Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a9810454 by security tracker role at 2019-08-12T08:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,153 @@
+CVE-2019-14950
+ RESERVED
+CVE-2019-14949
+ RESERVED
+CVE-2019-14948
+ RESERVED
+CVE-2019-14947
+ RESERVED
+CVE-2019-14946
+ RESERVED
+CVE-2019-14945
+ RESERVED
+CVE-2019-14944
+ RESERVED
+CVE-2019-14943
+ RESERVED
+CVE-2019-14942
+ RESERVED
+CVE-2019-14941
+ RESERVED
+CVE-2019-14940 (In Storage Performance Development Kit (SPDK) before 19.07, a
user of ...)
+ TODO: check
+CVE-2019-14939 (An issue was discovered in the mysql (aka mysqljs) module
2.17.1 for N ...)
+ TODO: check
+CVE-2019-14938
+ RESERVED
+CVE-2019-14937
+ RESERVED
+CVE-2019-14936
+ RESERVED
+CVE-2019-14935 (3CX Phone 15 on Windows has insecure permissions on the
"%PROGRAMDATA% ...)
+ TODO: check
+CVE-2019-14934 (An issue was discovered in PDFResurrect before 0.18.
pdf_load_pages_ki ...)
+ TODO: check
+CVE-2019-14933 (Bagisto 0.1.5 allows CSRF under /admin URIs. ...)
+ TODO: check
+CVE-2019-14932
+ RESERVED
+CVE-2018-20966
+ RESERVED
+CVE-2018-20965
+ RESERVED
+CVE-2018-20964
+ RESERVED
+CVE-2018-20963
+ RESERVED
+CVE-2017-18508
+ RESERVED
+CVE-2017-18507
+ RESERVED
+CVE-2017-18506
+ RESERVED
+CVE-2017-18505
+ RESERVED
+CVE-2017-18504
+ RESERVED
+CVE-2017-18503
+ RESERVED
+CVE-2017-18502
+ RESERVED
+CVE-2017-18501
+ RESERVED
+CVE-2017-18500
+ RESERVED
+CVE-2017-18499
+ RESERVED
+CVE-2017-18498
+ RESERVED
+CVE-2017-18497
+ RESERVED
+CVE-2017-18496
+ RESERVED
+CVE-2017-18495
+ RESERVED
+CVE-2017-18494
+ RESERVED
+CVE-2017-18493
+ RESERVED
+CVE-2017-18492
+ RESERVED
+CVE-2017-18491
+ RESERVED
+CVE-2017-18490
+ RESERVED
+CVE-2017-18489
+ RESERVED
+CVE-2017-18488
+ RESERVED
+CVE-2017-18487
+ RESERVED
+CVE-2016-10879
+ RESERVED
+CVE-2016-10878
+ RESERVED
+CVE-2016-10877
+ RESERVED
+CVE-2016-10876
+ RESERVED
+CVE-2016-10875
+ RESERVED
+CVE-2016-10874
+ RESERVED
+CVE-2016-10873
+ RESERVED
+CVE-2016-10872
+ RESERVED
+CVE-2016-10871
+ RESERVED
+CVE-2016-10870
+ RESERVED
+CVE-2016-10869
+ RESERVED
+CVE-2016-10868
+ RESERVED
+CVE-2016-10867
+ RESERVED
+CVE-2016-10866
+ RESERVED
+CVE-2015-9306
+ RESERVED
+CVE-2015-9305
+ RESERVED
+CVE-2015-9304
+ RESERVED
+CVE-2015-9303
+ RESERVED
+CVE-2015-9302
+ RESERVED
+CVE-2015-9301
+ RESERVED
+CVE-2015-9300
+ RESERVED
+CVE-2015-9299
+ RESERVED
+CVE-2015-9298
+ RESERVED
+CVE-2015-9297
+ RESERVED
+CVE-2015-9296
+ RESERVED
+CVE-2015-9295
+ RESERVED
+CVE-2015-9294
+ RESERVED
+CVE-2015-9293
+ RESERVED
+CVE-2013-7475
+ RESERVED
+CVE-2012-6713
+ RESERVED
CVE-2019-14931
RESERVED
CVE-2019-14930
@@ -2120,11 +2270,11 @@ CVE-2015-9288 (The Unity Web Player plugin before
4.6.6f2 and 5.x before 5.0.3f2
CVE-2019-1000033
REJECTED
CVE-2019-14284 (In the Linux kernel before 5.2.3, drivers/block/floppy.c
allows a deni ...)
