Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d66809cb by security tracker role at 2019-06-21T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2019-12929
+ RESERVED
+CVE-2019-12928
+ RESERVED
+CVE-2019-12927
+ RESERVED
+CVE-2019-12926
+ RESERVED
+CVE-2019-12925
+ RESERVED
+CVE-2019-12924
+ RESERVED
+CVE-2019-12923
+ RESERVED
+CVE-2019-12922
+ RESERVED
CVE-2019-12921
RESERVED
CVE-2019-12920 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4
devices ...)
@@ -233,7 +249,7 @@ CVE-2019-12820
CVE-2019-12817
RESERVED
CVE-2019-12816 (Modules.cpp in ZNC before 1.7.4-rc1 allows remote
authenticated non-ad ...)
- {DSA-4463-1}
+ {DSA-4463-1 DLA-1830-1}
- znc 1.7.2-3
NOTE: Versions affected: 0.098 - 1.7.3
NOTE:
https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311
@@ -4513,7 +4529,7 @@ CVE-2019-11093 (Unquoted service path in the installer
for the Intel(R) SCS Disc
CVE-2019-11092 (Insufficient password protection in the attestation database
for Open ...)
NOT-FOR-US: Open CIT
CVE-2019-11091 (Microarchitectural Data Sampling Uncacheable Memory (MDSUM):
Uncacheab ...)
- {DSA-4447-1 DSA-4444-1 DLA-1799-1 DLA-1789-1 DLA-1787-1}
+ {DSA-4447-1 DSA-4444-1 DLA-1789-2 DLA-1799-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen 4.11.1+92-g6c33308a8d-1 (bug #929129)
@@ -4662,21 +4678,21 @@ CVE-2019-11042
RESERVED
CVE-2019-11041
RESERVED
-CVE-2019-11040 (When EXIF extension is parsing EXIF information from an image,
e.g. vi ...)
+CVE-2019-11040 (When PHP EXIF extension is parsing EXIF information from an
image, e.g ...)
{DLA-1813-1}
- php7.3 7.3.6-1
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in 7.1.30, 7.2.19, 7.3.6
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77988
-CVE-2019-11039 (Function iconv_mime_decode_headers() in versions 7.1.x below
7.1.30, 7 ...)
+CVE-2019-11039 (Function iconv_mime_decode_headers() in PHP versions 7.1.x
below 7.1.3 ...)
{DLA-1813-1}
- php7.3 7.3.6-1
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in 7.1.30, 7.2.19, 7.3.6
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78069
-CVE-2019-11038 (When using gdImageCreateFromXbm() function of gd extension in
versions ...)
+CVE-2019-11038 (When using gdImageCreateFromXbm() function of PHP gd extension
in PHP ...)
{DLA-1817-1}
- libgd2 2.2.5-5.2 (low; bug #929821)
[stretch] - libgd2 <no-dsa> (Minor issue)
@@ -8332,7 +8348,7 @@ CVE-2019-9860 (Due to unencrypted signal communication
and predictability of rol
CVE-2019-9859
RESERVED
CVE-2019-9858 (Remote code execution was discovered in Horde Groupware Webmail
5.2.22 ...)
- {DLA-1822-1}
+ {DSA-4468-1 DLA-1822-1}
- php-horde-form 2.0.18-3.1 (bug #930321)
NOTE:
https://ssd-disclosure.com/archives/3814/ssd-advisory-horde-groupware-webmail-authenticated-arbitrary-file-injection-to-rce
NOTE:
https://github.com/horde/Form/commit/c916ba979ad1613d76a9407dd0b67968a9594c0e
@@ -23369,8 +23385,8 @@ CVE-2019-3737 (Dell EMC Avamar ADMe Web Interface
1.0.50 and 1.0.51 are affected
NOT-FOR-US: Dell EMC Avamar ADMe Web Interface
CVE-2019-3736
RESERVED
-CVE-2019-3735
- RESERVED
+CVE-2019-3735 (Dell SupportAssist for Business PCs version 2.0 and Dell
SupportAssist ...)
+ TODO: check
CVE-2019-3734
RESERVED
CVE-2019-3733
@@ -29483,8 +29499,8 @@ CVE-2019-1906 (A vulnerability in the Virtual Domain
system of Cisco Prime Infra
NOT-FOR-US: Cisco
CVE-2019-1905 (A vulnerability in the GZIP decompression engine of Cisco
AsyncOS Soft ...)
