[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 27 Sep 2019 01:11:39 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
431ca965 by security tracker role at 2019-09-27T08:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-16919
+       RESERVED
+CVE-2019-16918
+       RESERVED
+CVE-2019-16917
+       RESERVED
 CVE-2019-16916
        RESERVED
 CVE-2019-16915 (An issue was discovered in pfSense through 2.4.4-p3. 
widgets/widgets/p ...)
@@ -2631,7 +2637,7 @@ CVE-2019-15925 (An issue was discovered in the Linux 
kernel before 5.2.3. An out
 CVE-2018-21010 (OpenJPEG before 2.3.1 has a heap buffer overflow in 
color_apply_icc_pr ...)
        - openjpeg2 <unfixed> (bug #939553)
        NOTE: 
https://github.com/uclouvain/openjpeg/commit/2e5ab1d9987831c981ff05862e8ccf1381ed58ea
-CVE-2018-21009 (Poppler before 0.76.0 has an integer overflow in 
Parser::makeStream in ...)
+CVE-2018-21009 (Poppler before 0.66.0 has an integer overflow in 
Parser::makeStream in ...)
        - poppler 0.69.0-2
        NOTE: 
https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a
 CVE-2018-21008 (An issue was discovered in the Linux kernel before 4.16.7. A 
use-after ...)
@@ -2741,8 +2747,8 @@ CVE-2019-15894
        RESERVED
 CVE-2019-15893
        RESERVED
-CVE-2019-15891
-       RESERVED
+CVE-2019-15891 (An issue was discovered in CKFinder through 2.6.2.1 and 3.x 
through 3. ...)
+       TODO: check
 CVE-2019-15890 (libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in 
ip_reas ...)
        {DLA-1927-1}
        - slirp4netns 0.4.1-1 (bug #939868)
@@ -2821,8 +2827,8 @@ CVE-2019-15892 (An issue was discovered in Varnish Cache 
before 6.0.4 LTS, and 6
        NOTE: 
https://github.com/varnishcache/varnish-cache/commit/ec3997a59a93cbc13a3cba22dfe0b4c4710a8f65
        NOTE: 
https://github.com/varnishcache/varnish-cache/commit/af13de03eaa3d04f60ada52ed3235d545b8d3973
        NOTE: 
https://github.com/varnishcache/varnish-cache/commit/6da64a47beff44ecdb45c82b033811f2d19819af
-CVE-2019-15862
-       RESERVED
+CVE-2019-15862 (An issue was discovered in CKFinder through 2.6.2.1. Improper 
checks o ...)
+       TODO: check
 CVE-2019-15861
        RESERVED
 CVE-2019-15860 (Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. 
NOTE: 2. ...)
@@ -13366,8 +13372,8 @@ CVE-2019-12564 (In DouCo DouPHP v1.5 Release 20190516, 
remote attackers can view
        NOT-FOR-US: DouCo DouPHP
 CVE-2019-12563
        RESERVED
-CVE-2019-12562
-       RESERVED
+CVE-2019-12562 (Cross-site scripting (XSS) is possible in DNN (formerly 
DotNetNuke) be ...)
+       TODO: check
 CVE-2019-12561
        RESERVED
 CVE-2019-12560
@@ -16362,7 +16368,7 @@ CVE-2019-11497 (In Couchbase Server 5.0.0, when an 
invalid Remote Cluster Certif
        NOT-FOR-US: Couchbase
 CVE-2019-11496 (In versions of Couchbase Server prior to 5.0, the bucket named 
"defaul ...)
        NOT-FOR-US: Couchbase
-CVE-2019-11495 (Couchbase Server 5.1.1 generates insufficiently random 
numbers. The pr ...)
+CVE-2019-11495 (In Couchbase Server 5.1.1, the cookie used for intra-node 
communicatio ...)
        NOT-FOR-US: Couchbase
 CVE-2019-11494 (In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the 
submission-lo ...)
        - dovecot 1:2.3.4.1-5 (bug #928235)
@@ -16942,10 +16948,10 @@ CVE-2019-11281
        RESERVED
 CVE-2019-11280 (Pivotal Apps Manager, included in Pivotal Application Service 
versions ...)
        NOT-FOR-US: Pivotal
-CVE-2019-11279
-       RESERVED
-CVE-2019-11278
-       RESERVED
+CVE-2019-11279 (CF UAA versions prior to 74.1.0 can request scopes for a 
client that s ...)
+       TODO: check
+CVE-2019-11278 (CF UAA versions prior to 74.1.0, allow external input to be 
directly q ...)
+       TODO: check
 CVE-2019-11277 (Cloud Foundry NFS Volume Service, 1.7.x versions prior to 
1.7.11 and 2 ...)
        NOT-FOR-US: Cloud Foundry
 CVE-2019-11276 (Pivotal Apps Manager, included in Pivotal Application Service 
versions ...)
@@ -17869,7 +17875,7 @@ CVE-2019-10916 (A vulnerability has been identified in 
SIMATIC PCS 7 V8.0 and ea
        NOT-FOR-US: Siemens
 CVE-2019-10915 (A vulnerability has been identified in TIA Administrator (All 
versions ...)
        NOT-FOR-US: Siemens
-CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside 
Secure T ...)
+CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used 
in Insi ...)
        - matrixssl <removed>
        NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1785
        NOTE: https://github.com/matrixssl/matrixssl/issues/26



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/431ca965e8729e67787c4c5526c039e4929ea08f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/431ca965e8729e67787c4c5526c039e4929ea08f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to