[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 26 Jun 2019 13:10:54 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7944d342 by security tracker role at 2019-06-26T20:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2019-12984 (A NULL pointer dereference vulnerability in the function 
nfc_genl_deac ...)
+       TODO: check
+CVE-2019-12983 (In the Linux kernel before 5.0.15, the function 
do_hidp_sock_ioctl in  ...)
+       TODO: check
+CVE-2019-12982 (Ming (aka libming) 0.4.8 has a heap buffer overflow and 
underflow in t ...)
+       TODO: check
+CVE-2019-12981 (Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability 
in the f ...)
+       TODO: check
+CVE-2019-12980 (In Ming (aka libming) 0.4.8, there is an integer overflow 
(caused by a ...)
+       TODO: check
+CVE-2019-12979 (ImageMagick 7.0.8-34 has a "use of uninitialized value" 
vulnerability  ...)
+       TODO: check
+CVE-2019-12978 (ImageMagick 7.0.8-34 has a "use of uninitialized value" 
vulnerability  ...)
+       TODO: check
+CVE-2019-12977 (ImageMagick 7.0.8-34 has a "use of uninitialized value" 
vulnerability  ...)
+       TODO: check
+CVE-2019-12976 (ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage 
function in ...)
+       TODO: check
+CVE-2019-12975 (ImageMagick 7.0.8-34 has a memory leak vulnerability in the 
WriteDPXIm ...)
+       TODO: check
+CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in 
coders/pa ...)
+       TODO: check
+CVE-2019-12973 (In OpenJPEG 2.3.1, there is excessive iteration in the 
opj_t1_encode_c ...)
+       TODO: check
+CVE-2019-12972 (An issue was discovered in the Binary File Descriptor (BFD) 
library (a ...)
+       TODO: check
+CVE-2019-12971
+       RESERVED
+CVE-2019-12970
+       RESERVED
+CVE-2019-12969
+       RESERVED
+CVE-2019-12968 (A vulnerability was found in the Sonic Robo Blast 2 (SRB2) 
plugin (EP_ ...)
+       TODO: check
+CVE-2019-12967
+       RESERVED
+CVE-2019-12966 (FeHelper through 2019-06-19 allows arbitrary code execution 
during a J ...)
+       TODO: check
+CVE-2018-20847 (An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in 
the functi ...)
+       TODO: check
+CVE-2018-20846 (Out-of-bounds accesses in the functions pi_next_lrcp, 
pi_next_rlcp, pi ...)
+       TODO: check
+CVE-2018-20845 (Division-by-zero vulnerabilities in the functions 
pi_next_pcrl, pi_nex ...)
+       TODO: check
+CVE-2018-20844
+       RESERVED
 CVE-2019-XXXX [XXE vulnerability in SOAP notification server]
        - lemonldap-ng 2.0.0+ds-1 (bug #931117)
        [stretch] - lemonldap-ng <no-dsa> (Minor issue, can be fixed via point 
release, notification server not enabled by default)
@@ -171,7 +217,7 @@ CVE-2019-12890 (RedwoodHQ 2.5.5 does not require any 
authentication for database
 CVE-2019-12889
        RESERVED
 CVE-2019-12888
-       RESERVED
+       REJECTED
 CVE-2019-12887
        RESERVED
 CVE-2019-12886
@@ -3424,8 +3470,8 @@ CVE-2019-11585
        RESERVED
 CVE-2019-11584
        RESERVED
-CVE-2019-11583
-       RESERVED
+CVE-2019-11583 (The issue searching component in Jira before version 8.1.0 
allows remo ...)
+       TODO: check
 CVE-2019-11582 (An argument injection vulnerability in Atlassian Sourcetree 
for Window ...)
        NOT-FOR-US: Atlassian Sourcetree
 CVE-2019-11581
@@ -4241,8 +4287,8 @@ CVE-2019-11274
        RESERVED
 CVE-2019-11273
        RESERVED
-CVE-2019-11272
-       RESERVED
+CVE-2019-11272 (Spring Security, versions 4.2.x up to 4.2.12, and older 
unsupported ve ...)
+       TODO: check
 CVE-2019-11271 (Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a 
BOSH Di ...)
        NOT-FOR-US: Cloud Foundry
 CVE-2019-11270
@@ -6978,8 +7024,7 @@ CVE-2019-10166 [virDomainManagedSaveDefineXML API exposed 
to readonly clients]
 CVE-2019-10165
        RESERVED
        NOT-FOR-US: OpenShift
-CVE-2019-10164 [postgres: Stack-based buffer overflow via setting a password]
-       RESERVED
+CVE-2019-10164 (PostgreSQL versions 10.x before 10.9 and versions 11.x before 
11.4 are ...)
        - postgresql-11 11.4-1
        - postgresql-9.6 <not-affected> (Only affects 10.x and later)
        - postgresql-9.4 <not-affected> (Only affects 10.x and later)
@@ -7039,8 +7084,7 @@ CVE-2019-10155 (The Libreswan Project has found a 
vulnerability in the processin
        - freeswan <removed>
        NOTE: https://libreswan.org/security/CVE-2019-10155/
        NOTE: Not vulnerable: libreswan 3.29 and later, strongswan 5.0 and 
later, freeswan
-CVE-2019-10154
-       RESERVED
+CVE-2019-10154 (A flaw was found in Moodle before versions 3.7, 3.6.4. A web 
service f ...)