- {DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1}
- linux 5.2.6-1
NOTE: Fixed by:
https://git.kernel.org/linus/f3554aeb991214cbfafd17d55e2bfddb50282e32
CVE-2019-14283 (In the Linux kernel before 5.2.3, set_geometry in
drivers/block/floppy ...)
- {DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1}
- linux 5.2.6-1
NOTE: Fixed by:
https://git.kernel.org/linus/da99466ac243f15fbba65bd261bfc75ffa1532b6
CVE-2019-1020019 (invenio-previewer before 1.0.0a12 allows XSS. ...)
@@ -3553,10 +3703,11 @@ CVE-2019-13650
CVE-2019-13649
RESERVED
CVE-2019-13648 (In the Linux kernel through 5.2.1 on the powerpc platform,
when hardwa ...)
- {DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1}
- linux 5.2.6-1
NOTE: https://patchwork.ozlabs.org/patch/1133904/
CVE-2018-20856 (An issue was discovered in the Linux kernel before 4.18.7. In
block/bl ...)
+ {DSA-4497-1}
- linux 4.18.8-1
[jessie] - linux <not-affected> (Vulnerability introduced later)
NOTE: Fixed by:
https://git.kernel.org/linus/54648cf1ec2d7f4b6a71767799c45676a138ca24
@@ -3613,7 +3764,7 @@ CVE-2019-13633
CVE-2019-13632
RESERVED
CVE-2019-13631 (In parse_hid_report_descriptor in drivers/input/tablet/gtco.c
in the L ...)
- {DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1}
- linux 5.2.6-1
NOTE: https://patchwork.kernel.org/patch/11040813/
CVE-2019-13630
@@ -5033,6 +5184,7 @@ CVE-2019-13459
RESERVED
CVE-2019-13458
RESERVED
+ {DLA-1877-1}
- otrs2 6.0.20-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -6991,6 +7143,7 @@ CVE-2019-12747 (TYPO3 8.x through 8.7.26 and 9.x through
9.5.7 allows Deserializ
NOT-FOR-US: Typo3
CVE-2019-12746
RESERVED
+ {DLA-1877-1}
- otrs2 6.0.20-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -9289,7 +9442,7 @@ CVE-2019-11810 (An issue was discovered in the Linux
kernel before 5.0.7. A NULL
CVE-2019-11809 (An issue was discovered in Joomla! before 3.9.6. The debug
views of co ...)
NOT-FOR-US: Joomla!
CVE-2018-20836 (An issue was discovered in the Linux kernel before 4.20. There
is a ra ...)
- {DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1}
- linux 5.2.6-1
NOTE: Fixed by:
https://git.kernel.org/linus/b90cd6f2b905905fb42671009dc0e27c310a16ae
CVE-2019-11808 (Ratpack versions before 1.6.1 generate a session ID using a
cryptograp ...)
@@ -12545,11 +12698,11 @@ CVE-2019-10640 (An issue was discovered in GitLab
Community and Enterprise Editi
- gitlab 11.8.6+dfsg-1 (bug #926482)
NOTE:
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10639 (The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8
allows I ...)
- {DLA-1862-1}
+ {DSA-4497-1 DLA-1862-1}
- linux 4.19.37-1
NOTE: https://arxiv.org/pdf/1906.10478.pdf
CVE-2019-10638 (In the Linux kernel before 5.1.7, a device can be tracked by
an attack ...)
- {DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1}
- linux 5.2.6-1
NOTE: https://arxiv.org/pdf/1906.10478.pdf
CVE-2019-10637 (Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080,
88SS1093, 88SS10 ...)
