[Git][security-tracker-team/security-tracker][master] automatic update

Sun, 28 Apr 2019 13:11:01 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a4dabd74 by security tracker role at 2019-04-28T20:10:26Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,12 +1,12 @@
-CVE-2019-11577 [DHCPv6: Fix a potential buffer overflow reading NA/TA 
addresses]
+CVE-2019-11577 (dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna 
in dhcp ...)
        - dhcpcd5 <unfixed> (bug #928105)
        [stretch] - dhcpcd5 <not-affected> (Vulnerable code not present)
        [jessie] - dhcpcd5 <not-affected> (Vulnerable code not present)
        NOTE: 
https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6
-CVE-2019-11579 [DHCP: Fix a potential 1 byte read overflow with 
DHO_OPTSOVERLOADED]
+CVE-2019-11579 (dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow 
with DHO ...)
        - dhcpcd5 <unfixed> (bug #928104)
        NOTE: 
https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8
-CVE-2019-11578 [auth: Use consttime_memequal to avoid latency attack]
+CVE-2019-11578 (auth.c in dhcpcd before 7.2.1 allowed attackers to infer 
secrets by pe ...)
        - dhcpcd5 <unfixed> (bug #928056)
        NOTE: 
https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233
        NOTE: 
https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da
@@ -2295,6 +2295,7 @@ CVE-2019-10652 (An issue was discovered in flatCore 
1.4.7. acp/acp.php allows re
 CVE-2019-10651
        RESERVED
 CVE-2019-10650 (In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer 
over-read in ...)
+       {DSA-4436-1}
        - imagemagick <unfixed> (bug #926091)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1532
 CVE-2019-10649 (In ImageMagick 7.0.8-36 Q16, there is a memory leak in the 
function SV ...)
@@ -3790,6 +3791,7 @@ CVE-2019-9958
 CVE-2019-9957
        RESERVED
 CVE-2019-9956 (In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer 
overflow in ...)
+       {DSA-4436-1}
        - imagemagick <unfixed> (bug #925395)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1523
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/34a6a5a45e83a4af852090b4e43f168a380df979
@@ -5291,6 +5293,7 @@ CVE-2019-9660 (Stored XSS exists in YzmCMS 5.2 via the 
admin/category/edit.html
 CVE-2019-9659 (The Chuango 433 MHz burglar-alarm product line uses static 
codes in th ...)
        NOT-FOR-US: Chuango
 CVE-2019-9658 (Checkstyle before 8.18 loads external DTDs by default. ...)
+       {DLA-1768-1}
        - checkstyle <unfixed> (low; bug #924598)
        [buster] - checkstyle <no-dsa> (Minor issue)
        [stretch] - checkstyle <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a4dabd746558910bb7b03f09b59ab6ef9ab9165f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a4dabd746558910bb7b03f09b59ab6ef9ab9165f
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to