[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 23 Jul 2019 13:11:29 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8a33d4fe by security tracker role at 2019-07-23T20:10:24Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2019-14241 (HAProxy through 2.0.2 allows attackers to cause a denial of 
service (h ...)
+       TODO: check
+CVE-2019-14240 (WCMS v0.3.2 has a CSRF vulnerability, with resultant directory 
travers ...)
+       TODO: check
 CVE-2019-14239
        RESERVED
 CVE-2019-14238
@@ -2384,8 +2388,8 @@ CVE-2019-13572
        RESERVED
 CVE-2019-13571
        RESERVED
-CVE-2019-13570
-       RESERVED
+CVE-2019-13570 (The AJdG AdRotate plugin before 5.3 for WordPress allows SQL 
Injection ...)
+       TODO: check
 CVE-2019-13569 (A SQL injection vulnerability exists in the Icegram Email 
Subscribers  ...)
        NOT-FOR-US: Icegram Email Subscribers & Newsletters plugin for WordPress
 CVE-2019-13568
@@ -5989,8 +5993,8 @@ CVE-2019-12164
        RESERVED
 CVE-2019-12163 (GAT-Ship Web Module through 1.30 allows remote attackers to 
obtain pot ...)
        NOT-FOR-US: GAT-Ship Web Module
-CVE-2019-12162
-       RESERVED
+CVE-2019-12162 (Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash 
of the do ...)
+       TODO: check
 CVE-2019-12161 (WPO WebPageTest 19.04 allows SSRF because ValidateURL in 
www/runtest.p ...)
        NOT-FOR-US: WPO WebPageTest
 CVE-2019-12160 (GoHTTP through 2017-07-25 has a sendHeader use-after-free. ...)
@@ -6949,8 +6953,7 @@ CVE-2019-11732
        RESERVED
 CVE-2019-11731
        RESERVED
-CVE-2019-11730
-       RESERVED
+CVE-2019-11730 (A vulnerability exists where if a user opens a locally saved 
HTML file ...)
        {DSA-4482-1 DSA-4479-1}
        - firefox 68.0-1
        - firefox-esr 60.8.0esr-1
@@ -6958,8 +6961,7 @@ CVE-2019-11730
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11730
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11730
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11730
-CVE-2019-11729
-       RESERVED
+CVE-2019-11729 (Empty or malformed p256-ECDH public keys may trigger a 
segmentation fa ...)
        {DLA-1857-1}
        - firefox 68.0-1 (unimportant)
        - firefox-esr 60.8.0esr-1 (unimportant)
@@ -6977,12 +6979,10 @@ CVE-2019-11729
        NOTE: firefox-esr in older suites than buster use the embedded copy and 
thus issue
        NOTE: is just fixed by updating firefox-esr to 60.8.0. For the others 
an update to
        NOTE: src:nss is needed as firefox-esr uses the system library.
-CVE-2019-11728
-       RESERVED
+CVE-2019-11728 (The HTTP Alternative Services header, Alt-Svc, can be used by 
a malici ...)
        - firefox 68.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11728
-CVE-2019-11727
-       RESERVED
+CVE-2019-11727 (A vulnerability exists where it possible to force Network 
Security Ser ...)
        - firefox 68.0-1 (unimportant)
        - nss 2:3.45-1
        [jessie] - nss <ignored> (Issue is specific to TLS 1.3 and support was 
not really complete in 3.26; code has diverged significantly since and applying 
the fix would be very disruptive)
@@ -6993,30 +6993,24 @@ CVE-2019-11727
        NOTE: src:nss is needed as firefox-esr uses the system library.
 CVE-2019-11726
        RESERVED
-CVE-2019-11725
-       RESERVED
+CVE-2019-11725 (When a user navigates to site marked as unsafe by the 
Safebrowsing API ...)
        - firefox 68.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11725
-CVE-2019-11724
-       RESERVED
+CVE-2019-11724 (Application permissions give additional remote troubleshooting 
permiss ...)