@@ -13497,7 +13650,7 @@ CVE-2019-10208 [postgres: Require schema qualification
to cast to a temporary ty
NOTE: https://www.postgresql.org/about/news/1960/
CVE-2019-10207 [bluetooth: hci_uart: 0x0 address execution as nonprivileged
user]
RESERVED
- {DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1}
- linux 5.2.6-1
NOTE: https://www.openwall.com/lists/oss-security/2019/07/25/1
NOTE:
https://lore.kernel.org/linux-bluetooth/[email protected]/T/#u
@@ -29861,6 +30014,7 @@ CVE-2019-3901 (A race condition in perf_event_open()
allows local attackers to l
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=807
NOTE: Fixed by:
https://git.kernel.org/linus/79c9ce57eb2d5f1497546a3946b4ae21b6fdc438
CVE-2019-3900 (An infinite loop issue was found in the vhost_net kernel module
in Lin ...)
+ {DSA-4497-1}
- linux 5.2.6-1
CVE-2019-3899 (It was found that default configuration of Heketi does not
require any ...)
- heketi <itp> (bug #903384)
@@ -29937,7 +30091,7 @@ CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2,
requests are handled by wor
NOTE: https://pagure.io/389-ds-base/c/fcf2b5ddb (389-ds-base-1.4.0)
NOTE: https://pagure.io/389-ds-base/c/dd4b69b55 (389-ds-base-1.3.9)
CVE-2019-3882 (A flaw was found in the Linux kernel's vfio interface
implementation t ...)
- {DLA-1799-1}
+ {DSA-4497-1 DLA-1799-1}
- linux 4.19.37-1
NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/1
NOTE:
https://lore.kernel.org/lkml/[email protected]/T/#u
@@ -39150,7 +39304,7 @@ CVE-2019-1126 (A security feature bypass vulnerability
exists in Active Director
NOT-FOR-US: Microsoft
CVE-2019-1125 [Spectre v1 SWAPGS]
RESERVED
- {DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1}
- linux 5.2.7-1
NOTE: https://access.redhat.com/articles/4329821
CVE-2019-1124 (A remote code execution vulnerability exists in the way that
DirectWri ...)
@@ -62588,6 +62742,7 @@ CVE-2018-11565 (Mahara 17.04 before 17.04.8 and 17.10
before 17.10.5 and 18.04 b
CVE-2018-11564 (Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a
user to upl ...)
NOT-FOR-US: Pagekit CMS
CVE-2018-11563 (An issue was discovered in Open Ticket Request System (OTRS)
6.0.x thr ...)
+ {DLA-1877-1}
- otrs2 6.0.8-1
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE:
https://community.otrs.com/security-advisory-2018-02-security-update-for-otrs-framework/
@@ -78627,7 +78782,7 @@ CVE-2018-5996 (Insufficient exception handling in the
method NCompress::NRar3::C
[wheezy] - p7zip-rar <no-dsa> (Non-free not supported)
NOTE:
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
CVE-2018-5995 (The pcpu_embed_first_chunk function in mm/percpu.c in the Linux
kernel ...)
- {DLA-1799-1}
+ {DSA-4497-1 DLA-1799-1}
- linux 4.15.4-1
[stretch] - linux <ignored> (kernel log restricted to root by default)
CVE-2018-5994 (SQL Injection exists in the JS Jobs 1.1.9 component for Joomla!
via th ...)
@@ -176160,6 +176315,7 @@ CVE-2015-8554 (Buffer overflow in hw/pt-msi.c in Xen
4.6.x and earlier, when usi
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-164.html
CVE-2015-8553 (Xen allows guest OS users to obtain sensitive information from
uniniti ...)
+ {DSA-4497-1}
- linux 4.19.37-1
[stretch] - linux <ignored> (Intrusive; breaks qemu as used in Jessie;
cf. kernel-sec for more details)
[jessie] - linux <ignored> (Intrusive; breaks qemu as used in Jessie;
cf. kernel-sec for more details)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a98104540fc2c12bfb8aa51f8bfb306e505930ac
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a98104540fc2c12bfb8aa51f8bfb306e505930ac
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
