[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 29 Nov 2019 12:10:49 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1841e8a6 by security tracker role at 2019-11-29T20:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2020-1784
+       RESERVED
+CVE-2020-1783
+       RESERVED
+CVE-2020-1782
+       RESERVED
+CVE-2020-1781
+       RESERVED
+CVE-2020-1780
+       RESERVED
+CVE-2020-1779
+       RESERVED
+CVE-2020-1778
+       RESERVED
+CVE-2020-1777
+       RESERVED
+CVE-2020-1776
+       RESERVED
+CVE-2020-1775
+       RESERVED
+CVE-2020-1774
+       RESERVED
+CVE-2020-1773
+       RESERVED
+CVE-2020-1772
+       RESERVED
+CVE-2020-1771
+       RESERVED
+CVE-2020-1770
+       RESERVED
+CVE-2020-1769
+       RESERVED
+CVE-2020-1768
+       RESERVED
+CVE-2020-1767
+       RESERVED
+CVE-2020-1766
+       RESERVED
+CVE-2020-1765
+       RESERVED
+CVE-2019-19394
+       RESERVED
+CVE-2019-19393
+       RESERVED
+CVE-2019-19392
+       RESERVED
+CVE-2019-19391 (In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and 
other pro ...)
+       TODO: check
+CVE-2019-19390
+       RESERVED
+CVE-2019-19389
+       RESERVED
 CVE-2019-19388 (A cross-site scripting (XSS) vulnerability in 
app/dialplans/dialplan_d ...)
        NOT-FOR-US: FusionPBX
 CVE-2019-19387 (A cross-site scripting (XSS) vulnerability in 
app/fifo_list/fifo_inter ...)
@@ -18,10 +70,10 @@ CVE-2019-19380
        RESERVED
 CVE-2019-19379 (In app/Controller/TagsController.php in MISP 2.4.118, users 
can bypass ...)
        NOT-FOR-US: MISP
-CVE-2019-19378
-       RESERVED
-CVE-2019-19377
-       RESERVED
+CVE-2019-19378 (In the Linux kernel 5.0.21, mounting a crafted btrfs 
filesystem image  ...)
+       TODO: check
+CVE-2019-19377 (In the Linux kernel 5.0.21, mounting a crafted btrfs 
filesystem image, ...)
+       TODO: check
 CVE-2019-19376 (In Octopus Deploy before 2019.10.6, an authenticated user with 
TeamEdi ...)
        NOT-FOR-US: Octopus Deploy
 CVE-2019-19375 (In Octopus Deploy before 2019.10.7, in a configuration where 
SSL offlo ...)
@@ -1253,8 +1305,8 @@ CVE-2019-18924 (Systematic IRIS WebForms 5.4 is 
vulnerable to directory traversa
        NOT-FOR-US: Systematic IRIS WebForms
 CVE-2019-18923 (Insufficient content type validation of proxied resources in 
go-camo b ...)
        NOT-FOR-US: go-camo
-CVE-2019-18922
-       RESERVED
+CVE-2019-18922 (A Directory Traversal in the Web interface of the Allied 
Telesis AT-GS ...)
+       TODO: check
 CVE-2019-18921
        RESERVED
 CVE-2019-18920
@@ -8869,7 +8921,8 @@ CVE-2019-17112 (An issue was discovered in Zoho 
ManageEngine DataSecurity Plus b
        NOT-FOR-US: Zoho
 CVE-2019-17111
        RESERVED
-CVE-2019-17110 (A security issue was discovered in kube-state-metrics 1.7.x 
before 1.7 ...)
+CVE-2019-17110
+       REJECTED
        NOT-FOR-US: kube-state-metrics
 CVE-2019-17109 (Koji through 1.18.0 allows remote Directory Traversal, with 
resultant  ...)
        - koji <unfixed> (bug #942146)
@@ -9121,6 +9174,7 @@ CVE-2019-17008
        RESERVED
 CVE-2019-17007 [Bug 1703979 (CVE-2019-17007) - CVE-2019-17007 nss: Handling of 
Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a 
NULL deref leading to DoS]
        RESERVED
+       {DLA-2015-1}
        - nss 2:3.45-1
        NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1798
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1533216
@@ -9786,10 +9840,10 @@ CVE-2019-16769
        RESERVED
 CVE-2019-16768
        RESERVED
-CVE-2019-16767
-       RESERVED
-CVE-2019-16766
-       RESERVED
+CVE-2019-16767 (The admin sys mode is now conditional and dedicated for the 
special ca ...)
