[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 21 Oct 2019 01:10:49 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
fb427565 by security tracker role at 2019-10-21T08:10:13Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2019-18218 (cdf_read_property_info in cdf.c in file through 5.37 does not 
restrict ...)
+       TODO: check
+CVE-2019-18217 (ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows 
remote unauth ...)
+       TODO: check
 CVE-2019-18216 (** DISPUTED ** The BIOS configuration design on ASUS ROG 
Zephyrus M GM ...)
        NOT-FOR-US: BIOS configuration design on ASUS ROG Zephyrus M GM501GS 
laptops with BIOS 313
 CVE-2019-18215
@@ -2923,8 +2927,8 @@ CVE-2019-17411
        RESERVED
 CVE-2019-17410
        RESERVED
-CVE-2019-17409
-       RESERVED
+CVE-2019-17409 (Reflected XSS exists in interface/forms/eye_mag/view.php in 
OpenEMR 5. ...)
+       TODO: check
 CVE-2019-17408 (parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 
allows re ...)
        NOT-FOR-US: ZZZCMS
 CVE-2019-17407
@@ -4247,8 +4251,8 @@ CVE-2019-16864
        RESERVED
 CVE-2019-16863
        RESERVED
-CVE-2019-16862
-       RESERVED
+CVE-2019-16862 (Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 
5.x befor ...)
+       TODO: check
 CVE-2019-16861
        RESERVED
 CVE-2019-16860
@@ -8895,6 +8899,7 @@ CVE-2019-15166 (lmp_print_data_link_subobjs() in 
print-lmp.c in tcpdump before 4
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4
 CVE-2019-15165 (sf-pcapng.c in libpcap before 1.9.1 does not properly validate 
the PHB ...)
+       {DLA-1967-1}
        - libpcap 1.9.1-1 (bug #941697)
        NOTE: 
https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab
        NOTE: 
https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6
@@ -22797,10 +22802,10 @@ CVE-2019-10718 (BlogEngine.NET 3.3.7.0 and earlier 
allows XML External Entity Bl
        NOT-FOR-US: BlogEngine.NET
 CVE-2019-10717 (BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory 
Traversal via ...)
        NOT-FOR-US: BlogEngine.NET
-CVE-2019-10716
-       RESERVED
-CVE-2019-10715
-       RESERVED
+CVE-2019-10716 (An Information Disclosure issue in Verodin Director 3.5.3.1 
and earlie ...)
+       TODO: check
+CVE-2019-10715 (There is Stored XSS in Verodin Director before 3.5.4.0 via 
input field ...)
+       TODO: check
 CVE-2019-10714 (LocaleLowercase in MagickCore/locale.c in ImageMagick before 
7.0.8-32  ...)
        - imagemagick <not-affected> (Vulnerable code introduced later)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1495
@@ -44618,6 +44623,7 @@ CVE-2019-3001 (Vulnerability in the PeopleSoft 
Enterprise SCM eProcurement produ
 CVE-2019-3000 (Vulnerability in the Oracle Marketing product of Oracle 
E-Business Sui ...)
        NOT-FOR-US: Oracle
 CVE-2019-2999 (Vulnerability in the Java SE product of Oracle Java SE 
(component: Jav ...)
+       {DSA-4546-1}
        - openjdk-11 11.0.5+10-1
        - openjdk-8 8u232-b09-1
        - openjdk-7 <removed>
@@ -44635,6 +44641,7 @@ CVE-2019-2993 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compon
        - mysql-5.7 <unfixed> (bug #942443)
        NOTE: 
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
 CVE-2019-2992 (Vulnerability in the Java SE, Java SE Embedded product of 
Oracle Java  ...)
+       {DSA-4546-1}
        - openjdk-11 11.0.5+10-1
        - openjdk-8 8u232-b09-1
        - openjdk-7 <removed>
@@ -44643,14 +44650,17 @@ CVE-2019-2991 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compon
 CVE-2019-2990 (Vulnerability in the Oracle iStore product of Oracle E-Business 
Suite  ...)
        NOT-FOR-US: Oracle
 CVE-2019-2989 (Vulnerability in the Oracle GraalVM Enterprise Edition product 
of Orac ...)
+       {DSA-4546-1}
        - openjdk-11 11.0.5+10-1
        - openjdk-8 8u232-b09-1
        - openjdk-7 <removed>
 CVE-2019-2988 (Vulnerability in the Java SE, Java SE Embedded product of 
Oracle Java  ...)
+       {DSA-4546-1}
        - openjdk-11 11.0.5+10-1
        - openjdk-8 8u232-b09-1
        - openjdk-7 <removed>
 CVE-2019-2987 (Vulnerability in the Java SE product of Oracle Java SE 
(component: 2D) ...)
+       {DSA-4546-1}
        - openjdk-11 11.0.5+10-1
        - openjdk-8 8u232-b09-1
 CVE-2019-2986 (Vulnerability in the Oracle GraalVM Enterprise Edition product 
of Orac ...)
