Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c384f9f4 by security tracker role at 2019-08-16T20:10:23Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,17 @@
-CVE-2019-15118 [ALSA: usb-audio: Fix a stack buffer overflow bug in
check_input_term]
+CVE-2019-15123
+ RESERVED
+CVE-2019-15122
+ RESERVED
+CVE-2019-15121
+ RESERVED
+CVE-2019-15120 (The Kunena extension before 5.1.14 for Joomla! allows XSS via
BBCode. ...)
+ TODO: check
+CVE-2019-15119 (lib/install/install.go in cnlh nps through 0.23.2 uses 0777
permission ...)
+ TODO: check
+CVE-2019-15118 (check_input_term in sound/usb/mixer.c in the Linux kernel
through 5.2. ...)
- linux <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/19bce474c45be69a284ecee660aa12d8f1e88f18
-CVE-2019-15117 [ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit]
+CVE-2019-15117 (parse_audio_mixer_unit in sound/usb/mixer.c in the Linux
kernel throug ...)
- linux <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/daac07156b330b18eb5071aec4b3ddca1c377f2c
CVE-2019-15116
@@ -50,8 +60,8 @@ CVE-2019-15093
RESERVED
CVE-2019-15092
RESERVED
-CVE-2019-15091
- RESERVED
+CVE-2019-15091 (filemgr.php in Artica Integria IMS 5.0.86 allows
index.php?sec=wiki&am ...)
+ TODO: check
CVE-2019-15089
RESERVED
CVE-2019-15088
@@ -77,10 +87,11 @@ CVE-2018-20971
CVE-2018-20970
RESERVED
CVE-2018-20969 (do_ed_script in pch.c in GNU patch through 2.7.6 does not
block string ...)
+ {DSA-4489-1 DLA-1864-1}
- patch 2.7.6-5
NOTE:
https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0
-CVE-2017-18548
- RESERVED
+CVE-2017-18548 (The note-press plugin before 0.1.2 for WordPress has SQL
injection. ...)
+ TODO: check
CVE-2017-18547
RESERVED
CVE-2017-18546
@@ -125,8 +136,8 @@ CVE-2017-18527
RESERVED
CVE-2017-18526
RESERVED
-CVE-2016-10904
- RESERVED
+CVE-2016-10904 (The olimometer plugin before 2.57 for WordPress has SQL
injection. ...)
+ TODO: check
CVE-2016-10903
RESERVED
CVE-2016-10902
@@ -145,10 +156,10 @@ CVE-2016-10896
RESERVED
CVE-2016-10895
RESERVED
-CVE-2015-9326
- RESERVED
-CVE-2015-9325
- RESERVED
+CVE-2015-9326 (The wp-business-intelligence-lite plugin before 1.6.3 for
WordPress ha ...)
+ TODO: check
+CVE-2015-9325 (The visitors-online plugin before 0.4 for WordPress has SQL
injection. ...)
+ TODO: check
CVE-2015-9324
RESERVED
CVE-2015-9323
@@ -729,8 +740,8 @@ CVE-2019-14925
RESERVED
CVE-2019-14924 (An issue was discovered in GCDWebServer before 3.5.3. The
method moveI ...)
NOT-FOR-US: GCDWebServer
-CVE-2019-14923
- RESERVED
+CVE-2019-14923 (EyesOfNetwork 5.1 allows Remote Command Execution via shell
metacharac ...)
+ TODO: check
CVE-2019-14922
RESERVED
CVE-2019-14921
@@ -6150,6 +6161,7 @@ CVE-2019-13307 (ImageMagick 7.0.8-50 Q16 has a heap-based
buffer overflow at Mag
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/e6d26d4e2f07375ddbf46a857d309d51eeff7ee1
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/643921ca69a20b203faebd0b287d8b7012dc749d
CVE-2019-13306 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at
coders/p ...)
+ {DLA-1888-1}
- imagemagick <unfixed> (bug #931449)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1612
NOTE: initial fix:
@@ -6157,10 +6169,12 @@ CVE-2019-13306 (ImageMagick 7.0.8-50 Q16 has a
stack-based buffer overflow at co
NOTE: later reverted by the CVE-2019-13305 fix which is the right one:
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
CVE-2019-13305 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at
coders/p ...)
+ {DLA-1888-1}
- imagemagick <unfixed> (bug #931452)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1613
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
CVE-2019-13304 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at
coders/p ...)
+ {DLA-1888-1}
- imagemagick <unfixed> (bug #931453)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1614
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/bfa3b9610c83227894c92b0d312ad327fceb6241
@@ -6190,6 +6204,7 @@ CVE-2019-13298 (ImageMagick 7.0.8-50 Q16 has a heap-based
buffer overflow at Mag
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1611
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/d4fc44b58a14f76b1ac997517d742ee12c9dc5d3
CVE-2019-13297 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at
MagickCo ...)
