[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 19 Jun 2019 01:10:59 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
58afb1e4 by security tracker role at 2019-06-19T08:10:28Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2019-12881 (i915_gem_userptr_get_pages in 
drivers/gpu/drm/i915/i915_gem_userptr.c  ...)
+       TODO: check
+CVE-2019-12880
+       RESERVED
+CVE-2019-12879
+       RESERVED
+CVE-2019-12878
+       RESERVED
+CVE-2019-12877
+       RESERVED
+CVE-2019-12876
+       RESERVED
 CVE-2019-12875 (Alpine Linux abuild through 3.4.0 allows an unprivileged 
member of the ...)
        TODO: check
 CVE-2019-12874 (An issue was discovered in zlib_decompress_extra in 
modules/demux/mkv/ ...)
@@ -358,6 +370,7 @@ CVE-2019-12734
 CVE-2019-12733
        RESERVED
 CVE-2019-12735 (getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 
allows remote ...)
+       {DSA-4467-1}
        - vim 2:8.1.0875-4 (bug #930020)
        - neovim <unfixed> (bug #930024)
        NOTE: 
https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
@@ -655,8 +668,8 @@ CVE-2019-12594
        RESERVED
 CVE-2019-12593 (IceWarp Mail Server through 10.4.4 is prone to a local file 
inclusion  ...)
        NOT-FOR-US: IceWarp Mail Server
-CVE-2019-12592
-       RESERVED
+CVE-2019-12592 (A universal Cross-site scripting (UXSS) vulnerability in the 
Evernote  ...)
+       TODO: check
 CVE-2019-12591 (NETGEAR Insight Cloud with firmware before Insight 5.6 allows 
remote a ...)
        NOT-FOR-US: NETGEAR
 CVE-2019-12590
@@ -1159,7 +1172,7 @@ CVE-2019-12397
        RESERVED
 CVE-2019-12396
        REJECTED
-CVE-2019-12395 (In Webbukkit Dynmap 3.0-beta-3, with Spigot 1.13.2, due to a 
missing l ...)
+CVE-2019-12395 (In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing 
login check  ...)
        NOT-FOR-US: Webbukkit Dynmap
 CVE-2019-12394
        RESERVED
@@ -1844,8 +1857,8 @@ CVE-2019-12135 (An unspecified vulnerability in the 
application server in PaperC
        NOT-FOR-US: PaperCut
 CVE-2019-12134 (CSV Injection (aka Excel Macro Injection or Formula Injection) 
exists  ...)
        NOT-FOR-US: Workday
-CVE-2019-12133
-       RESERVED
+CVE-2019-12133 (Multiple Zoho ManageEngine products suffer from local 
privilege escala ...)
+       TODO: check
 CVE-2019-12132
        RESERVED
 CVE-2019-12131
@@ -2769,6 +2782,7 @@ CVE-2019-11708
        RESERVED
 CVE-2019-11707
        RESERVED
+       {DSA-4466-1}
        - firefox 67.0.3-1
        - firefox-esr 60.7.1esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707
@@ -3441,16 +3455,13 @@ CVE-2019-11481
        RESERVED
 CVE-2019-11480
        RESERVED
-CVE-2019-11479
-       RESERVED
+CVE-2019-11479 (Jonathan Looney discovered that the Linux kernel default MSS 
is hard-c ...)
        {DSA-4465-1 DLA-1824-1 DLA-1823-1}
        - linux 4.19.37-4
-CVE-2019-11478
-       RESERVED
+CVE-2019-11478 (Jonathan Looney discovered that the TCP retransmission queue 
implement ...)
        {DSA-4465-1 DLA-1824-1 DLA-1823-1}
        - linux 4.19.37-4
-CVE-2019-11477
-       RESERVED
+CVE-2019-11477 (Jonathan Looney discovered that the 
TCP_SKB_CB(skb)-&gt;tcp_gso_segs v ...)
        {DSA-4465-1 DLA-1824-1 DLA-1823-1}
        - linux 4.19.37-4
 CVE-2019-11476
@@ -3654,13 +3665,13 @@ CVE-2019-11411 (An issue was discovered in Artifex MuJS 
1.0.5. The Number#toFixe
        NOT-FOR-US: MuJS
 CVE-2018-20818 (A buffer overflow vulnerability was discovered in the OpenPLC 
controll ...)
        NOT-FOR-US: OpenPLC
-CVE-2019-11410 (app/backup/index.php in the Backup Module in FreePBX 4.4.3 
suffers fro ...)
+CVE-2019-11410 (app/backup/index.php in the Backup Module in FusionPBX 4.4.3 
suffers f ...)
        NOT-FOR-US: FreePBX
-CVE-2019-11409 (app/operator_panel/exec.php in the Operator Panel module in 
FreePBX 4. ...)
+CVE-2019-11409 (app/operator_panel/exec.php in the Operator Panel module in 
FusionPBX  ...)
        NOT-FOR-US: FreePBX
 CVE-2019-11408 (XSS in app/operator_panel/index_inc.php in the Operator Panel 
module i ...)
        NOT-FOR-US: FusionPBX
-CVE-2019-11407 (app/operator_panel/index_inc.php in the Operator Panel module 
in FreeP ...)
+CVE-2019-11407 (app/operator_panel/index_inc.php in the Operator Panel module 
in Fusio ...)
        NOT-FOR-US: FusionPBX
 CVE-2019-11406 (Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, 
email, o ...)
        NOT-FOR-US: Subrion CMS
@@ -3990,8 +4001,8 @@ CVE-2019-11273
        RESERVED
 CVE-2019-11272
        RESERVED
-CVE-2019-11271
-       RESERVED
+CVE-2019-11271 (Cloud Foundry BOSH 267.x versions prior to v267.14.0, and BOSH 
270.x v ...)
