[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sun, 18 Aug 2019 13:10:38 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
534880f0 by security tracker role at 2019-08-18T20:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2019-15148 (GoPro GPMF-parser 1.2.2 has an out-of-bounds write in 
OpenMP4Source in ...)
+       TODO: check
+CVE-2019-15147 (GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in 
GPMF_Nex ...)
+       TODO: check
+CVE-2019-15146 (GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 
bytes) in ...)
+       TODO: check
+CVE-2019-15145 (DjVuLibre 3.5.27 allows attackers to cause a denial-of-service 
attack  ...)
+       TODO: check
+CVE-2019-15144 (In DjVuLibre 3.5.27, the sorting functionality (aka 
GArrayTemplate&lt; ...)
+       TODO: check
+CVE-2019-15143 (In DjVuLibre 3.5.27, the bitmap reader component allows 
attackers to c ...)
+       TODO: check
+CVE-2019-15142 (In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component 
allows a ...)
+       TODO: check
+CVE-2019-15141 (WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 
allows att ...)
+       TODO: check
+CVE-2019-15140 (coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote 
attackers to ca ...)
+       TODO: check
+CVE-2019-15139 (The XWD image (X Window System window dumping file) parsing 
component  ...)
+       TODO: check
+CVE-2019-15138
+       RESERVED
+CVE-2019-15137 (The Access Control plugin in eProsima Fast RTPS through 1.9.0 
allows f ...)
+       TODO: check
+CVE-2019-15136 (The Access Control plugin in eProsima Fast RTPS through 1.9.0 
does not ...)
+       TODO: check
+CVE-2019-15135 (The handshake protocol in Object Management Group (OMG) DDS 
Security 1 ...)
+       TODO: check
 CVE-2019-15134 (RIOT through 2019.07 contains a memory leak in the TCP 
implementation  ...)
        NOT-FOR-US: RIOT RIOT-OS
 CVE-2019-15133 (In GIFLIB before 2019-02-16, a malformed GIF file triggers a 
divide-by ...)
@@ -15,10 +43,10 @@ CVE-2019-15132 (Zabbix through 4.4.0alpha1 allows User 
Enumeration. With login r
        NOTE: https://support.zabbix.com/browse/ZBX-16532
 CVE-2019-15131
        RESERVED
-CVE-2019-15130
-       RESERVED
-CVE-2019-15129
-       RESERVED
+CVE-2019-15130 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 
1.0.0.681  ...)
+       TODO: check
+CVE-2019-15129 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 
1.0.0.681  ...)
+       TODO: check
 CVE-2019-15128
        RESERVED
 CVE-2019-15127
@@ -1005,6 +1033,7 @@ CVE-2019-14811
 CVE-2019-14810
        RESERVED
 CVE-2019-14809 (net/url in Go before 1.11.13 and 1.12.x before 1.12.8 
mishandles malfo ...)
+       {DSA-4503-1}
        - golang-1.13 1.13~beta1-3 (bug #934954)
        - golang-1.12 1.12.8-1
        - golang-1.11 1.11.13-1
@@ -1163,7 +1192,7 @@ CVE-2019-14745 (In radare2 before 3.7.0, a command 
injection vulnerability exist
        - radare2 <unfixed> (bug #934204)
        NOTE: https://github.com/radare/radare2/pull/14690
 CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop 
files and c ...)
-       {DSA-4494-1}
+       {DSA-4494-1 DLA-1890-1}
        - kconfig 5.54.0-2 (bug #934267)
        - kde4libs 4:4.14.38-4 (bug #934268)
        [buster] - kde4libs <no-dsa> (Minor issue)
@@ -5587,6 +5616,7 @@ CVE-2019-13567 (The Zoom Client before 4.4.53932.0709 on 
macOS allows remote cod
 CVE-2019-13566
        RESERVED
 CVE-2019-13565 (An issue was discovered in OpenLDAP 2.x before 2.4.48. When 
using SASL ...)
+       {DLA-1891-1}
        - openldap 2.4.48+dfsg-1 (low; bug #932998)
        [buster] - openldap <no-dsa> (Minor issue)
        [stretch] - openldap <no-dsa> (Minor issue)
@@ -6921,6 +6951,7 @@ CVE-2019-13059
 CVE-2019-13058
        RESERVED
 CVE-2019-13057 (An issue was discovered in the server in OpenLDAP before 
2.4.48. When  ...)
+       {DLA-1891-1}
        - openldap 2.4.48+dfsg-1 (low; bug #932997)
        [buster] - openldap <no-dsa> (Minor issue)
        [stretch] - openldap <no-dsa> (Minor issue)
@@ -17269,6 +17300,7 @@ CVE-2019-9515 (Some HTTP/2 implementations are 
vulnerable to a settings flood, p
        NOTE: 
https://raw.githubusercontent.com/apache/trafficserver/8.0.x/CHANGELOG-8.0.4
        NOTE: https://github.com/h2o/h2o/issues/2090
 CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood, 
potential ...)
+       {DSA-4503-1}
        - golang-1.13 1.13~beta1-3 (bug #934955)
        - golang-1.12 1.12.8-1
        - golang-1.11 1.11.13-1
@@ -17302,6 +17334,7 @@ CVE-2019-9513 (Some HTTP/2 implementations are 
vulnerable to resource loops, pot
        NOTE: 
https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
        NOTE: https://github.com/nghttp2/nghttp2/releases/tag/v1.39.2
 CVE-2019-9512 (Some HTTP/2 implementations are vulnerable to ping floods, 
potentially ...)
+       {DSA-4503-1}
        - golang-1.13 1.13~beta1-3 (bug #934955)
        - golang-1.12 1.12.8-1
        - golang-1.11 1.11.13-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/534880f0497e1ee6729f47ebe0cfc8164dbcd5fc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/534880f0497e1ee6729f47ebe0cfc8164dbcd5fc
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to