: check
CVE-2019-0725
RESERVED
CVE-2019-0724 (An elevation of privilege vulnerability exists in Microsoft
Exchange S ...)
@@ -27304,38 +27332,38 @@ CVE-2019-0706
RESERVED
CVE-2019-0705
RESERVED
-CVE-2019-0704
- RESERVED
-CVE-2019-0703
- RESERVED
-CVE-2019-0702
- RESERVED
-CVE-2019-0701
- RESERVED
+CVE-2019-0704 (An information disclosure vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2019-0703 (An information disclosure vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2019-0702 (An information disclosure vulnerability exists when the Windows
kernel ...)
+ TODO: check
+CVE-2019-0701 (A denial of service vulnerability exists when Microsoft Hyper-V
on a h ...)
+ TODO: check
CVE-2019-0700
RESERVED
CVE-2019-0699
RESERVED
-CVE-2019-0698
- RESERVED
-CVE-2019-0697
- RESERVED
-CVE-2019-0696
- RESERVED
-CVE-2019-0695
- RESERVED
-CVE-2019-0694
- RESERVED
-CVE-2019-0693
- RESERVED
-CVE-2019-0692
- RESERVED
+CVE-2019-0698 (A memory corruption vulnerability exists in the Windows DHCP
client wh ...)
+ TODO: check
+CVE-2019-0697 (A memory corruption vulnerability exists in the Windows DHCP
client wh ...)
+ TODO: check
+CVE-2019-0696 (An elevation of privilege vulnerability exists when the Windows
kernel ...)
+ TODO: check
+CVE-2019-0695 (A denial of service vulnerability exists when Microsoft Hyper-V
on a h ...)
+ TODO: check
+CVE-2019-0694 (An elevation of privilege vulnerability exists due to an
integer overf ...)
+ TODO: check
+CVE-2019-0693 (An elevation of privilege vulnerability exists due to an
integer overf ...)
+ TODO: check
+CVE-2019-0692 (An elevation of privilege vulnerability exists due to an
integer overf ...)
+ TODO: check
CVE-2019-0691
RESERVED
-CVE-2019-0690
- RESERVED
-CVE-2019-0689
- RESERVED
+CVE-2019-0690 (A denial of service vulnerability exists when Microsoft Hyper-V
Networ ...)
+ TODO: check
+CVE-2019-0689 (An elevation of privilege vulnerability exists due to an
integer overf ...)
+ TODO: check
CVE-2019-0688
RESERVED
CVE-2019-0687
@@ -27346,18 +27374,18 @@ CVE-2019-0685
RESERVED
CVE-2019-0684
RESERVED
-CVE-2019-0683
- RESERVED
-CVE-2019-0682
- RESERVED
+CVE-2019-0683 (An elevation of privilege vulnerability exists in Active
Directory For ...)
+ TODO: check
+CVE-2019-0682 (An elevation of privilege vulnerability exists due to an
integer overf ...)
+ TODO: check
CVE-2019-0681
RESERVED
-CVE-2019-0680
- RESERVED
+CVE-2019-0680 (A remote code execution vulnerability exists in the way that
the scrip ...)
+ TODO: check
CVE-2019-0679
RESERVED
-CVE-2019-0678
- RESERVED
+CVE-2019-0678 (An elevation of privilege vulnerability exists when Microsoft
Edge doe ...)
+ TODO: check
CVE-2019-0677
RESERVED
CVE-2019-0676 (An information disclosure vulnerability exists when Internet
Explorer ...)
@@ -27378,12 +27406,12 @@ CVE-2019-0669 (An information disclosure
vulnerability exists when Microsoft Exc
NOT-FOR-US: Microsoft
CVE-2019-0668 (An elevation of privilege vulnerability exists when Microsoft
SharePoi ...)
NOT-FOR-US: Microsoft
-CVE-2019-0667
- RESERVED
-CVE-2019-0666
- RESERVED
-CVE-2019-0665
- RESERVED
+CVE-2019-0667 (A remote code execution vulnerability exists in the way that
the VBScr ...)
+ TODO: check
+CVE-2019-0666 (A remote code execution vulnerability exists in the way that
the VBScr ...)
+ TODO: check
+CVE-2019-0665 (A remote code execution vulnerability exists in the way that
the VBScr ...)
+ TODO: check
CVE-2019-0664 (An information disclosure vulnerability exists when the Windows
GDI co ...)
NOT-FOR-US: Microsoft
CVE-2019-0663 (An information disclosure vulnerability exists when the Windows
kernel ...)
@@ -27434,8 +27462,8 @@ CVE-2019-0641 (A security feature bypass vulnerability
exists in Microsoft Edge
NOT-FOR-US: Microsoft
CVE-2019-0640 (A remote code execution vulnerability exists in the way that
the scrip ...)
NOT-FOR-US: Microsoft
-CVE-2019-0639
- RESERVED
+CVE-2019-0639 (A remote code execution vulnerability exists in the way that
the Chakr ...)
+ TODO: check
CVE-2019-0638
RESERVED
CVE-2019-0637 (A security feature bypass vulnerability exists when Windows
Defender F ...)
@@ -27478,24 +27506,24 @@ CVE-2019-0619 (An information disclosure
vulnerability exists when the Windows G
NOT-FOR-US: Microsoft
CVE-2019-0618 (A remote code execution vulnerability exists in the way that
the Windo ...)
NOT-FOR-US: Microsoft
-CVE-2019-0617
- RESERVED
+CVE-2019-0617 (A remote code execution vulnerability exists when the Windows
Jet Data ...)