        - firefox 68.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11724
-CVE-2019-11723
-       RESERVED
+CVE-2019-11723 (A vulnerability exists during the installation of add-ons 
where the in ...)
        - firefox 68.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11723
 CVE-2019-11722
        RESERVED
-CVE-2019-11721
-       RESERVED
+CVE-2019-11721 (The unicode latin 'kra' character can be used to spoof a 
standard 'k'  ...)
        - firefox 68.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11721
-CVE-2019-11720
-       RESERVED
+CVE-2019-11720 (Some unicode characters are incorrectly treated as whitespace 
during t ...)
        - firefox 68.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11720
-CVE-2019-11719
-       RESERVED
+CVE-2019-11719 (When importing a curve25519 private key in PKCS#8format with 
leading 0 ...)
        {DLA-1857-1}
        - firefox 68.0-1 (unimportant)
        - firefox-esr 60.8.0esr-1 (unimportant)
@@ -7033,12 +7027,10 @@ CVE-2019-11719
        NOTE: firefox-esr in older suites than buster use the embedded copy and 
thus issue
        NOTE: is just fixed by updating firefox-esr to 60.8.0. For the others 
an update to
        NOTE: src:nss is needed as firefox-esr uses the system library.
-CVE-2019-11718
-       RESERVED
+CVE-2019-11718 (Activity Stream can display content from sent from the Snippet 
Service ...)
        - firefox 68.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11718
-CVE-2019-11717
-       RESERVED
+CVE-2019-11717 (A vulnerability exists where the caret ("^") character is 
improperly e ...)
        {DSA-4482-1 DSA-4479-1}
        - firefox 68.0-1
        - firefox-esr 60.8.0esr-1
@@ -7046,12 +7038,10 @@ CVE-2019-11717
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11717
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11717
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11717
-CVE-2019-11716
-       RESERVED
+CVE-2019-11716 (Until explicitly accessed by script, window.globalThis is not 
enumerab ...)
        - firefox 68.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11716
-CVE-2019-11715
-       RESERVED
+CVE-2019-11715 (Due to an error while parsing page content, it is possible for 
properl ...)
        {DSA-4482-1 DSA-4479-1}
        - firefox 68.0-1
        - firefox-esr 60.8.0esr-1
@@ -7059,12 +7049,10 @@ CVE-2019-11715
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11715
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11715
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11715
-CVE-2019-11714
-       RESERVED
+CVE-2019-11714 (Necko can access a child on the wrong thread during UDP 
connections, r ...)
        - firefox 68.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11714
-CVE-2019-11713
-       RESERVED
+CVE-2019-11713 (A use-after-free vulnerability can occur in HTTP/2 when a 
cached HTTP/ ...)
        {DSA-4482-1 DSA-4479-1}
        - firefox 68.0-1
        - firefox-esr 60.8.0esr-1
@@ -7072,8 +7060,7 @@ CVE-2019-11713
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11713
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11713
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11713
-CVE-2019-11712
-       RESERVED
+CVE-2019-11712 (POST requests made by NPAPI plugins, such as Flash, that 
receive a sta ...)
        {DSA-4482-1 DSA-4479-1}
        - firefox 68.0-1
        - firefox-esr 60.8.0esr-1
@@ -7081,8 +7068,7 @@ CVE-2019-11712
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11712
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11712
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11712
-CVE-2019-11711
-       RESERVED
+CVE-2019-11711 (When an inner window is reused, it does not consider the use 
of docume ...)
        {DSA-4482-1 DSA-4479-1}
        - firefox 68.0-1
        - firefox-esr 60.8.0esr-1
@@ -7090,12 +7076,10 @@ CVE-2019-11711
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11711
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11711
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11711
-CVE-2019-11710
-       RESERVED
+CVE-2019-11710 (Mozilla developers and community members reported memory 
safety bugs p ...)