+       TODO: check
+CVE-2019-16766 (When using wagtail-2fa before 1.3.0, if someone gains access 
to someon ...)
+       TODO: check
 CVE-2019-16765 (If an attacker can get a user to open a specially prepared 
directory t ...)
        NOT-FOR-US: Vscode
 CVE-2019-16764 (The use of `String.to_atom/1` in PowAssent is susceptible to 
denial of ...)
@@ -12840,7 +12894,7 @@ CVE-2019-15682 (RDesktop version 1.8.4 contains 
multiple out-of-bound access rea
        - rdesktop 1.8.6-1
        NOTE: 
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/10/30/klcert-19-032-denial-of-service-in-rdesktop-before-1-8-4/
 CVE-2019-15681 (LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a 
contains ...)
-       {DLA-1979-1 DLA-1977-1}
+       {DLA-2014-1 DLA-1979-1 DLA-1977-1}
        [experimental] - libvncserver 0.9.12+dfsg-1
        - libvncserver <unfixed> (bug #943793)
        - italc <removed>
@@ -15327,8 +15381,7 @@ CVE-2019-14903
        RESERVED
 CVE-2019-14902
        RESERVED
-CVE-2019-14901
-       RESERVED
+CVE-2019-14901 (A heap overflow flaw was found in the Linux kernel, all 
versions 3.x.x ...)
        - linux <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/2
 CVE-2019-14900
@@ -15338,15 +15391,13 @@ CVE-2019-14899
 CVE-2019-14898 [RHEL-7 specific incompete fix issue for CVE-2019-11599]
        RESERVED
        - linux <not-affected> (RHEL-7 specific incomplete fix for 
CVE-2019-11599)
-CVE-2019-14897 [Stack Overflow in lbs_ibss_join_existing() function of Marvell 
Wifi Driver in Linux kernel]
-       RESERVED
+CVE-2019-14897 (A stack-based buffer overflow was found in the Linux kernel, 
version k ...)
        - linux <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
-CVE-2019-14896 (A vulnerability was found in marvell wifi chip driver in Linux 
kernel. ...)
+CVE-2019-14896 (A heap-based buffer overflow vulnerability was found in the 
Linux kern ...)
        - linux <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
-CVE-2019-14895 [Heap Overflow in mwifiex_process_country_ie() function of 
Marvell Wifi Driver in Linux kernel]
-       RESERVED
+CVE-2019-14895 (A heap-based buffer overflow was discovered in the Linux 
kernel, all v ...)
        - linux <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
 CVE-2019-14894
@@ -15433,8 +15484,7 @@ CVE-2019-14866 [improper input validation when writing 
tar header fields leads t
        [stretch] - cpio <no-dsa> (Minor issue)
        NOTE: https://lists.gnu.org/archive/html/bug-cpio/2019-08/msg00003.html
        NOTE: 
http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=7554e3e42cd72f6f8304410c47fe6f8918e9bfd7
-CVE-2019-14865
-       RESERVED
+CVE-2019-14865 (A flaw was found in the grub2-set-bootflag utility of grub2. A 
local a ...)
        - grub2 <not-affected> (Red Hat-specific patch)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1764925
        NOTE: https://seclists.org/oss-sec/2019/q4/101
@@ -43945,10 +43995,10 @@ CVE-2019-5228 (Certain detection module of P30, P30 
Pro, Honor V20 smartphone wh
        NOT-FOR-US: Huawei
 CVE-2019-5227
        RESERVED
-CVE-2019-5226
-       RESERVED
-CVE-2019-5225
-       RESERVED
+CVE-2019-5226 (P30, P30 Pro, Mate 20 smartphones with software of versions 
earlier th ...)
+       TODO: check
+CVE-2019-5225 (P30, Mate 20, P30 Pro smartphones with software of versions 
earlier th ...)
+       TODO: check
 CVE-2019-5224
        RESERVED
 CVE-2019-5223 (PCManager 9.1.3.1 has an improper authentication vulnerability. 
The ce ...)