+ {DLA-1888-1}
- imagemagick <unfixed> (bug #931455)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1609
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/35c7032723d85eee7318ff6c82f031fa2666b773
@@ -6200,6 +6215,7 @@ CVE-2019-13296 (ImageMagick 7.0.8-50 Q16 has direct
memory leaks in AcquireMagic
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/ce08a3691a8ac29125e29fc41967b3737fa3f425
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1604
CVE-2019-13295 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at
MagickCo ...)
+ {DLA-1888-1}
- imagemagick <unfixed> (bug #931457)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1608
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953
@@ -6609,6 +6625,7 @@ CVE-2019-13136 (ImageMagick before 7.0.8-50 has an
integer overflow vulnerabilit
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1602
CVE-2019-13135 (ImageMagick before 7.0.8-50 has a "use of uninitialized value"
vulnera ...)
+ {DLA-1888-1}
- imagemagick <unfixed> (bug #932079)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1599
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/1e59b29e520d2beab73e8c78aacd5f1c0d76196d
@@ -7080,6 +7097,7 @@ CVE-2019-12975 (ImageMagick 7.0.8-34 has a memory leak
vulnerability in the Writ
- imagemagick <unfixed> (unimportant; bug #931193)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1517
CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in
coders/pa ...)
+ {DLA-1888-1}
- imagemagick <unfixed> (bug #931196)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1515
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24
@@ -20823,8 +20841,8 @@ CVE-2019-8065
RESERVED
CVE-2019-8064
RESERVED
-CVE-2019-8063
- RESERVED
+CVE-2019-8063 (Creative Cloud Desktop Application 4.6.1 and earlier versions
have an ...)
+ TODO: check
CVE-2019-8062 (Adobe After Effects versions 16 and earlier have an insecure
library l ...)
NOT-FOR-US: Adobe
CVE-2019-8061
@@ -21021,8 +21039,8 @@ CVE-2019-7966
RESERVED
CVE-2019-7965
RESERVED
-CVE-2019-7964
- RESERVED
+CVE-2019-7964 (Adobe Experience Manager versions 6.5, and 6.4 have an
authentication ...)
+ TODO: check
CVE-2019-7963 (Adobe Bridge CC version 9.0.2 and earlier versions have an out
of boun ...)
NOT-FOR-US: Adobe Bridge CC
CVE-2019-7962
@@ -21031,12 +21049,12 @@ CVE-2019-7961 (Adobe Prelude CC versions 8.1 and
earlier have an insecure librar
NOT-FOR-US: Adobe
CVE-2019-7960
RESERVED
-CVE-2019-7959
- RESERVED
-CVE-2019-7958
- RESERVED
-CVE-2019-7957
- RESERVED
+CVE-2019-7959 (Creative Cloud Desktop Application versions 4.6.1 and earlier
have a u ...)
+ TODO: check
+CVE-2019-7958 (Creative Cloud Desktop Application versions 4.6.1 and earlier
have an ...)
+ TODO: check
+CVE-2019-7957 (Creative Cloud Desktop Application versions 4.6.1 and earlier
have a s ...)
+ TODO: check
CVE-2019-7956 (Adobe Dreamweaver direct download installer versions 19.0 and
below, 1 ...)
NOT-FOR-US: Adobe
CVE-2019-7955 (Adobe Experience Manager version 6.4 and ealier have a
Reflected Cross ...)
@@ -27414,8 +27432,7 @@ CVE-2019-5479
RESERVED
CVE-2019-5478
RESERVED
-CVE-2019-5477 [Command Injection Vulnerability]
- RESERVED
+CVE-2019-5477 (A command injection vulnerability in Nokogiri v1.10.3 and
earlier allo ...)
- ruby-nokogiri <unfixed> (bug #934802)
NOTE: https://github.com/sparklemotion/nokogiri/issues/1915
NOTE: Processes are vulnerable only if the undocumented method
Nokogiri::CSS::Tokenizer#load_file
@@ -57309,7 +57326,7 @@ CVE-2018-13886 (Unchecked OTA field in GNSS XTRA3 lead
to integer overflow and t
CVE-2018-13885 (Possible memory overread may be lead to access of sensitive
data in Sn ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13884
- RESERVED
+ REJECTED
CVE-2018-13883
RESERVED
CVE-2018-13882
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c384f9f4559a80c707b1f49244ee69332276039c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c384f9f4559a80c707b1f49244ee69332276039c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