        - firefox 68.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11710
-CVE-2019-11709
-       RESERVED
+CVE-2019-11709 (Mozilla developers and community members reported memory 
safety bugs p ...)
        {DSA-4482-1 DSA-4479-1}
        - firefox 68.0-1
        - firefox-esr 60.8.0esr-1
@@ -7103,70 +7087,59 @@ CVE-2019-11709
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11709
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11709
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11709
-CVE-2019-11708 [sandbox escape using Prompt:Open]
-       RESERVED
+CVE-2019-11708 (Insufficient vetting of parameters passed with the Prompt:Open 
IPC mes ...)
        {DSA-4474-1 DSA-4471-1 DLA-1836-1}
        - firefox 67.0.4-1
        - firefox-esr 60.7.2esr-1
        - thunderbird 1:60.7.2-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/#CVE-2019-11708
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/#CVE-2019-11708
-CVE-2019-11707
-       RESERVED
+CVE-2019-11707 (A type confusion vulnerability can occur when manipulating 
JavaScript  ...)
        {DSA-4471-1 DSA-4466-1 DLA-1836-1 DLA-1829-1}
        - firefox 67.0.3-1
        - firefox-esr 60.7.1esr-1
        - thunderbird 1:60.7.2-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/#CVE-2019-11707
-CVE-2019-11706 [X41-2019-004]
-       RESERVED
+CVE-2019-11706 (A flaw in Thunderbird's implementation of iCal causes a type 
confusion ...)
        {DSA-4464-1 DLA-1820-1}
        - thunderbird 1:60.7.1-1
        NOTE: https://www.openwall.com/lists/oss-security/2019/06/13/4
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1555646
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/#CVE-2019-11706
-CVE-2019-11705 [X41-2019-003]
-       RESERVED
+CVE-2019-11705 (A flaw in Thunderbird's implementation of iCal causes a stack 
buffer o ...)
        {DSA-4464-1 DLA-1820-1}
        - thunderbird 1:60.7.1-1
        NOTE: https://www.openwall.com/lists/oss-security/2019/06/13/3
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1553808
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/#CVE-2019-11705
-CVE-2019-11704 [X41-2019-001]
-       RESERVED
+CVE-2019-11704 (A flaw in Thunderbird's implementation of iCal causes a heap 
buffer ov ...)
        {DSA-4464-1 DLA-1820-1}
        - thunderbird 1:60.7.1-1
        NOTE: https://www.openwall.com/lists/oss-security/2019/06/13/1
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1553814
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/#CVE-2019-11704
-CVE-2019-11703 [X41-2019-002]
-       RESERVED
+CVE-2019-11703 (A flaw in Thunderbird's implementation of iCal causes a heap 
buffer ov ...)
        {DSA-4464-1 DLA-1820-1}
        - thunderbird 1:60.7.1-1
        NOTE: https://www.openwall.com/lists/oss-security/2019/06/13/2
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1553820
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/#CVE-2019-11703
-CVE-2019-11702 [IE protocols can be used to open known local files]
-       RESERVED
+CVE-2019-11702 (A hyperlink using protocols associated with Internet Explorer, 
such as ...)
        - firefox <not-affected> (Windows-specific)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-16/#CVE-2019-11702
-CVE-2019-11701
-       RESERVED
+CVE-2019-11701 (The default webcal: protocol handler will load a web site 
vulnerable t ...)
        [experimental] - firefox 67.0-1
        - firefox 67.0-2
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11701
-CVE-2019-11700
-       RESERVED
+CVE-2019-11700 (A hyperlink using the res: protocol can be used to open local 
files at ...)
        - firefox <not-affected> (Windows-specific)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11700
-CVE-2019-11699
-       RESERVED
+CVE-2019-11699 (A malicious page can briefly cause the wrong name to be 
highlighted as ...)
