[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 01 Aug 2019 01:10:43 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7f3b4ffc by security tracker role at 2019-08-01T08:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2019-14467
+       RESERVED
+CVE-2019-14466
+       RESERVED
+CVE-2019-14465 (fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has 
a heap-b ...)
+       TODO: check
+CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 
1.02.00 has a  ...)
+       TODO: check
+CVE-2019-14463 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x 
before 3.1 ...)
+       TODO: check
+CVE-2019-14462 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x 
before 3.1 ...)
+       TODO: check
+CVE-2019-14461
+       RESERVED
+CVE-2019-14460
+       RESERVED
+CVE-2019-14459 (nfdump 1.6.17 and earlier is affected by an integer overflow 
in the fu ...)
+       TODO: check
+CVE-2019-14458
+       RESERVED
+CVE-2019-14457
+       RESERVED
+CVE-2019-14456 (Opengear console server firmware releases prior to 4.5.0 have 
a stored ...)
+       TODO: check
+CVE-2019-14455
+       RESERVED
+CVE-2019-14454
+       RESERVED
+CVE-2013-7474
+       RESERVED
+CVE-2013-7473
+       RESERVED
 CVE-2019-14453
        RESERVED
 CVE-2018-20953
@@ -9393,7 +9425,7 @@ CVE-2019-11347
 CVE-2018-20817 (SV_SteamAuthClient in various Activision Infinity Ward Call of 
Duty ga ...)
        NOT-FOR-US: Activision
 CVE-2019-11555 (The EAP-pwd implementation in hostapd (EAP server) before 2.8 
and wpa_ ...)
-       {DSA-4450-1}
+       {DSA-4450-1 DLA-1867-1}
        - wpa 2:2.7+git20190128+0c1e29f-5 (bug #927463)
        NOTE: 
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt
        NOTE: Patches: https://w1.fi/security/2019-5/
@@ -12244,8 +12276,7 @@ CVE-2019-10200
        NOT-FOR-US: OpenShift
 CVE-2019-10199
        RESERVED
-CVE-2019-10198
-       RESERVED
+CVE-2019-10198 (An authentication bypass vulnerability was discovered in 
foreman-tasks ...)
        - foreman <itp> (bug #663101)
 CVE-2019-10197
        RESERVED
@@ -12284,18 +12315,15 @@ CVE-2019-10190 (A vulnerability was discovered in DNS 
resolver component of knot
        NOTE: https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html
        NOTE: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/827
        NOTE: https://www.openwall.com/lists/oss-security/2019/07/14/1
-CVE-2019-10189
-       RESERVED
-CVE-2019-10188
-       RESERVED
-CVE-2019-10187
-       RESERVED
+CVE-2019-10189 (A flaw was found in moodle before versions 3.7.1, 3.6.5, 
3.5.7. Teache ...)
+       TODO: check
+CVE-2019-10188 (A flaw was found in moodle before versions 3.7.1, 3.6.5, 
3.5.7. Teache ...)
+       TODO: check
+CVE-2019-10187 (A flaw was found in moodle before versions 3.7.1, 3.6.5, 
3.5.7. Users  ...)
        - moodle <removed>
-CVE-2019-10186
-       RESERVED
+CVE-2019-10186 (A flaw was found in moodle before versions 3.7.1, 3.6.5, 
3.5.7. A sess ...)
        - moodle <removed>
-CVE-2019-10185
-       RESERVED
+CVE-2019-10185 (It was found that icedtea-web up to and including 1.7.2 and 
1.8.2 was  ...)
        - icedtea-web <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2
        NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344
@@ -12306,13 +12334,11 @@ CVE-2019-10184 (undertow before version 2.0.23.Final 
is vulnerable to an informa
 CVE-2019-10183 (Virt-install(1) utility used to provision new virtual machines 
has int ...)
        - virt-manager <not-affected> (Vulnerable code introduced in v2.2.0)
        NOTE: 
https://www.redhat.com/archives/virt-tools-list/2019-July/msg00014.html
-CVE-2019-10182
-       RESERVED
+CVE-2019-10182 (It was found that icedtea-web though 1.7.2 and 1.8.2 did not 
properly  ...)
        - icedtea-web <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2
        NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344
-CVE-2019-10181
-       RESERVED
+CVE-2019-10181 (It was found that in icedtea-web up to and including 1.7.2 and 
1.8.2 e ...)
        - icedtea-web <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2
        NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344
@@ -15142,17 +15168,17 @@ CVE-2019-9500 [brcmfmac: assure SSID length from 
firmware is limited]
        [jessie] - linux <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff (5.1-rc1)
 CVE-2019-9499 (The implementations of EAP-PWD in wpa_supplicant EAP Peer, when 
built  ...)