@@ -53235,7 +53285,7 @@ CVE-2018-20026 (Improper Communication Address 
Filtering exists in CODESYS V3 pr
 CVE-2018-20025 (Use of Insufficiently Random Values exists in CODESYS V3 
products vers ...)
        NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS V3 Products
 CVE-2018-20024 (LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 
contains ...)
-       {DSA-4383-1 DLA-1979-1 DLA-1617-1}
+       {DSA-4383-1 DLA-2016-1 DLA-1979-1 DLA-1617-1}
        - libvncserver 0.9.11+dfsg-1.2 (bug #916941)
        - italc <removed>
        - ssvnc <unfixed> (bug #945827)
@@ -53252,7 +53302,7 @@ CVE-2018-20023 (LibVNC before 
8b06f835e259652b0ff026898014fc7297ade858 contains
        NOTE: 
https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
        NOTE: 
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/
 CVE-2018-20022 (LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 
contains multip ...)
-       {DSA-4383-1 DLA-1979-1 DLA-1617-1}
+       {DSA-4383-1 DLA-2016-1 DLA-1979-1 DLA-1617-1}
        - libvncserver 0.9.11+dfsg-1.2 (bug #916941)
        - italc <removed>
        - ssvnc <unfixed> (bug #945827)
@@ -53261,7 +53311,7 @@ CVE-2018-20022 (LibVNC before 
2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains
        NOTE: 
https://github.com/LibVNC/libvncserver/commit/2f5b2ad1c6c99b1ac6482c95844a84d66bb52838
        NOTE: 
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/
 CVE-2018-20021 (LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c 
contains ...)
-       {DSA-4383-1 DLA-1979-1 DLA-1617-1}
+       {DSA-4383-1 DLA-2016-1 DLA-1979-1 DLA-1617-1}
        - libvncserver 0.9.11+dfsg-1.2 (bug #916941)
        - italc <removed>
        - ssvnc <unfixed> (bug #945827)
@@ -53270,7 +53320,7 @@ CVE-2018-20021 (LibVNC before commit 
c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c co
        NOTE: 
https://github.com/LibVNC/libvncserver/commit/c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c
        NOTE: 
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-031-libvnc-infinite-loop/
 CVE-2018-20020 (LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d 
contains ...)
-       {DSA-4383-1 DLA-1979-1 DLA-1617-1}
+       {DSA-4383-1 DLA-2016-1 DLA-1979-1 DLA-1617-1}
        - libvncserver 0.9.11+dfsg-1.2 (bug #916941)
        - italc <removed>
        - ssvnc <unfixed> (bug #945827)
@@ -91759,7 +91809,7 @@ CVE-2018-7226 (An issue was discovered in 
vcSetXCutTextProc() in VNConsole.c in
        [stretch] - vncterm <no-dsa> (Minor issue)
        NOTE: https://github.com/LibVNC/vncterm/issues/6
 CVE-2018-7225 (An issue was discovered in LibVNCServer through 0.9.11. 
rfbProcessClie ...)
-       {DSA-4221-1 DLA-1979-1 DLA-1332-1}
+       {DSA-4221-1 DLA-2014-1 DLA-1979-1 DLA-1332-1}
        - libvncserver 0.9.11+dfsg-1.1 (bug #894045)
        - italc <removed>
        - vino <unfixed> (bug #945784)
@@ -229698,7 +229748,7 @@ CVE-2014-6054 (The rfbProcessClientNormalMessage 
function in libvncserver/rfbser
        NOTE: 
https://github.com/newsoft/libvncserver/commit/819481c5e2003cd36d002336c248de8c75de362e
 (hardening)
        NOTE: 
https://github.com/newsoft/libvncserver/commit/e5d9b6a07257c12bf3b6242ddea79ea1c95353a8
 (hardening)
 CVE-2014-6053 (The rfbProcessClientNormalMessage function in 
libvncserver/rfbserver.c ...)
-       {DSA-3081-1 DLA-1979-1 DLA-197-1}
+       {DSA-3081-1 DLA-2014-1 DLA-1979-1 DLA-197-1}
        - libvncserver 0.9.9+dfsg-6.1 (bug #762745)
        - italc 1:3.0.1+dfsg1-1
        - vino <unfixed> (bug #945784)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1841e8a6d431dbc86f7a778b0c2758db69ad6217

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1841e8a6d431dbc86f7a778b0c2758db69ad6217
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to