        [experimental] - firefox 67.0-1
        - firefox 67.0-2
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11699
-CVE-2019-11698
-       RESERVED
+CVE-2019-11698 (If a crafted hyperlink is dragged and dropped to the bookmark 
bar or s ...)
        {DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
        [experimental] - firefox 67.0-1
        - firefox 67.0-2
@@ -7175,31 +7148,26 @@ CVE-2019-11698
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11698
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11698
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11698
-CVE-2019-11697
-       RESERVED
+CVE-2019-11697 (If the ALT and "a" keys are pressed when users receive an 
extension in ...)
        [experimental] - firefox 67.0-1
        - firefox 67.0-2
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11697
-CVE-2019-11696
-       RESERVED
+CVE-2019-11696 (Files with the .JNLP extension used for "Java web start" 
applications  ...)
        [experimental] - firefox 67.0-1
        - firefox 67.0-2
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11696
-CVE-2019-11695
-       RESERVED
+CVE-2019-11695 (A custom cursor defined by scripting on a site can position 
itself ove ...)
        [experimental] - firefox 67.0-1
        - firefox 67.0-2
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11695
-CVE-2019-11694
-       RESERVED
+CVE-2019-11694 (A vulnerability exists in the Windows sandbox where an 
uninitialized v ...)
        - firefox <not-affected> (Windows-specific)
        - firefox-esr <not-affected> (Windows-specific)
        - thunderbird <not-affected> (Windows-specific)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11694
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11694
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11694
-CVE-2019-11693
-       RESERVED
+CVE-2019-11693 (The bufferdata function in WebGL is vulnerable to a buffer 
overflow wi ...)
        {DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
        [experimental] - firefox 67.0-1
        - firefox 67.0-2
@@ -7208,8 +7176,7 @@ CVE-2019-11693
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11693
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11693
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11693
-CVE-2019-11692
-       RESERVED
+CVE-2019-11692 (A use-after-free vulnerability can occur when listeners are 
removed fr ...)
        {DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
        [experimental] - firefox 67.0-1
        - firefox 67.0-2
@@ -7218,8 +7185,7 @@ CVE-2019-11692
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11692
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11692
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11692
-CVE-2019-11691
-       RESERVED
+CVE-2019-11691 (A use-after-free vulnerability can occur when working with 
XMLHttpRequ ...)
        {DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
        [experimental] - firefox 67.0-1
        - firefox 67.0-2
@@ -7593,7 +7559,7 @@ CVE-2019-11556
        RESERVED
 CVE-2019-11554
        RESERVED
-CVE-2019-11553 (Code42 for Enterprise through 6.8.4 has Incorrect Access 
Control. ...)
+CVE-2019-11553 (In Code42 for Enterprise through 6.8.4, an administrator 
without web r ...)
        NOT-FOR-US: Code42 for Enterprise
 CVE-2019-11552 (Code42 Enterprise and Crashplan for Small Business Client 
version 6.7  ...)
        NOT-FOR-US: Code42
@@ -11071,8 +11037,7 @@ CVE-2019-10175 (A flaw was found in the 
containerized-data-importer in virt-cdi-
        NOT-FOR-US: KubeVirt
 CVE-2019-10174
        RESERVED
-CVE-2019-10173 [Regression from CVE-2013-7285]
-       RESERVED
+CVE-2019-10173 (It was found that xstream API version 1.4.10 before 1.4.11 
introduced  ...)
        - libxstream-java 1.4.11-1
        [stretch] - libxstream-java <not-affected> (Regression introduced in 
1.4.10)
        [jessie] - libxstream-java <not-affected> (Regression introduced in 
1.4.10)
@@ -12170,8 +12135,8 @@ CVE-2019-1010223 (aubio 0.4.8 and earlier is affected 
by: Buffer Overflow. The i
 CVE-2019-1010222 (aubio 0.4.8 and earlier is affected by: null pointer. The 
impact is: c ...)
