Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8a7453fe by security tracker role at 2019-11-17T20:10:44Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,61 @@ +CVE-2019-19039 + RESERVED +CVE-2019-19038 + RESERVED +CVE-2019-19037 + RESERVED +CVE-2019-19036 + RESERVED +CVE-2019-19035 (jhead 3.03 is affected by: heap-based buffer over-read. The impact is: ...) + TODO: check +CVE-2019-19034 + RESERVED +CVE-2019-19033 + RESERVED +CVE-2019-19032 + RESERVED +CVE-2019-19031 + RESERVED +CVE-2019-19030 + RESERVED +CVE-2019-19029 + RESERVED +CVE-2019-19028 + RESERVED +CVE-2019-19027 + RESERVED +CVE-2019-19026 + RESERVED +CVE-2019-19025 + RESERVED +CVE-2019-19024 + RESERVED +CVE-2019-19023 + RESERVED +CVE-2019-19022 (iTerm2 through 3.3.6 has potentially insufficient documentation about ...) + TODO: check +CVE-2019-19021 + RESERVED +CVE-2019-19020 + RESERVED +CVE-2019-19019 + RESERVED +CVE-2019-19018 + RESERVED +CVE-2019-19017 + RESERVED +CVE-2019-19016 + RESERVED +CVE-2019-19015 + RESERVED +CVE-2019-19014 + RESERVED +CVE-2019-19013 + RESERVED +CVE-2019-19012 (An integer overflow in the search_in_range function in regexec.c in On ...) + TODO: check +CVE-2019-19011 (MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueC ...) + TODO: check CVE-2019-19010 (Eval injection in the Math plugin of Limnoria (before 2019.11.09) and ...) - limnoria 2019.11.09-1 [buster] - limnoria <no-dsa> (Minor issue, can be fixed via point release) @@ -24088,7 +24146,7 @@ CVE-2019-11781 CVE-2019-11780 RESERVED CVE-2019-11779 (In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT cli ...) - {DLA-1972-1} + {DSA-4570-1 DLA-1972-1} - mosquitto 1.6.6-1 (bug #940654) [stretch] - mosquitto <not-affected> (Vulnerable code introduced later) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160 @@ -27185,7 +27243,7 @@ CVE-2019-10742 (Axios up to and including 0.18.0 allows attackers to cause a den NOTE: https://github.com/axios/axios/pull/1485 CVE-2019-10741 (K-9 Mail v5.600 can include the original quoted HTML code of a special ...) NOT-FOR-US: K-9 Mail -CVE-2019-10740 (In Roundcube Webmail 1.3.4, an attacker in possession of S/MIME or PGP ...) +CVE-2019-10740 (In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIM ...) - roundcube <unfixed> (bug #927713) [buster] - roundcube <ignored> (Relies on php-crypt-gpg, not in buster) [stretch] - roundcube <ignored> (Relies on php-crypt-gpg, not in stretch. Old version in 1.3 doesn't verify signature anyway) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a7453fecb4a1bf4012390b6478e1f30474ddf0b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a7453fecb4a1bf4012390b6478e1f30474ddf0b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits