Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9dbb3ce0 by Moritz Muehlenhoff at 2019-10-21T16:11:15Z new file issue new proftpd issue new rpyc issue new vaguish gridengine issue new rabbitserver issue exiv2 n/a NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,7 +1,11 @@ CVE-2019-18218 (cdf_read_property_info in cdf.c in file through 5.37 does not restrict ...) - TODO: check + - file <unfixed> + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780 + NOTE: https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 CVE-2019-18217 (ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauth ...) - TODO: check + - proftpd-dfsg <unfixed> + NOTE: https://github.com/proftpd/proftpd/commit/13fe9462787b9a551152162f46f1641d65fe4df4 + NOTE: https://github.com/proftpd/proftpd/issues/846 CVE-2019-18216 (** DISPUTED ** The BIOS configuration design on ASUS ROG Zephyrus M GM ...) NOT-FOR-US: BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 CVE-2019-18215 @@ -2928,7 +2932,7 @@ CVE-2019-17411 CVE-2019-17410 RESERVED CVE-2019-17409 (Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5. ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2019-17408 (parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows re ...) NOT-FOR-US: ZZZCMS CVE-2019-17407 @@ -4252,7 +4256,7 @@ CVE-2019-16864 CVE-2019-16863 RESERVED CVE-2019-16862 (Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x befor ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2019-16861 RESERVED CVE-2019-16860 @@ -5569,7 +5573,7 @@ CVE-2019-16330 (In NCH Express Accounts Accounting v7.02, persistent cross site CVE-2019-16329 RESERVED CVE-2019-16328 (In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify ...) - TODO: check + - rpyc <removed> CVE-2019-16327 RESERVED CVE-2019-16326 @@ -11793,7 +11797,7 @@ CVE-2019-14439 (A Polymorphic Typing issue was discovered in FasterXML jackson-d NOTE: https://github.com/FasterXML/jackson-databind/issues/2389 NOTE: https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b CVE-2018-20871 (In Univa Grid Engine before 8.6.3, when configured for Docker jobs and ...) - TODO: check, might affect src:gridengine as well + - gridengine <undetermined> CVE-2015-9290 (In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c ...) {DLA-1887-1} - freetype 2.6.1-0.1 @@ -12019,7 +12023,7 @@ CVE-2019-14369 (Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99 NOTE: fixed through CVE-2019-13504 NOTE: https://github.com/Exiv2/exiv2/commit/bd0afe0390439b2c424d881c8c6eb0c5624e31d9 CVE-2019-14368 (Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage:: ...) - TODO: check + - exiv2 <not-affected> (Doesn't seem to affect 0.25) CVE-2019-14367 RESERVED CVE-2019-14366 @@ -21204,13 +21208,14 @@ CVE-2019-11286 CVE-2019-11285 RESERVED CVE-2019-11284 (Pivotal Reactor Netty, versions prior to 0.8.11, passes headers throug ...) - TODO: check + NOT-FOR-US: Pivotal CVE-2019-11283 RESERVED CVE-2019-11282 RESERVED CVE-2019-11281 (Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, ver ...) - TODO: check + - rabbitmq-server 3.7.18-1 (low) + NOTE: https://pivotal.io/security/cve-2019-11281 CVE-2019-11280 (Pivotal Apps Manager, included in Pivotal Application Service versions ...) NOT-FOR-US: Pivotal CVE-2019-11279 (CF UAA versions prior to 74.1.0 can request scopes for a client that s ...) @@ -22801,9 +22806,9 @@ CVE-2019-10718 (BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Bl CVE-2019-10717 (BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via ...) NOT-FOR-US: BlogEngine.NET CVE-2019-10716 (An Information Disclosure issue in Verodin Director 3.5.3.1 and earlie ...) - TODO: check + NOT-FOR-US: Verodin Director CVE-2019-10715 (There is Stored XSS in Verodin Director before 3.5.4.0 via input field ...) - TODO: check + NOT-FOR-US: Verodin Director CVE-2019-10714 (LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 ...) - imagemagick <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1495 @@ -46834,15 +46839,15 @@ CVE-2019-2189 (In the Easel driver, there is possible memory corruption due to r CVE-2019-2188 (In the Easel driver, there is possible memory corruption due to race c ...) NOT-FOR-US: Android CVE-2019-2187 (In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out o ...) - TODO: check + NOT-FOR-US: Android CVE-2019-2186 (In GetMBheader of combined_decode.cpp, there is a possible out of boun ...) - TODO: check + NOT-FOR-US: Android Media Framework CVE-2019-2185 (In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible ...) - TODO: check + NOT-FOR-US: Android Media Framework CVE-2019-2184 (In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a poss ...) - TODO: check + NOT-FOR-US: Android Media Framework CVE-2019-2183 (In generateServicesMap of RegisteredServicesCache.java, there is a pos ...) - TODO: check + NOT-FOR-US: Android CVE-2019-2182 (In the Android kernel in the kernel MMU code there is a possible execu ...) - linux 4.16.5-1 [jessie] - linux <not-affected> (Vulnerable code not present) @@ -46873,7 +46878,7 @@ CVE-2019-2175 (In checkAccess of SliceManagerService.java in Android 9, there is CVE-2019-2174 (In SensorManager::assertStateLocked of SensorManager.cpp in Android 7. ...) NOT-FOR-US: Android CVE-2019-2173 (In startActivityMayWait of ActivityStarter.java, there is a possible i ...) - TODO: check + NOT-FOR-US: Android CVE-2019-2172 (In libxaac there is a possible information disclosure due to uninitial ...) NOT-FOR-US: Android CVE-2019-2171 (In libxaac there is a possible information disclosure due to uninitial ...) @@ -46991,7 +46996,7 @@ CVE-2019-2116 (In save_attr_seq of sdp_discovery.cc, there is a possible out-of- CVE-2019-2115 (In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2 ...) NOT-FOR-US: Android CVE-2019-2114 (In the default privileges of NFC, there is a possible local bypass of ...) - TODO: check + NOT-FOR-US: Android CVE-2019-2113 (In setup wizard there is a bypass of some checks when wifi connection ...) NOT-FOR-US: Android CVE-2019-2112 (In several functions of alarm.cc, there is possible memory corruption ...) @@ -46999,7 +47004,7 @@ CVE-2019-2112 (In several functions of alarm.cc, there is possible memory corrup CVE-2019-2111 (In loop of DnsTlsSocket.cpp, there is a possible heap memory corruptio ...) NOT-FOR-US: Android CVE-2019-2110 (In ScreenRotationAnimation of ScreenRotationAnimation.java, there is a ...) - TODO: check + NOT-FOR-US: Android CVE-2019-2109 (In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a pos ...) NOT-FOR-US: Android media framework CVE-2019-2108 (In ihevcd_ref_list of ihevcd_ref_list.c in Android 10, there is a poss ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9dbb3ce0e60455c8959603e5e25fb9247c31c7f6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9dbb3ce0e60455c8959603e5e25fb9247c31c7f6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
