[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 07 Dec 2019 00:10:58 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9dddbf15 by security tracker role at 2019-12-07T08:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6363,8 +6363,8 @@ CVE-2019-18577
        RESERVED
 CVE-2019-18576
        RESERVED
-CVE-2019-18575
-       RESERVED
+CVE-2019-18575 (Dell Command Configure versions prior to 4.2.1 contain an 
uncontrolled ...)
+       TODO: check
 CVE-2019-18574 (RSA Authentication Manager software versions prior to 8.4 P8 
contain a ...)
        NOT-FOR-US: RSA Authentication Manager software
 CVE-2019-18573
@@ -11290,7 +11290,7 @@ CVE-2019-17008
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17008
 CVE-2019-17007 [nss: Handling of Netscape Certificate Sequences in 
CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS]
        RESERVED
-       {DLA-2015-1}
+       {DSA-4579-1 DLA-2015-1}
        - nss 2:3.45-1
        NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1798
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1533216
@@ -11952,8 +11952,8 @@ CVE-2019-16774
        RESERVED
 CVE-2019-16773
        RESERVED
-CVE-2019-16772
-       RESERVED
+CVE-2019-16772 (The serialize-to-js NPM package before version 3.0.1 is 
vulnerable to  ...)
+       TODO: check
 CVE-2019-16771 (Versions of Armeria 0.85.0 through and including 0.96.0 are 
vulnerable ...)
        NOT-FOR-US: Armeria
 CVE-2019-16770 (In Puma before version 4.3.2, a poorly-behaved client could 
use keepal ...)
@@ -27636,7 +27636,7 @@ CVE-2019-11746 (A use-after-free vulnerability can 
occur while manipulating vide
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11746
 CVE-2019-11745 [Out-of-bounds write when passing an output buffer smaller than 
the block size to NSC_EncryptUpdate]
        RESERVED
-       {DLA-2008-1}
+       {DSA-4579-1 DLA-2008-1}
        - nss 2:3.47.1-1
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1586176 (not public)
        NOTE: 
https://hg.mozilla.org/projects/nss/rev/1e22a0c93afe9f46545560c86caedef9dab6cfda
@@ -29049,8 +29049,8 @@ CVE-2019-11295
        RESERVED
 CVE-2019-11294
        RESERVED
-CVE-2019-11293
-       RESERVED
+CVE-2019-11293 (Cloud Foundry UAA Release, versions prior to v74.10.0, when 
set to log ...)
+       TODO: check
 CVE-2019-11292
        RESERVED
 CVE-2019-11291 (Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 
version prior  ...)
@@ -30464,8 +30464,8 @@ CVE-2019-10771 (Characters in the GET url path are not 
properly escaped and can
        NOT-FOR-US: IOBroker
 CVE-2019-10770
        RESERVED
-CVE-2019-10769
-       RESERVED
+CVE-2019-10769 (safer-eval is a npm package to sandbox the he evaluation of 
code used  ...)
+       TODO: check
 CVE-2019-10768 (In AngularJS before 1.7.9 the function `merge()` could be 
tricked into ...)
        - angular.js 1.7.9-1 (bug #945249)
        [buster] - angular.js <no-dsa> (Minor issue; can be fixed via point 
release)
@@ -35181,7 +35181,8 @@ CVE-2019-9468
        RESERVED
 CVE-2019-9467 (In the Bootloader, there is a possible kernel command injection 
due to ...)
        NOT-FOR-US: LG components for Android
-CVE-2019-9466 (In the Broadcom Wi-Fi driver, there is a possible out of bounds 
write  ...)
+CVE-2019-9466
+       REJECTED
        - linux 4.19.37-4
        [stretch] - linux 4.9.168-1+deb9u3
        [jessie] - linux 3.16.68-1
@@ -35189,8 +35190,8 @@ CVE-2019-9466 (In the Broadcom Wi-Fi driver, there is a 
possible out of bounds w
        NOTE: Duplicate of CVE-2019-9503.
 CVE-2019-9465
        RESERVED
-CVE-2019-9464
-       RESERVED
+CVE-2019-9464 (In various functions of RecentLocationApps.java, 
DevicePolicyManagerSe ...)
+       TODO: check
 CVE-2019-9463 (In Platform, there is a possible bypass of user interaction 
requiremen ...)
        NOT-FOR-US: Android
 CVE-2019-9462 (In Bluetooth, there is a possible out of bounds read due to an 
incorre ...)
@@ -54899,38 +54900,38 @@ CVE-2019-2234
        RESERVED
 CVE-2019-2233 (In getUserCount and getCount of UserSwitcherController.java, 
there is  ...)
        NOT-FOR-US: Android
-CVE-2019-2232
-       RESERVED
-CVE-2019-2231
-       RESERVED
-CVE-2019-2230
-       RESERVED
-CVE-2019-2229
-       RESERVED
-CVE-2019-2228
-       RESERVED
-CVE-2019-2227
-       RESERVED
-CVE-2019-2226
-       RESERVED
-CVE-2019-2225
-       RESERVED
-CVE-2019-2224
-       RESERVED
-CVE-2019-2223
-       RESERVED
-CVE-2019-2222
-       RESERVED
-CVE-2019-2221
-       RESERVED
-CVE-2019-2220
-       RESERVED
-CVE-2019-2219
-       RESERVED
-CVE-2019-2218
-       RESERVED
-CVE-2019-2217
-       RESERVED
+CVE-2019-2232 (In handleRun of TextLine.java, there is a possible application 
crash d ...)
+       TODO: check
+CVE-2019-2231 (In Blob::Blob of blob.cpp, there is a possible unencrypted 
master key  ...)
+       TODO: check
+CVE-2019-2230 (In nfcManager_routeAid and nfcManager_unrouteAid of 
NativeNfcManager.c ...)
+       TODO: check
+CVE-2019-2229 (In updateWidget of BaseWidgetProvider.java, there is a possible 
leak o ...)
+       TODO: check
+CVE-2019-2228 (In array_find of array.c, there is a possible out-of-bounds 
read due t ...)
+       TODO: check
+CVE-2019-2227 (In DeepCopy of btif_av.cc, there is a possible out of bounds 
read due  ...)
+       TODO: check
+CVE-2019-2226 (In device_class_to_int of device_class.cc, there is a possible 
out of  ...)
+       TODO: check
+CVE-2019-2225 (When pairing with a Bluetooth device, it may be possible to 
pair a mal ...)
+       TODO: check
+CVE-2019-2224 (In ReadMATImage of mat.c, there is a possible out of bounds 
write due  ...)
+       TODO: check
+CVE-2019-2223 (In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible 
out of bo ...)
+       TODO: check
+CVE-2019-2222 (n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a 
possible ...)
+       TODO: check
+CVE-2019-2221 (In hasActivityInVisibleTask of WindowProcessController.java 
there&#821 ...)
+       TODO: check
+CVE-2019-2220 (In checkOperation of AppOpsService.java, there is a possible 
bypass of ...)
+       TODO: check
+CVE-2019-2219 (In System UI, there is a possible bypass of user's consent for 
access  ...)
+       TODO: check
+CVE-2019-2218 (In createSessionInternal of PackageInstallerService.java, there 
is a p ...)
+       TODO: check
+CVE-2019-2217 (In setCpuVulkanInUse of GpuStats.cpp, there is possible memory 
corrupt ...)
+       TODO: check
 CVE-2019-2216
        RESERVED
 CVE-2019-2215 (A use-after-free in binder.c allows an elevation of privilege 
from an  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9dddbf15fc015ffa628da7b52db1b0129edc09ce

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9dddbf15fc015ffa628da7b52db1b0129edc09ce
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to