        - moodle <removed>
 CVE-2019-10153 [mis-handling of non-ASCII characters in guest comment fields]
        RESERVED
@@ -7112,10 +7156,10 @@ CVE-2019-10136
 CVE-2019-10135
        RESERVED
        NOTE: OpenShift Build Service client
-CVE-2019-10134
-       RESERVED
-CVE-2019-10133
-       RESERVED
+CVE-2019-10134 (A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 
3.1.18. ...)
+       TODO: check
+CVE-2019-10133 (A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 
3.1.18. ...)
+       TODO: check
 CVE-2019-10132 (A vulnerability was found in libvirt &gt;= 4.1.0 in the 
virtlockd-admi ...)
        - libvirt 5.0.0-3 (bug #929334)
        [stretch] - libvirt <not-affected> (Vulnerable code introduced in 
4.1.0-rc1)
@@ -10772,8 +10816,8 @@ CVE-2019-9041 (An issue was discovered in ZZZCMS zzzphp 
V1.6.1. In the inc/zzz_t
        NOT-FOR-US: ZZZCMS
 CVE-2019-9040 (S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user 
via th ...)
        NOT-FOR-US: S-CMS
-CVE-2019-9039
-       RESERVED
+CVE-2019-9039 (The Couchbase Sync Gateway 2.1.2 in combination with a 
Couchbase Serve ...)
+       TODO: check
 CVE-2019-9038 (An issue was discovered in libmatio.a in matio (aka MAT File 
I/O Libra ...)
        - libmatio 1.5.13-2 (low; bug #924185)
        [stretch] - libmatio <no-dsa> (Minor issue)
@@ -17958,20 +18002,20 @@ CVE-2019-6171
        RESERVED
 CVE-2019-6170
        RESERVED
-CVE-2019-6169
-       RESERVED
-CVE-2019-6168
-       RESERVED
-CVE-2019-6167
-       RESERVED
-CVE-2019-6166
-       RESERVED
+CVE-2019-6169 (A vulnerability reported in Lenovo Service Bridge before 
version 4.1.0 ...)
+       TODO: check
+CVE-2019-6168 (A vulnerability reported in Lenovo Service Bridge before 
version 4.1.0 ...)
+       TODO: check
+CVE-2019-6167 (A vulnerability reported in Lenovo Service Bridge before 
version 4.1.0 ...)
+       TODO: check
+CVE-2019-6166 (A vulnerability reported in Lenovo Service Bridge before 
version 4.1.0 ...)
+       TODO: check
 CVE-2019-6165
        RESERVED
 CVE-2019-6164
        RESERVED
-CVE-2019-6163
-       RESERVED
+CVE-2019-6163 (A denial of service vulnerability was reported in Lenovo System 
Update ...)
+       TODO: check
 CVE-2019-6162
        RESERVED
 CVE-2019-6161
@@ -22252,8 +22296,8 @@ CVE-2019-4243
        RESERVED
 CVE-2019-4242
        RESERVED
-CVE-2019-4241
-       RESERVED
+CVE-2019-4241 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow 
an auth ...)
+       TODO: check
 CVE-2019-4240
        RESERVED
 CVE-2019-4239 (IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 
3.0.1) stor ...)
@@ -22264,10 +22308,10 @@ CVE-2019-4237
        RESERVED
 CVE-2019-4236
        RESERVED
-CVE-2019-4235
-       RESERVED
-CVE-2019-4234
-       RESERVED
+CVE-2019-4235 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not 
require th ...)
+       TODO: check
+CVE-2019-4234 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in 
the imp ...)
+       TODO: check
 CVE-2019-4233
        RESERVED
 CVE-2019-4232
@@ -22284,10 +22328,10 @@ CVE-2019-4227
        RESERVED
 CVE-2019-4226
        RESERVED
-CVE-2019-4225
-       RESERVED
-CVE-2019-4224
-       RESERVED
+CVE-2019-4225 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores 
potentially  ...)
+       TODO: check
+CVE-2019-4224 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 is 
vulnerable to SQ ...)
+       TODO: check
 CVE-2019-4223
        RESERVED
 CVE-2019-4222 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 
6.0.0.1 could ...)
@@ -23892,8 +23936,7 @@ CVE-2019-3570
        RESERVED
        - hhvm <removed>
        NOTE: https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html
-CVE-2019-3569
-       RESERVED
+CVE-2019-3569 (HHVM, when used with FastCGI, would bind by default to all 
available i ...)
        - hhvm <removed>
        NOTE: https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html
 CVE-2019-3568 (A buffer overflow vulnerability in WhatsApp VOIP stack allowed 
remote  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7944d3426eea7fbb08cb232a637b3c318c655cab

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7944d3426eea7fbb08cb232a637b3c318c655cab
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to