[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 11 Jun 2019 13:11:33 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a322d404 by security tracker role at 2019-06-11T20:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-12794 (An issue was discovered in MISP 2.4.108. Organization admins 
could res ...)
+       TODO: check
 CVE-2019-XXXX [faad2 issue fixed in vlc]
        - faad2 2.8.8-3
 CVE-2019-XXXX [security issues fixed in 1.8.5]
@@ -63,12 +65,12 @@ CVE-2019-12768
        RESERVED
 CVE-2019-12767
        RESERVED
-CVE-2019-12766
-       RESERVED
-CVE-2019-12765
-       RESERVED
-CVE-2019-12764
-       RESERVED
+CVE-2019-12766 (An issue was discovered in Joomla! before 3.9.7. The subform 
fieldtype ...)
+       TODO: check
+CVE-2019-12765 (An issue was discovered in Joomla! before 3.9.7. The CSV 
export of com ...)
+       TODO: check
+CVE-2019-12764 (An issue was discovered in Joomla! before 3.9.7. The update 
server URL ...)
+       TODO: check
 CVE-2019-12763 (The Security Camera CZ application through 1.6.8 for Android 
stores po ...)
        NOT-FOR-US: Security Camera CZ application for Android
 CVE-2019-12762 (Xiaomi Mi 5s Plus devices allow attackers to trigger 
touchscreen anoma ...)
@@ -102,8 +104,7 @@ CVE-2019-12751
        RESERVED
 CVE-2019-12750
        RESERVED
-CVE-2019-12749 [DBusServer DBUS_COOKIE_SHA1 authentication bypass]
-       RESERVED
+CVE-2019-12749 (dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 
1.13.12, ...)
        - dbus 1.12.16-1 (bug #930375)
        NOTE: https://www.openwall.com/lists/oss-security/2019/06/11/2
        NOTE: https://gitlab.freedesktop.org/dbus/dbus/issues/269
@@ -625,6 +626,7 @@ CVE-2019-12498
        RESERVED
 CVE-2019-12497 [OSA-2019-09]
        RESERVED
+       {DLA-1816-1}
        - otrs2 6.0.19-1
        [stretch] - otrs2 <no-dsa> (Non-free not supported)
        NOTE: 
https://community.otrs.com/security-advisory-2019-09-security-update-for-otrs-framework/
@@ -1283,6 +1285,7 @@ CVE-2019-12249
        RESERVED
 CVE-2019-12248 [OSA-2019-08]
        RESERVED
+       {DLA-1816-1}
        - otrs2 6.0.19-1
        [stretch] - otrs2 <no-dsa> (Non-free not supported)
        NOTE: 
https://community.otrs.com/security-advisory-2019-08-security-update-for-otrs-framework/
@@ -3579,8 +3582,8 @@ CVE-2019-11336 (Sony Bravia Smart TV devices allow remote 
attackers to retrieve
        NOT-FOR-US: Sony Bravia Smart TV devices
 CVE-2019-11335
        RESERVED
-CVE-2019-11334
-       RESERVED
+CVE-2019-11334 (An authentication bypass in website post requests in the Tzumi 
Electro ...)
+       TODO: check
 CVE-2019-11333
        RESERVED
 CVE-2019-11332 (MKCMS 5.0 allows remote attackers to take over arbitrary user 
accounts ...)
@@ -4284,6 +4287,7 @@ CVE-2019-11039 [Out-of-bounds read in 
iconv.c:_php_iconv_mime_decode() due to in
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78069
 CVE-2019-11038 [Uninitialized read in gdImageCreateFromXbm]
        RESERVED
+       {DLA-1817-1}
        - libgd2 2.2.5-5.2 (low; bug #929821)
        [stretch] - libgd2 <no-dsa> (Minor issue)
        - php7.3 7.3.6-1 (unimportant)
@@ -6003,24 +6007,24 @@ CVE-2019-10341
        RESERVED
 CVE-2019-10340
        RESERVED
-CVE-2019-10339
-       RESERVED
-CVE-2019-10338
-       RESERVED
-CVE-2019-10337
-       RESERVED
-CVE-2019-10336
-       RESERVED
-CVE-2019-10335
-       RESERVED
-CVE-2019-10334
-       RESERVED
-CVE-2019-10333
-       RESERVED
-CVE-2019-10332
-       RESERVED
-CVE-2019-10331
-       RESERVED
+CVE-2019-10339 (A missing permission check in Jenkins JX Resources Plugin 
1.0.36 and e ...)
+       TODO: check
+CVE-2019-10338 (A cross-site request forgery vulnerability in Jenkins JX 
Resources Plu ...)
+       TODO: check
+CVE-2019-10337 (An XML external entities (XXE) vulnerability in Jenkins Token 
Macro Pl ...)
+       TODO: check
+CVE-2019-10336 (A reflected cross site scripting vulnerability in Jenkins 
ElectricFlow ...)
+       TODO: check
+CVE-2019-10335 (A stored cross site scripting vulnerability in Jenkins 
ElectricFlow Pl ...)
+       TODO: check
+CVE-2019-10334 (Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS 
and hos ...)
+       TODO: check
+CVE-2019-10333 (Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 
and ear ...)
+       TODO: check
+CVE-2019-10332 (A missing permission check in Jenkins ElectricFlow Plugin 
1.1.5 and ea ...)
+       TODO: check
+CVE-2019-10331 (A cross-site request forgery vulnerability in Jenkins 
ElectricFlow Plu ...)
+       TODO: check
 CVE-2019-10330 (Jenkins Gitea Plugin 1.1.1 and earlier did not implement 
trusted revis ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2019-10329 (Jenkins InfluxDB Plugin 1.21 and earlier stored credentials 
unencrypte ...)
@@ -23696,10 +23700,10 @@ CVE-2019-3412
        RESERVED
 CVE-2019-3411
        RESERVED
-CVE-2019-3410
-       RESERVED
-CVE-2019-3409
-       RESERVED
+CVE-2019-3410 (All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE 
Outdoor CPE  ...)
+       TODO: check
+CVE-2019-3409 (All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE 
Outdoor CPE  ...)
+       TODO: check
 CVE-2018-20623 (In GNU Binutils 2.31.1, there is a use-after-free in the error 
functio ...)
        - binutils <unfixed> (unimportant)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24049
@@ -54288,11 +54292,9 @@ CVE-2018-11802 [Rule-base Authorization plugin skips 
authorization if querying n
        NOTE: https://issues.apache.org/jira/browse/SOLR-12514
        NOTE: Issue introduced around: 
https://github.com/apache/lucene-solr/commit/56e88400aefbeb7f1821cbd10a2997cde018df97
 (4.2.0)
        NOTE: Fixed by: 
https://github.com/apache/lucene-solr/commit/add003f217806afb4e1604f697cdb0a5a7115895
 (releases/lucene-solr/6.6.6)
-CVE-2018-11801
-       RESERVED
+CVE-2018-11801 (SQL injection vulnerability in Apache Fineract before 1.3.0 
allows att ...)
        NOT-FOR-US: Apache Fineract
-CVE-2018-11800
-       RESERVED
+CVE-2018-11800 (SQL injection vulnerability in Apache Fineract before 1.3.0 
allows att ...)
        NOT-FOR-US: Apache Fineract
 CVE-2018-11799 (Vulnerability allows a user of Apache Oozie 3.1.3-incubating 
to 5.0.0  ...)
        NOT-FOR-US: Apache Oozie



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a322d404813fdc271b82d0be72aaa0db50cc5139

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a322d404813fdc271b82d0be72aaa0db50cc5139
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to