NOT-FOR-US: Cisco
-CVE-2019-1904
- RESERVED
+CVE-2019-1904 (A vulnerability in the web-based UI (web UI) of Cisco IOS XE
Software ...)
+ TODO: check
CVE-2019-1903 (A vulnerability in Cisco Security Manager could allow an
unauthenticat ...)
NOT-FOR-US: Cisco
CVE-2019-1902
@@ -43981,15 +43997,17 @@ CVE-2018-15881 (An issue was discovered in Joomla!
before 3.8.12. Inadequate che
CVE-2018-15880 (An issue was discovered in Joomla! before 3.8.12. Inadequate
output fi ...)
NOT-FOR-US: Joomla!
CVE-2018-15879 (The GD Graphics Library (aka libgd) through 2.2.5 has a Double
Free Vu ...)
- - libgd2 2.2.5-4.1 (low)
- [stretch] - libgd2 2.2.4-2+deb9u3
- NOTE: https://github.com/libgd/libgd/issues/447
- NOTE:
https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
+ {DLA-1651-1}
+ - libgd2 2.2.5-4.1 (low)
+ [stretch] - libgd2 2.2.4-2+deb9u3
+ NOTE: https://github.com/libgd/libgd/issues/447
+ NOTE:
https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
CVE-2018-15878 (The GD Graphics Library (aka libgd) through 2.2.5 has a Double
Free Vu ...)
- - libgd2 2.2.5-4.1 (low)
- [stretch] - libgd2 2.2.4-2+deb9u3
- NOTE: https://github.com/libgd/libgd/issues/447
- NOTE:
https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
+ {DLA-1651-1}
+ - libgd2 2.2.5-4.1 (low)
+ [stretch] - libgd2 2.2.4-2+deb9u3
+ NOTE: https://github.com/libgd/libgd/issues/447
+ NOTE:
https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
CVE-2017-18345 (The Joomanager component through 2.0.0 for Joomla! has an
arbitrary fi ...)
NOT-FOR-US: Joomla addon
CVE-2018-16543 (In Artifex Ghostscript before 9.24, gssetresolution and
gsgetresolutio ...)
@@ -53837,7 +53855,7 @@ CVE-2018-12132
CVE-2018-12131 (Permissions in the driver pack installers for Intel NVMe
before versio ...)
NOT-FOR-US: Intel
CVE-2018-12130 (Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill
buffers on ...)
- {DSA-4447-1 DSA-4444-1 DLA-1799-1 DLA-1789-1 DLA-1787-1}
+ {DSA-4447-1 DSA-4444-1 DLA-1789-2 DLA-1799-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen 4.11.1+92-g6c33308a8d-1 (bug #929129)
@@ -53852,7 +53870,7 @@ CVE-2018-12129
CVE-2018-12128
RESERVED
CVE-2018-12127 (Microarchitectural Load Port Data Sampling (MLPDS): Load ports
on some ...)
- {DSA-4447-1 DSA-4444-1 DLA-1799-1 DLA-1789-1 DLA-1787-1}
+ {DSA-4447-1 DSA-4444-1 DLA-1789-2 DLA-1799-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen 4.11.1+92-g6c33308a8d-1 (bug #929129)
@@ -53863,7 +53881,7 @@ CVE-2018-12127 (Microarchitectural Load Port Data
Sampling (MLPDS): Load ports o
NOTE:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
NOTE: qemu and libvirt need updates to passthrough md-clear, see
#929067 for qemu and #929154 for libvirt
CVE-2018-12126 (Microarchitectural Store Buffer Data Sampling (MSBDS): Store
buffers o ...)
- {DSA-4447-1 DSA-4444-1 DLA-1799-1 DLA-1789-1 DLA-1787-1}
+ {DSA-4447-1 DSA-4444-1 DLA-1789-2 DLA-1799-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen 4.11.1+92-g6c33308a8d-1 (bug #929129)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d66809cb4c4cf43d98ceae6f9573fa9990f6d535
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d66809cb4c4cf43d98ceae6f9573fa9990f6d535
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