-       {DSA-4430-1}
+       {DSA-4430-1 DLA-1867-1}
        - wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
        NOTE: 
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
        NOTE: Patches: https://w1.fi/security/2019-4/
 CVE-2019-9498 (The implementations of EAP-PWD in hostapd EAP Server, when 
built again ...)
-       {DSA-4430-1}
+       {DSA-4430-1 DLA-1867-1}
        - wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
        NOTE: 
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
        NOTE: Patches: https://w1.fi/security/2019-4/
 CVE-2019-9497 (The implementations of EAP-PWD in hostapd EAP Server and 
wpa_supplican ...)
-       {DSA-4430-1}
+       {DSA-4430-1 DLA-1867-1}
        - wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
        NOTE: 
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
        NOTE: Patches: https://w1.fi/security/2019-4/
@@ -15164,7 +15190,7 @@ CVE-2019-9496 (An invalid authentication sequence could 
result in the hostapd pr
        NOTE: Patches: https://w1.fi/security/2019-3/
        NOTE: CONFIG_SAE=y enabled since 2:2.7~git20180706+420b5dd-1
 CVE-2019-9495 (The implementations of EAP-PWD in hostapd and wpa_supplicant 
are vulne ...)
-       {DSA-4430-1}
+       {DSA-4430-1 DLA-1867-1}
        - wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
        NOTE: https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
        NOTE: Patches: https://w1.fi/security/2019-2/
@@ -21375,8 +21401,8 @@ CVE-2019-7002
        RESERVED
 CVE-2019-7001 (A SQL injection vulnerability in the WebUI component of IP 
Office Cont ...)
        NOT-FOR-US: IP Office Contact Center
-CVE-2019-7000
-       RESERVED
+CVE-2019-7000 (A Cross-Site Scripting (XSS) vulnerability in the Web UI of 
Avaya Aura ...)
+       TODO: check
 CVE-2019-6999
        RESERVED
 CVE-2019-6998
@@ -40593,6 +40619,7 @@ CVE-2019-0204 (A specifically crafted Docker image 
running under the root user c
        - apache-mesos <itp> (bug #760315)
 CVE-2019-0203 [Remote unauthenticated denial-of-service in Subversion svnserve]
        RESERVED
+       {DSA-4490-1}
        - subversion 1.10.6-1
        NOTE: https://subversion.apache.org/security/CVE-2019-0203-advisory.txt
 CVE-2019-0202 (The Apache Storm Logviewer daemon exposes HTTP-accessible 
endpoints to ...)
@@ -42645,7 +42672,7 @@ CVE-2018-18557 (LibTIFF 4.0.9 (with JBIG enabled) 
decodes arbitrarily-sized JBIG
        NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1697
        NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/38
        NOTE: 
https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66
-CVE-2018-20860 [out of bounds memory read in MED files]
+CVE-2018-20860 (libopenmpt before 0.3.13 allows a crash with malformed MED 
files. ...)
        - libopenmpt 0.3.13-1 (low; bug #911584)
        [stretch] - libopenmpt <no-dsa> (Minor issue)
        NOTE: 
https://lib.openmpt.org/libopenmpt/2018/10/21/security-updates-0.3.13-0.2.10933-beta36-0.2.7561-beta20.5-p11-0.2.7386-beta20.3-p14/
@@ -60561,6 +60588,7 @@ CVE-2018-11783 (sslheaders plugin extracts information 
from the client certifica
        NOTE: https://www.openwall.com/lists/oss-security/2019/02/13/6
 CVE-2018-11782 [Remotely triggerable DoS vulnerability in svnserve 
'get-deleted-rev']
        RESERVED
+       {DSA-4490-1}
        - subversion 1.10.6-1
        NOTE: https://subversion.apache.org/security/CVE-2018-11782-advisory.txt
 CVE-2018-11781 (Apache SpamAssassin 3.4.2 fixes a local user code injection in 
the met ...)
@@ -185738,8 +185766,7 @@ CVE-2015-5298 [Google Login Plugin for Jenkins 
authentication bypass]
        RESERVED
        NOT-FOR-US: Plugin not packaged in Debian
        NOTE: 
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-10-12
-CVE-2015-5297 [general_composite_rect() integer overflow]
-       RESERVED
+CVE-2015-5297 (An integer overflow issue has been reported in the 
general_composite_r ...)
        {DLA-1587-1}
        - pixman 0.33.4-1
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=92027



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f3b4ffcfabdc5cd0e16effcf209a8fb2183c5e3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f3b4ffcfabdc5cd0e16effcf209a8fb2183c5e3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to