        - aubio 0.4.9-1
        NOTE: 
https://github.com/aubio/aubio/commit/eda95c9c22b4f0b466ae94c4708765eaae6e709e 
(0.4.9)
-CVE-2019-1010221
-       RESERVED
+CVE-2019-1010221 (LineageOS 16.0 and earlier is affected by: Incorrect Access 
Control. T ...)
+       TODO: check
 CVE-2019-1010220 (tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer 
Over-read. T ...)
        TODO: check
 CVE-2019-1010219
@@ -12194,28 +12159,28 @@ CVE-2019-1010211
        RESERVED
 CVE-2019-1010210
        RESERVED
-CVE-2019-1010209
-       RESERVED
-CVE-2019-1010208
-       RESERVED
-CVE-2019-1010207
-       RESERVED
-CVE-2019-1010206
-       RESERVED
-CVE-2019-1010205
-       RESERVED
-CVE-2019-1010204
-       RESERVED
+CVE-2019-1010209 (GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is 
affected by: CWE ...)
+       TODO: check
+CVE-2019-1010208 (IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 
(Veracryp ...)
+       TODO: check
+CVE-2019-1010207 (Genetechsolutions Pie Register 3.0.15 is affected by: Cross 
Site Scrip ...)
+       TODO: check
+CVE-2019-1010206 (OSS Http Request (Apache Cordova Plugin) 6 is affected by: 
Missing SSL ...)
+       TODO: check
+CVE-2019-1010205 (LINAGORA hublin latest (commit 
72ead897082403126bf8df9264e70f0a9de247f ...)
+       TODO: check
+CVE-2019-1010204 (GNU binutils gold gold v1.11-v1.16 (GNU binutils 
v2.21-v2.31.1) is aff ...)
+       TODO: check
 CVE-2019-1010203
        RESERVED
-CVE-2019-1010202
-       RESERVED
-CVE-2019-1010201
-       RESERVED
-CVE-2019-1010200
-       RESERVED
-CVE-2019-1010199
-       RESERVED
+CVE-2019-1010202 (Jeesite 1.2.7 is affected by: XML External Entity (XXE). The 
impact is ...)
+       TODO: check
+CVE-2019-1010201 (Jeesite 1.2.7 is affected by: SQL Injection. The impact is: 
sensitive  ...)
+       TODO: check
+CVE-2019-1010200 (Voice Builder Prior to commit 
c145d4604df67e6fc625992412eef0bf9a85e26b ...)
+       TODO: check
+CVE-2019-1010199 (ServiceStack ServiceStack Framework 4.5.14 is affected by: 
Cross Site  ...)
+       TODO: check
 CVE-2019-1010198
        RESERVED
 CVE-2019-1010197
@@ -12266,16 +12231,16 @@ CVE-2019-1010175
        RESERVED
 CVE-2019-1010174
        RESERVED
-CVE-2019-1010173
-       RESERVED
+CVE-2019-1010173 (Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The 
impact is ...)
+       TODO: check
 CVE-2019-1010172
        RESERVED
-CVE-2019-1010171
-       RESERVED
-CVE-2019-1010170
-       RESERVED
-CVE-2019-1010169
-       RESERVED
+CVE-2019-1010171 (Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. 
The impac ...)
+       TODO: check
+CVE-2019-1010170 (Jsish 2.4.77 2.0477 is affected by: Use After Free. The 
impact is: den ...)
+       TODO: check
+CVE-2019-1010169 (Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. The 
impact is: ...)
+       TODO: check
 CVE-2019-1010168
        RESERVED
 CVE-2019-1010167
@@ -12288,8 +12253,8 @@ CVE-2019-1010164
        RESERVED
 CVE-2019-1010163
        RESERVED
-CVE-2019-1010162
-       RESERVED
+CVE-2019-1010162 (jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer 
Dereference. ...)
