[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 21 Nov 2019 00:11:27 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
13ed2681 by security tracker role at 2019-11-21T08:10:21Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2019-19146
+       RESERVED
+CVE-2019-19145
+       RESERVED
+CVE-2019-19144
+       RESERVED
+CVE-2019-19143
+       RESERVED
+CVE-2019-19142
+       RESERVED
+CVE-2019-19141
+       RESERVED
+CVE-2019-19140
+       RESERVED
+CVE-2019-19139
+       RESERVED
+CVE-2019-19138
+       RESERVED
+CVE-2019-19137
+       RESERVED
+CVE-2019-19136
+       RESERVED
+CVE-2019-19135
+       RESERVED
+CVE-2019-19134
+       RESERVED
+CVE-2019-19133
+       RESERVED
+CVE-2019-19132
+       RESERVED
+CVE-2019-19131
+       RESERVED
+CVE-2019-19130
+       RESERVED
+CVE-2019-19129
+       RESERVED
+CVE-2019-19128
+       RESERVED
+CVE-2019-19127
+       RESERVED
 CVE-2019-19126 (On the x86-64 architecture, the GNU C Library (aka glibc) 
before 2.31  ...)
        - glibc <unfixed>
        [buster] - glibc <no-dsa> (Minor issue)
@@ -131,14 +171,14 @@ CVE-2019-19072 (A memory leak in the predicate_parse() 
function in kernel/trace/
        NOTE: 
https://git.kernel.org/linus/96c5c6e6a5b6db592acae039fed54b5c8844cd35
 CVE-2019-19071 (A memory leak in the rsi_send_beacon() function in 
drivers/net/wireles ...)
        - linux <unfixed>
-CVE-2019-19070 (A memory leak in the spi_gpio_probe() function in 
drivers/spi/spi-gpio ...)
+CVE-2019-19070 (** DISPUTED ** A memory leak in the spi_gpio_probe() function 
in drive ...)
        - linux <unfixed>
 CVE-2019-19069 (A memory leak in the fastrpc_dma_buf_attach() function in 
drivers/misc ...)
        - linux 5.3.9-1
        NOTE: 
https://git.kernel.org/linus/fc739a058d99c9297ef6bfd923b809d85855b9a9
 CVE-2019-19068 (A memory leak in the rtl8xxxu_submit_int_urb() function in 
drivers/net ...)
        - linux <unfixed>
-CVE-2019-19067 (Four memory leaks in the acp_hw_init() function in 
drivers/gpu/drm/amd ...)
+CVE-2019-19067 (** DISPUTED ** Four memory leaks in the acp_hw_init() function 
in driv ...)
        - linux 5.3.9-1
        NOTE: 
https://git.kernel.org/linus/57be09c6e8747bf48704136d9e3f92bfb93f5725
 CVE-2019-19066 (A memory leak in the bfad_im_get_stats() function in 
drivers/scsi/bfa/ ...)
@@ -146,7 +186,7 @@ CVE-2019-19066 (A memory leak in the bfad_im_get_stats() 
function in drivers/scs
 CVE-2019-19065 (A memory leak in the sdma_init() function in 
drivers/infiniband/hw/hfi ...)
        - linux 5.3.9-1
        NOTE: 
https://git.kernel.org/linus/34b3be18a04ecdc610aae4c48e5d1b799d8689f6
-CVE-2019-19064 (A memory leak in the fsl_lpspi_probe() function in 
drivers/spi/spi-fsl ...)
+CVE-2019-19064 (** DISPUTED ** A memory leak in the fsl_lpspi_probe() function 
in driv ...)
        - linux <unfixed>
 CVE-2019-19063 (Two memory leaks in the rtl_usb_probe() function in 
drivers/net/wirele ...)
        - linux <unfixed>
@@ -168,7 +208,7 @@ CVE-2019-19057 (Two memory leaks in the 
mwifiex_pcie_init_evt_ring() function in
        - linux <unfixed>
 CVE-2019-19056 (A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function 
in drive ...)
        - linux <unfixed>
-CVE-2019-19055 (A memory leak in the nl80211_get_ftm_responder_stats() 
function in net ...)
+CVE-2019-19055 (** DISPUTED ** A memory leak in the 
nl80211_get_ftm_responder_stats()  ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/1399c59fa92984836db90538cf92397fe7caaa57
 CVE-2019-19054 (A memory leak in the cx23888_ir_probe() function in 
drivers/media/pci/ ...)
@@ -193,7 +233,7 @@ CVE-2019-19048 (A memory leak in the crypto_reportstat() 
function in drivers/vir
 CVE-2019-19047 (A memory leak in the mlx5_fw_fatal_reporter_dump() function in 
drivers ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/c7ed6d0183d5ea9bc31bcaeeba4070bd62546471
-CVE-2019-19046 (A memory leak in the __ipmi_bmc_register() function in 
drivers/char/ip ...)
+CVE-2019-19046 (** DISPUTED ** A memory leak in the __ipmi_bmc_register() 
function in  ...)
        - linux <unfixed>
 CVE-2019-19045 (A memory leak in the mlx5_fpga_conn_create_cq() function in 
drivers/ne ...)