+       TODO: check
 CVE-2019-11270
        RESERVED
 CVE-2019-11269 (Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior 
to 2.2.5, ...)
@@ -4544,24 +4555,21 @@ CVE-2019-11042
        RESERVED
 CVE-2019-11041
        RESERVED
-CVE-2019-11040 [heap-buffer-overflow on php_jpg_get16]
-       RESERVED
+CVE-2019-11040 (When EXIF extension is parsing EXIF information from an image, 
e.g. vi ...)
        {DLA-1813-1}
        - php7.3 7.3.6-1
        - php7.0 <removed>
        - php5 <removed>
        NOTE: Fixed in 7.1.30, 7.2.19, 7.3.6
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77988
-CVE-2019-11039 [Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to 
integer overflow]
-       RESERVED
+CVE-2019-11039 (Function iconv_mime_decode_headers() in versions 7.1.x below 
7.1.30, 7 ...)
        {DLA-1813-1}
        - php7.3 7.3.6-1
        - php7.0 <removed>
        - php5 <removed>
        NOTE: Fixed in 7.1.30, 7.2.19, 7.3.6
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78069
-CVE-2019-11038 [Uninitialized read in gdImageCreateFromXbm]
-       RESERVED
+CVE-2019-11038 (When using gdImageCreateFromXbm() function of gd extension in 
versions ...)
        {DLA-1817-1}
        - libgd2 2.2.5-5.2 (low; bug #929821)
        [stretch] - libgd2 <no-dsa> (Minor issue)
@@ -6970,8 +6978,8 @@ CVE-2019-10087
        RESERVED
 CVE-2019-10086
        RESERVED
-CVE-2019-10085
-       RESERVED
+CVE-2019-10085 (In Apache Allura prior to 1.11.0, a vulnerability exists for 
stored XS ...)
+       TODO: check
 CVE-2019-10084
        RESERVED
 CVE-2019-10083
@@ -22508,10 +22516,10 @@ CVE-2019-3956 (Dameware Remote Mini Control version 
12.1.0.34 and prior contains
        NOT-FOR-US: Dameware Remote Mini Control
 CVE-2019-3955 (Dameware Remote Mini Control version 12.1.0.34 and prior 
contains a un ...)
        NOT-FOR-US: Dameware Remote Mini Control
-CVE-2019-3954
-       RESERVED
-CVE-2019-3953
-       RESERVED
+CVE-2019-3954 (Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 
allows  ...)
+       TODO: check
+CVE-2019-3953 (Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 
allows  ...)
+       TODO: check
 CVE-2019-3952
        RESERVED
 CVE-2019-3951
@@ -22645,8 +22653,7 @@ CVE-2019-3898
 CVE-2019-3897
        RESERVED
        NOT-FOR-US: redhat-certification
-CVE-2019-3896
-       RESERVED
+CVE-2019-3896 (A double-free can happen in idr_remove_all() in lib/idr.c in 
the Linux ...)
        - linux 3.2.41-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1694812
 CVE-2019-3895 (An access-control flaw was found in the Octavia service when 
the cloud ...)
@@ -115316,26 +115323,26 @@ CVE-2017-8339 (PSKMAD.sys in Panda Free Antivirus 
18.0 allows local users to cau
        NOT-FOR-US: Panda Free Antivirus
 CVE-2017-8338 (A vulnerability in MikroTik Version 6.38.5 could allow an 
unauthentica ...)
        NOT-FOR-US: MikroTik
-CVE-2017-8337
-       RESERVED
+CVE-2017-8337 (An issue was discovered on Securifi Almond, Almond+, and Almond 
2015 d ...)
+       TODO: check
 CVE-2017-8336 (An issue was discovered on Securifi Almond, Almond+, and Almond 
2015 d ...)
        TODO: check
 CVE-2017-8335 (An issue was discovered on Securifi Almond, Almond+, and Almond 
2015 d ...)
        TODO: check
-CVE-2017-8334
-       RESERVED
-CVE-2017-8333
-       RESERVED
-CVE-2017-8332
-       RESERVED
-CVE-2017-8331
-       RESERVED
-CVE-2017-8330
-       RESERVED
-CVE-2017-8329
-       RESERVED
-CVE-2017-8328
-       RESERVED
+CVE-2017-8334 (An issue was discovered on Securifi Almond, Almond+, and Almond 
2015 d ...)
+       TODO: check
+CVE-2017-8333 (An issue was discovered on Securifi Almond, Almond+, and Almond 
2015 d ...)
+       TODO: check
+CVE-2017-8332 (An issue was discovered on Securifi Almond, Almond+, and Almond 
2015 d ...)
+       TODO: check
+CVE-2017-8331 (An issue was discovered on Securifi Almond, Almond+, and Almond 
2015 d ...)
+       TODO: check
+CVE-2017-8330 (An issue was discovered on Securifi Almond, Almond+, and Almond 
2015 d ...)
+       TODO: check
+CVE-2017-8329 (An issue was discovered on Securifi Almond, Almond+, and Almond 
2015 d ...)
+       TODO: check
+CVE-2017-8328 (An issue was discovered on Securifi Almond, Almond+, and Almond 
2015 d ...)
+       TODO: check
 CVE-2016-10351 (Telegram Desktop 0.10.19 uses 0755 permissions for 
$HOME/.TelegramDesk ...)
        - telegram-desktop 1.1.19-2
        NOTE: https://github.com/telegramdesktop/tdesktop/issues/2666



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/58afb1e447306fd9786de6ab0c7780b9cd5b96d6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/58afb1e447306fd9786de6ab0c7780b9cd5b96d6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to