+       TODO: check
 CVE-2019-1010161
        RESERVED
 CVE-2019-1010160
@@ -12300,24 +12265,24 @@ CVE-2019-1010158
        RESERVED
 CVE-2019-1010157
        RESERVED
-CVE-2019-1010156
-       RESERVED
-CVE-2019-1010155
-       RESERVED
+CVE-2019-1010156 (D-Link DSL-2750U Firmware 1.11 is affected by: 
Authentication Bypass.  ...)
+       TODO: check
+CVE-2019-1010155 (D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. 
The impac ...)
+       TODO: check
 CVE-2019-1010154
        RESERVED
-CVE-2019-1010153
-       RESERVED
-CVE-2019-1010152
-       RESERVED
+CVE-2019-1010153 (zzcms 8.3 and earlier is affected by: SQL Injection. The 
impact is: sq ...)
+       TODO: check
+CVE-2019-1010152 (zzcms 8.3 and earlier is affected by: File Delete to Code 
Execution. T ...)
+       TODO: check
 CVE-2019-1010151 (zzcms zzmcms 8.3 and earlier is affected by: File Delete to 
getshell.  ...)
        NOT-FOR-US: zzcms
-CVE-2019-1010150
-       RESERVED
-CVE-2019-1010149
-       RESERVED
-CVE-2019-1010148
-       RESERVED
+CVE-2019-1010150 (zzcms 8.3 and earlier is affected by: File Delete to Code 
Execution. T ...)
+       TODO: check
+CVE-2019-1010149 (zzcms version 8.3 and earlier is affected by: File Delete to 
Code Exec ...)
+       TODO: check
+CVE-2019-1010148 (zzcms version 8.3 and earlier is affected by: SQL Injection. 
The impac ...)
+       TODO: check
 CVE-2019-1010147
        RESERVED
 CVE-2019-1010146
@@ -12357,8 +12322,8 @@ CVE-2019-1010131
        RESERVED
 CVE-2019-1010130
        RESERVED
-CVE-2019-1010129
-       RESERVED
+CVE-2019-1010129 (VCFTools vcfools prior to version 0.1.15 is affected by: 
Heap Use-Afte ...)
+       TODO: check
 CVE-2019-1010128
        RESERVED
 CVE-2019-1010127
@@ -12367,10 +12332,10 @@ CVE-2019-1010126
        RESERVED
 CVE-2019-1010125
        RESERVED
-CVE-2019-1010124
-       RESERVED
-CVE-2019-1010123
-       RESERVED
+CVE-2019-1010124 (WebAppick WooCommerce Product Feed 2.2.18 and earlier is 
affected by:  ...)
+       TODO: check
+CVE-2019-1010123 (MODX Revolution Gallery 1.7.0 is affected by: CWE-434: 
Unrestricted Up ...)
+       TODO: check
 CVE-2019-1010122
        RESERVED
 CVE-2019-1010121
@@ -12854,13 +12819,11 @@ CVE-2019-9823 (In several JetBrains IntelliJ IDEA 
versions, creating remote run
        NOT-FOR-US: JetBrains IntelliJ IDEA
 CVE-2019-9822
        RESERVED
-CVE-2019-9821
-       RESERVED
+CVE-2019-9821 (A use-after-free vulnerability can occur in AssertWorkerThread 
due to  ...)
        [experimental] - firefox 67.0-1
        - firefox 67.0-2
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9821
-CVE-2019-9820
-       RESERVED
+CVE-2019-9820 (A use-after-free vulnerability can occur in the chrome event 
handler w ...)
        {DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
        [experimental] - firefox 67.0-1
        - firefox 67.0-2
@@ -12869,8 +12832,7 @@ CVE-2019-9820
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9820
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9820
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9820
-CVE-2019-9819
-       RESERVED
+CVE-2019-9819 (A vulnerability where a JavaScript compartment mismatch can 
occur whil ...)