@@ -44661,12 +44671,14 @@ CVE-2019-2984 (Vulnerability in the Oracle VM 
VirtualBox product of Oracle Virtu
        - virtualbox 6.0.14-dfsg-1
        [jessie] - virtualbox <end-of-life> (DSA-3699-1)
 CVE-2019-2983 (Vulnerability in the Java SE, Java SE Embedded product of 
Oracle Java  ...)
+       {DSA-4546-1}
        - openjdk-11 11.0.5+10-1
        - openjdk-8 8u232-b09-1
        - openjdk-7 <removed>
 CVE-2019-2982 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-5.7 <not-affected> (Only affects MySQL 8)
 CVE-2019-2981 (Vulnerability in the Java SE, Java SE Embedded product of 
Oracle Java  ...)
+       {DSA-4546-1}
        - openjdk-11 11.0.5+10-1
        - openjdk-8 8u232-b09-1
        - openjdk-7 <removed>
@@ -44675,20 +44687,24 @@ CVE-2019-2980 (Vulnerability in the Oracle FLEXCUBE 
Direct Banking product of Or
 CVE-2019-2979 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of 
Oracle  ...)
        NOT-FOR-US: Oracle
 CVE-2019-2978 (Vulnerability in the Java SE, Java SE Embedded product of 
Oracle Java  ...)
+       {DSA-4546-1}
        - openjdk-11 11.0.5+10-1
        - openjdk-8 8u232-b09-1
        - openjdk-7 <removed>
 CVE-2019-2977 (Vulnerability in the Java SE product of Oracle Java SE 
(component: Hot ...)
+       {DSA-4546-1}
        - openjdk-11 11.0.5+10-1
 CVE-2019-2976 (Vulnerability in the Primavera P6 Enterprise Project Portfolio 
Managem ...)
        NOT-FOR-US: Oracle
 CVE-2019-2975 (Vulnerability in the Java SE, Java SE Embedded product of 
Oracle Java  ...)
+       {DSA-4546-1}
        - openjdk-11 11.0.5+10-1
        - openjdk-8 8u232-b09-1
 CVE-2019-2974 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-5.7 <unfixed> (bug #942443)
        NOTE: 
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
 CVE-2019-2973 (Vulnerability in the Java SE, Java SE Embedded product of 
Oracle Java  ...)
+       {DSA-4546-1}
        - openjdk-11 11.0.5+10-1
        - openjdk-8 8u232-b09-1
        - openjdk-7 <removed>
@@ -44710,12 +44726,14 @@ CVE-2019-2966 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compon
 CVE-2019-2965 (Vulnerability in the Siebel Core - DB Deployment and 
Configuration pro ...)
        NOT-FOR-US: Oracle
 CVE-2019-2964 (Vulnerability in the Java SE, Java SE Embedded product of 
Oracle Java  ...)
+       {DSA-4546-1}
        - openjdk-11 11.0.5+10-1
        - openjdk-8 8u232-b09-1
        - openjdk-7 <removed>
 CVE-2019-2963 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-5.7 <not-affected> (Only affects MySQL 8)
 CVE-2019-2962 (Vulnerability in the Java SE, Java SE Embedded product of 
Oracle Java  ...)
+       {DSA-4546-1}
        - openjdk-11 11.0.5+10-1
        - openjdk-8 8u232-b09-1
        - openjdk-7 <removed>
@@ -44747,6 +44765,7 @@ CVE-2019-2951 (Vulnerability in the PeopleSoft 
Enterprise HCM Human Resources pr
 CVE-2019-2950 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-5.7 <not-affected> (Only affects MySQL 8)
 CVE-2019-2949 (Vulnerability in the Java SE, Java SE Embedded product of 
Oracle Java  ...)
+       {DSA-4546-1}
        - openjdk-11 11.0.5+10-1
        - openjdk-8 8u232-b09-1
        - openjdk-7 <removed>
@@ -44759,6 +44778,7 @@ CVE-2019-2946 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compon
        - mysql-5.7 <unfixed> (bug #942443)
        NOTE: 
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
 CVE-2019-2945 (Vulnerability in the Java SE, Java SE Embedded product of 
Oracle Java  ...)
+       {DSA-4546-1}
        - openjdk-11 11.0.5+10-1
        - openjdk-8 8u232-b09-1
        - openjdk-7 <removed>
@@ -44875,6 +44895,7 @@ CVE-2019-2896 (Vulnerability in the MICROS Relate CRM 
Software product of Oracle
 CVE-2019-2895 (Vulnerability in the Enterprise Manager for Exadata product of 
Oracle  ...)
        NOT-FOR-US: Oracle
 CVE-2019-2894 (Vulnerability in the Java SE, Java SE Embedded product of 
Oracle Java  ...)
+       {DSA-4546-1}
        - openjdk-11 11.0.5+10-1
        - openjdk-8 8u232-b09-1
        - openjdk-7 <removed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb42756543ed2ba87047548e7bdbc9fc44cd4a19

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb42756543ed2ba87047548e7bdbc9fc44cd4a19
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to