+ TODO: check
CVE-2019-0616 (An information disclosure vulnerability exists when the Windows
GDI co ...)
NOT-FOR-US: Microsoft
CVE-2019-0615 (An information disclosure vulnerability exists when the Windows
GDI co ...)
NOT-FOR-US: Microsoft
-CVE-2019-0614
- RESERVED
+CVE-2019-0614 (An information disclosure vulnerability exists when the Windows
GDI co ...)
+ TODO: check
CVE-2019-0613 (A remote code execution vulnerability exists in .NET Framework
and Vis ...)
NOT-FOR-US: Microsoft
-CVE-2019-0612
- RESERVED
-CVE-2019-0611
- RESERVED
+CVE-2019-0612 (A security feature bypass vulnerability exists when Click2Play
protect ...)
+ TODO: check
+CVE-2019-0611 (A remote code execution vulnerability exists in the way that
the Chakr ...)
+ TODO: check
CVE-2019-0610 (A remote code execution vulnerability exists in the way that
the scrip ...)
NOT-FOR-US: Microsoft
-CVE-2019-0609
- RESERVED
+CVE-2019-0609 (A remote code execution vulnerability exists in the way the
scripting ...)
+ TODO: check
CVE-2019-0608
RESERVED
CVE-2019-0607 (A remote code execution vulnerability exists in the way that
the scrip ...)
@@ -27506,8 +27534,8 @@ CVE-2019-0605 (A remote code execution vulnerability
exists in the way that the
NOT-FOR-US: Microsoft
CVE-2019-0604 (A remote code execution vulnerability exists in Microsoft
SharePoint w ...)
NOT-FOR-US: Microsoft
-CVE-2019-0603
- RESERVED
+CVE-2019-0603 (A remote code execution vulnerability exists in the way that
Windows D ...)
+ TODO: check
CVE-2019-0602 (An information disclosure vulnerability exists when the Windows
GDI co ...)
NOT-FOR-US: Microsoft
CVE-2019-0601 (An information disclosure vulnerability exists when the Human
Interfac ...)
@@ -27528,8 +27556,8 @@ CVE-2019-0594 (A remote code execution vulnerability
exists in Microsoft SharePo
NOT-FOR-US: Microsoft
CVE-2019-0593 (A remote code execution vulnerability exists in the way that
the scrip ...)
NOT-FOR-US: Microsoft
-CVE-2019-0592
- RESERVED
+CVE-2019-0592 (A remote code execution vulnerability exists in the way that
the Chakr ...)
+ TODO: check
CVE-2019-0591 (A remote code execution vulnerability exists in the way that
the scrip ...)
NOT-FOR-US: Microsoft
CVE-2019-0590 (A remote code execution vulnerability exists in the way that
the scrip ...)
@@ -29212,16 +29240,14 @@ CVE-2019-0219
RESERVED
CVE-2019-0218
RESERVED
-CVE-2019-0217 [mod_auth_digest access control bypass]
- RESERVED
+CVE-2019-0217 (In Apache HTTP Server 2.4 release 2.4.38 and prior, a race
condition i ...)
{DSA-4422-1 DLA-1748-1}
- apache2 2.4.38-3
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0217
NOTE: https://svn.apache.org/r1855298
CVE-2019-0216
RESERVED
-CVE-2019-0215 [mod_ssl access control bypass]
- RESERVED
+CVE-2019-0215 (In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in
mod_ssl ...)
- apache2 2.4.38-3
[stretch] - apache2 <not-affected> (Vulnerable code introduced later)
[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
@@ -29232,8 +29258,7 @@ CVE-2019-0213
RESERVED
CVE-2019-0212 (In all previously released Apache HBase 2.x versions
(2.0.0-2.0.4, 2.1 ...)
NOT-FOR-US: Apache HBase
-CVE-2019-0211 [Apache HTTP Server privilege escalation from modules' scripts]
- RESERVED
+CVE-2019-0211 (In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM
event, w ...)
{DSA-4422-1}
- apache2 2.4.38-3
[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
@@ -53464,6 +53489,7 @@ CVE-2018-10244 (Suricata version 4.0.4 incorrectly
handles the parsing of an Eth
NOTE:
https://github.com/OISF/suricata/commit/f68bf3301ad4d25f0a5ecb13405f4e26316cdf8d
NOTE: https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/
CVE-2018-10243 (htp_parse_authorization_digest in htp_parsers.c in LibHTP
0.5.26 allow ...)
+ {DLA-1751-1}
- libhtp 1:0.5.28-1
- suricata 1:4.0.0-1
NOTE: suricata used the embedded copy of libhtp up to before 1:4.0.0-1.
@@ -53471,6 +53497,7 @@ CVE-2018-10243 (htp_parse_authorization_digest in
htp_parsers.c in LibHTP 0.5.26
NOTE:
https://github.com/OISF/libhtp/commit/eefd4b7d2be663f6067362f29c81e6edf909145a
NOTE: https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/
CVE-2018-10242 (Suricata version 4.0.4 incorrectly handles the parsing of the
SSH bann ...)
+ {DLA-1751-1}
- suricata 1:4.0.5-1
NOTE: https://redmine.openinfosecfoundation.org/issues/2544
NOTE: https://redmine.openinfosecfoundation.org/issues/2542
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e7e16f99ca3995370406f2569e4af56bb9c720b4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e7e16f99ca3995370406f2569e4af56bb9c720b4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