        {DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
        [experimental] - firefox 67.0-1
        - firefox 67.0-2
@@ -12879,16 +12841,14 @@ CVE-2019-9819
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9819
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9819
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9819
-CVE-2019-9818
-       RESERVED
+CVE-2019-9818 (A race condition is present in the crash generation server used 
to gen ...)
        - firefox <not-affected> (Windows-specific)
        - firefox-esr <not-affected> (Windows-specific)
        - thunderbird <not-affected> (Windows-specific)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9818
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9818
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9818
-CVE-2019-9817
-       RESERVED
+CVE-2019-9817 (Images from a different domain can be read using a canvas 
object in so ...)
        {DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
        [experimental] - firefox 67.0-1
        - firefox 67.0-2
@@ -12897,8 +12857,7 @@ CVE-2019-9817
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9817
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9817
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9817
-CVE-2019-9816
-       RESERVED
+CVE-2019-9816 (A possible vulnerability exists where type confusion can occur 
when ma ...)
        {DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
        [experimental] - firefox 67.0-1
        - firefox 67.0-2
@@ -12907,16 +12866,14 @@ CVE-2019-9816
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9816
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9816
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9816
-CVE-2019-9815
-       RESERVED
+CVE-2019-9815 (If hyperthreading is not disabled, a timing attack 
vulnerability exist ...)
        - firefox <not-affected> (MacOS-specific)
        - firefox-esr <not-affected> (MacOS-specific)
        - thunderbird <not-affected> (MacOS-specific)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9815
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9815
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9815
-CVE-2019-9814
-       RESERVED
+CVE-2019-9814 (Mozilla developers and community members reported memory safety 
bugs p ...)
        [experimental] - firefox 67.0-1
        - firefox 67.0-2
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9814
@@ -12928,8 +12885,7 @@ CVE-2019-9813 (Incorrect handling of __proto__ 
mutations may lead to type confus
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/#CVE-2019-9813
 CVE-2019-9812
        RESERVED
-CVE-2019-9811
-       RESERVED
+CVE-2019-9811 (As part of a winning Pwn2Own entry, a researcher demonstrated a 
sandbo ...)
        {DSA-4482-1 DSA-4479-1}
        - firefox 68.0-1
        - firefox-esr 60.8.0esr-1
@@ -12974,8 +12930,7 @@ CVE-2019-9801 (Firefox will accept any registered 
Program ID as an external prot
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9801
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9801
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9801
-CVE-2019-9800
-       RESERVED
+CVE-2019-9800 (Mozilla developers and community members reported memory safety 
bugs p ...)
        {DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
        [experimental] - firefox 67.0-1
        - firefox 67.0-2
@@ -41092,22 +41047,22 @@ CVE-2018-18678
        RESERVED
 CVE-2018-18677
        RESERVED
-CVE-2018-18676
-       RESERVED
-CVE-2018-18675
-       RESERVED
+CVE-2018-18676 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to 
inject arbit ...)
+       TODO: check
+CVE-2018-18675 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to 
inject arbit ...)
+       TODO: check
 CVE-2018-18674
        RESERVED
-CVE-2018-18673
-       RESERVED
-CVE-2018-18672
-       RESERVED
-CVE-2018-18671
-       RESERVED
-CVE-2018-18670
-       RESERVED
-CVE-2018-18669
-       RESERVED
+CVE-2018-18673 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to 
inject arbit ...)
+       TODO: check
+CVE-2018-18672 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to 
inject arbit ...)
+       TODO: check
+CVE-2018-18671 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to 
inject arbit ...)
+       TODO: check
+CVE-2018-18670 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to 
inject arbit ...)
+       TODO: check
+CVE-2018-18669 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to 
inject arbit ...)
+       TODO: check
 CVE-2018-18668
        RESERVED
 CVE-2018-18667 (The mintToken function of Pylon (PYLNT) aka PylonToken, an 
Ethereum to ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a33d4fe483bc74ce06115bd5561fc44a5119ee7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a33d4fe483bc74ce06115bd5561fc44a5119ee7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to