        - linux <unfixed>
@@ -209,14 +249,14 @@ CVE-2019-19041 (An issue was discovered in Xorux Lpar2RRD 
6.11 and Stor2RRD 2.61
        NOT-FOR-US: Xorux
 CVE-2019-19040 (KairosDB through 1.2.2 has XSS in view.html because of 
showErrorMessag ...)
        NOT-FOR-US: KairosDB
-CVE-2019-19039
-       RESERVED
+CVE-2019-19039 (__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux 
kernel thro ...)
+       TODO: check
 CVE-2019-19038
        RESERVED
-CVE-2019-19037
-       RESERVED
-CVE-2019-19036
-       RESERVED
+CVE-2019-19037 (ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 
5.3.12 a ...)
+       TODO: check
+CVE-2019-19036 (btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel 
through 5.3.12 ...)
+       TODO: check
 CVE-2019-19035 (jhead 3.03 is affected by: heap-based buffer over-read. The 
impact is: ...)
        - jhead <unfixed> (unimportant; bug #944961)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765647
@@ -38989,10 +39029,10 @@ CVE-2019-6855
        RESERVED
 CVE-2019-6854
        RESERVED
-CVE-2019-6853
-       RESERVED
-CVE-2019-6852
-       RESERVED
+CVE-2019-6853 (A CWE-79: Failure to Preserve Web Page Structure vulnerability 
exists  ...)
+       TODO: check
+CVE-2019-6852 (A CWE-200: Information Exposure vulnerability exists in Modicon 
Contro ...)
+       TODO: check
 CVE-2019-6851 (A CWE-538: File and Directory Information Exposure 
vulnerability exist ...)
        NOT-FOR-US: Modicon
 CVE-2019-6850 (A CWE-200: Information Exposure vulnerability exists in Modicon 
M580,  ...)
@@ -209727,16 +209767,14 @@ CVE-2015-3169 (Cross-site scripting (XSS) 
vulnerability in askbot 0.7.51-4.el6.n
        - askbot <itp> (bug #687966)
 CVE-2015-3168
        REJECTED
-CVE-2015-3167
-       RESERVED
+CVE-2015-3167 (contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 
9.1.16, 9.2 ...)
        {DSA-3270-1 DSA-3269-1 DLA-227-1}
        - postgresql-9.4 9.4.2-1
        - postgresql-9.1 <removed>
        NOTE: Since 9.1.1-2 src:postgresql-9.1 builds only 
postgresql-plperl-9.1, source-wise fixed
        - postgresql-8.4 <removed>
        [wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only 
provides PL/Perl; EOL upstream)
-CVE-2015-3166
-       RESERVED
+CVE-2015-3166 (The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x 
before  ...)
        {DSA-3270-1 DSA-3269-1 DLA-227-1}
        - postgresql-9.4 9.4.2-1
        - postgresql-9.1 <removed>
@@ -258474,14 +258512,11 @@ CVE-2013-2094 (The perf_swevent_init function in 
kernel/events/core.c in the Lin
        {DSA-2669-1}
        - linux 3.8.11-1
        [squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
-CVE-2013-2093
-       RESERVED
+CVE-2013-2093 (Dolibarr ERP/CRM 3.3.1 does not properly validate user input in 
viewim ...)
        - dolibarr 3.3.4-1 (high)
-CVE-2013-2092
-       RESERVED
+CVE-2013-2092 (Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows 
remote att ...)
        - dolibarr 3.3.4-1
-CVE-2013-2091
-       RESERVED
+CVE-2013-2091 (SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows 
remote at ...)
        - dolibarr 3.3.4-1
 CVE-2013-2090 (The set_meta_data function in lib/cremefraiche.rb in the Creme 
Fraiche ...)
        NOT-FOR-US: Creme Fraiche Ruby Gem
@@ -259414,12 +259449,10 @@ CVE-2013-1819 (The _xfs_buf_find function in 
fs/xfs/xfs_buf.c in the Linux kerne
 CVE-2013-1818 (maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows 
remote  ...)
        - mediawiki <not-affected> (mwdoc-filter.php introduced in 1.20)
        NOTE: register_globals is not supported in Debian anyway, see PHP's 
README.Debian.security
-CVE-2013-1817 [mediawiki information disclosure in unblock API]
-       RESERVED
+CVE-2013-1817 (MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an 
error in  ...)
        - mediawiki 1:1.19.4-1 (bug #702305)
        [squeeze] - mediawiki <end-of-life>
-CVE-2013-1816 [mediawiki insecure curl usage]
-       RESERVED
+CVE-2013-1816 (MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote 
attacke ...)
        - mediawiki 1:1.19.4-1
        [squeeze] - mediawiki <end-of-life>
 CVE-2013-1815 (PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can 
create th ...)
@@ -278259,8 +278292,7 @@ CVE-2012-1259
        RESERVED
 CVE-2012-1258
        RESERVED
-CVE-2012-1257
-       RESERVED
+CVE-2012-1257 (Pidgin 2.10.0 uses DBUS for certain cleartext communication, 
which all ...)
        - pidgin <unfixed> (unimportant)
        NOTE: Negligible local information disclosure
 CVE-2012-1256 (The single sign-on (SSO) implementation in EasyVista before 
2010.1.1.8 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/13ed26814b0cc6e99d24117a6ea5e0fbfe68db92

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/13ed26814b0cc6e99d24117a6ea5e0fbfe68db92
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to