[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 15 Apr 2019 13:10:36 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a2fdf860 by security tracker role at 2019-04-15T20:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-11236 (In the urllib3 library through 1.24.1 for Python, CRLF 
injection is po ...)
+       TODO: check
+CVE-2019-11235
+       RESERVED
+CVE-2019-11234
+       RESERVED
 CVE-2019-11233
        RESERVED
 CVE-2019-11232
@@ -347,6 +353,7 @@ CVE-2019-11070 (WebKitGTK and WPE WebKit prior to version 
2.24.1 failed to prope
 CVE-2019-11069 (Sequelize before 5.3.0 does not properly ensure that standard 
conformi ...)
        NOT-FOR-US: Sequelize
 CVE-2019-11068 (libxslt through 1.1.33 allows bypass of a protection mechanism 
because ...)
+       {DLA-1756-1}
        - libxslt <unfixed> (bug #926895)
        NOTE: https://gitlab.gnome.org/GNOME/libxslt/issues/12 (not public)
        NOTE: 
https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
@@ -11904,8 +11911,8 @@ CVE-2019-6611
        RESERVED
 CVE-2019-6610 (On versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 
11.6.0-11 ...)
        NOT-FOR-US: F5 BIG-IP
-CVE-2019-6609
-       RESERVED
+CVE-2019-6609 (Platform dependent weakness. This issue only impacts iSeries 
platforms ...)
+       TODO: check
 CVE-2019-6608 (On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 
14.0.0-14 ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2019-6607 (On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 
13.0.0-13.1 ...)
@@ -12789,7 +12796,8 @@ CVE-2018-20712 (A heap-based buffer over-read exists in 
the function d_expressio
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24043
 CVE-2018-20711
        RESERVED
-CVE-2018-20710 (The SingleDocParser::HandleFlowSequence function in yaml-cpp 
(aka LibY ...)
+CVE-2018-20710
+       REJECTED
        - yaml-cpp <unfixed> (low; bug #919432)
        [buster] - yaml-cpp <no-dsa> (Minor issue)
        [stretch] - yaml-cpp <no-dsa> (Minor issue)
@@ -14714,16 +14722,16 @@ CVE-2019-5522
        RESERVED
 CVE-2019-5521
        RESERVED
-CVE-2019-5520
-       RESERVED
+CVE-2019-5520 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before 
ESXi650-20 ...)
+       TODO: check
 CVE-2019-5519 (VMware ESXi (6.7 before ESXi670-201903001, 6.5 before 
ESXi650-20190300 ...)
        NOT-FOR-US: VMware
 CVE-2019-5518 (VMware ESXi (6.7 before ESXi670-201903001, 6.5 before 
ESXi650-20190300 ...)
        NOT-FOR-US: VMware
-CVE-2019-5517
-       RESERVED
-CVE-2019-5516
-       RESERVED
+CVE-2019-5517 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before 
ESXi650-20 ...)
+       TODO: check
+CVE-2019-5516 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before 
ESXi650-20 ...)
+       TODO: check
 CVE-2019-5515 (VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and 
Fusion ...)
        NOT-FOR-US: VMware
 CVE-2019-5514 (VMware VMware Fusion (11.x before 11.0.3) contains a security 
vulnerab ...)
@@ -17386,10 +17394,10 @@ CVE-2019-4205
        RESERVED
 CVE-2019-4204
        RESERVED
-CVE-2019-4203
-       RESERVED
-CVE-2019-4202
-       RESERVED
+CVE-2019-4203 (IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be 
exploited  ...)
+       TODO: check
+CVE-2019-4202 (IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is 
vulnerable to  ...)
+       TODO: check
 CVE-2019-4201
        RESERVED
 CVE-2019-4200
@@ -17436,8 +17444,8 @@ CVE-2019-4180
        RESERVED
 CVE-2019-4179
        RESERVED
-CVE-2019-4178
-       RESERVED
+CVE-2019-4178 (IBM Cognos Analytics 11 could allow a remote attacker to 
traverse dire ...)
+       TODO: check
 CVE-2019-4177
        RESERVED
 CVE-2019-4176
@@ -17768,8 +17776,8 @@ CVE-2019-4014 (IBM DB2 for Linux, UNIX and Windows 
(includes DB2 Connect Server)
        NOT-FOR-US: IBM
 CVE-2019-4013 (IBM BigFix Platform 9.5 could allow any authenticated user to 
upload a ...)
        NOT-FOR-US: IBM
-CVE-2019-4012
-       RESERVED
+CVE-2019-4012 (IBM BigFix WebUI Profile Management 6 and Software Distribution 
23 is  ...)
+       TODO: check
 CVE-2019-4011
        RESERVED
 CVE-2019-4010
@@ -29814,8 +29822,8 @@ CVE-2019-0234
        RESERVED
 CVE-2019-0233
        RESERVED
-CVE-2019-0232
-       RESERVED
+CVE-2019-0232 (When running on Windows with enableCmdLineArguments enabled, 
the CGI S ...)
+       TODO: check
 CVE-2019-0231
        RESERVED
        NOT-FOR-US: Apache MINA
@@ -77780,8 +77788,8 @@ CVE-2018-1927 (IBM StoredIQ 7.6 is vulnerable to 
cross-site request forgery whic
        NOT-FOR-US: IBM
 CVE-2018-1926 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin 
Console  ...)
        NOT-FOR-US: IBM
-CVE-2018-1925
-       RESERVED
+CVE-2018-1925 (IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than 
expected cryp ...)
+       TODO: check
 CVE-2018-1924
        RESERVED
 CVE-2018-1923 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 9.7, ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2fdf86066fd94af6e77c9e2012c1eb107c604ca

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2fdf86066fd94af6e77c9e2012c1eb107c604ca
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to