[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 14 Dec 2019 00:10:56 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c6fecacf by security tracker role at 2019-12-14T08:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-19796 (Yabasic 2.86.2 has a heap-based buffer overflow in myformat in 
functio ...)
+       TODO: check
+CVE-2019-19795 (samurai 0.7 has a heap-based buffer overflow in canonpath in 
util.c vi ...)
+       TODO: check
+CVE-2019-19794 (The miekg Go DNS package before 1.1.25, as used in CoreDNS 
before 1.6. ...)
+       TODO: check
 CVE-2019-19793 (In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 
on Wind ...)
        NOT-FOR-US: Cyxtera AppGate SDP Client
 CVE-2019-19792
@@ -2709,7 +2715,7 @@ CVE-2019-19604 (Arbitrary command execution is possible 
in Git before 2.20.2, 2.
        NOTE: by the bug.
        NOTE: 
https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md
        NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
-CVE-2019-19603 (SQLite 3.30.1, during handling of CREATE TABLE and CREATE VIEW 
stateme ...)
+CVE-2019-19603 (SQLite 3.30.1 mishandles certain SELECT statements with a 
nonexistent  ...)
        - sqlite3 <unfixed>
        NOTE: 
https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13
 CVE-2019-19601 (OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l 
because of ...)
@@ -9791,19 +9797,19 @@ CVE-2019-18348 (An issue was discovered in urllib2 in 
Python 2.x through 2.7.17
        NOTE: not the case in all suites, but the issue is minor in general and 
would
        NOTE: tend to a no-dsa/ignored tag in those suites.
 CVE-2019-18347 (A stored XSS issue was discovered in DAViCal through 1.1.8. It 
does no ...)
-       {DSA-4582-1}
+       {DSA-4582-1 DLA-2034-1}
        - davical 1.1.9.2-1 (bug #946343)
        NOTE: 
https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability/
        NOTE: 
https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b
        NOTE: 
https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19
 CVE-2019-18346 (A CSRF issue was discovered in DAViCal through 1.1.8. If an 
authentica ...)
-       {DSA-4582-1}
+       {DSA-4582-1 DLA-2034-1}
        - davical 1.1.9.2-1 (bug #946343)
        NOTE: 
https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability/
        NOTE: 
https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b
        NOTE: 
https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19
 CVE-2019-18345 (A reflected XSS issue was discovered in DAViCal through 1.1.8. 
It echo ...)
-       {DSA-4582-1}
+       {DSA-4582-1 DLA-2034-1}
        - davical 1.1.9.2-1 (bug #946343)
        NOTE: 
https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability/
        NOTE: 
https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b
@@ -13185,8 +13191,8 @@ CVE-2019-17366 (Citrix Application Delivery Management 
(ADM) 12.1 before build 5
        NOT-FOR-US: Citrix
 CVE-2019-17365 (Nix through 2.3 allows local users to gain access to an 
arbitrary user ...)
        NOT-FOR-US: Nix
-CVE-2019-17364
-       RESERVED
+CVE-2019-17364 (The processCommandUploadLog() function of libcommon.so in 
Petwant PF-1 ...)
+       TODO: check
 CVE-2019-17363
        RESERVED
 CVE-2019-17362 (In LibTomCrypt through 1.18.2, the der_decode_utf8_string 
function (in ...)
@@ -14758,22 +14764,22 @@ CVE-2019-16738 (In MediaWiki through 1.33.0, 
Special:Redirect allows information
        {DSA-4545-1}
        - mediawiki 1:1.31.4-1
        NOTE: https://phabricator.wikimedia.org/T230402
-CVE-2019-16737
-       RESERVED
-CVE-2019-16736
-       RESERVED
-CVE-2019-16735
-       RESERVED
-CVE-2019-16734
-       RESERVED
-CVE-2019-16733
-       RESERVED
-CVE-2019-16732
-       RESERVED
-CVE-2019-16731
-       RESERVED
-CVE-2019-16730
-       RESERVED
+CVE-2019-16737 (The processCommandSetMac() function of libcommon.so in Petwant 
PF-103  ...)
+       TODO: check
+CVE-2019-16736 (A stack-based buffer overflow in processCommandUploadSnapshot 
in libco ...)
+       TODO: check
+CVE-2019-16735 (A stack-based buffer overflow in processCommandUploadLog in 
libcommon. ...)
+       TODO: check
+CVE-2019-16734 (Use of default credentials for the TELNET server in Petwant 
PF-103 fir ...)
+       TODO: check
+CVE-2019-16733 (processCommandSetUid() in libcommon.so in Petwant PF-103 
firmware 4.22 ...)
+       TODO: check
+CVE-2019-16732 (Unencrypted HTTP communications for firmware upgrades in 
Petalk AI and ...)
+       TODO: check
+CVE-2019-16731 (The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 
and Peta ...)
+       TODO: check
+CVE-2019-16730 (processCommandUpgrade() in libcommon.so in Petwant PF-103 
firmware 4.2 ...)
+       TODO: check
 CVE-2019-16728 (DOMPurify before 2.0.1 allows XSS because of innerHTML 
mutation XSS (m ...)
        - dompurify.js <removed>
        [stretch] - dompurify.js <ignored> (Minor issue)
@@ -29488,6 +29494,7 @@ CVE-2019-12097 (Telerik Fiddler v5.0.20182.28034 
doesn't verify the hash of Enab
 CVE-2019-12096
        RESERVED
 CVE-2019-12095 (Horde Trean, as used in Horde Groupware Webmail Edition 
through 5.2.22 ...)
+       {DLA-2033-1}
        - php-horde-trean <unfixed>
        [buster] - php-horde-trean <no-dsa> (Minor issue)
        [stretch] - php-horde-trean <no-dsa> (Minor issue)
@@ -48799,10 +48806,10 @@ CVE-2019-5280 (The SIP TLS module of Huawei CloudLink 
Phone 7900 with V600R019C1
        NOT-FOR-US: Huawei
 CVE-2019-5279 (Huawei smart phones Emily-L29C with Versions earlier than 
9.1.0.311(C1 ...)
        NOT-FOR-US: Huawei
-CVE-2019-5278
-       RESERVED
-CVE-2019-5277
-       RESERVED
+CVE-2019-5278 (There is an out-of-bounds read vulnerability in the Advanced 
Packages  ...)
+       TODO: check
+CVE-2019-5277 (Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information 
leak v ...)
+       TODO: check
 CVE-2019-5276
        RESERVED
 CVE-2019-5275
@@ -48827,32 +48834,32 @@ CVE-2019-5266
        RESERVED
 CVE-2019-5265
        RESERVED
-CVE-2019-5264
-       RESERVED
+CVE-2019-5264 (There is an information disclosure vulnerability in certain 
Huawei sma ...)
+       TODO: check
 CVE-2019-5263 (HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) 
and ear ...)
        NOT-FOR-US: Huawei
 CVE-2019-5262
        RESERVED
 CVE-2019-5261
        RESERVED
-CVE-2019-5260
-       RESERVED
+CVE-2019-5260 (Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a 
denial of s ...)
+       TODO: check
 CVE-2019-5259
        RESERVED
-CVE-2019-5258
-       RESERVED
-CVE-2019-5257
-       RESERVED
-CVE-2019-5256
-       RESERVED
-CVE-2019-5255
-       RESERVED
-CVE-2019-5254
-       RESERVED
-CVE-2019-5253
-       RESERVED
-CVE-2019-5252
-       RESERVED
+CVE-2019-5258 (Certain Huawei products (AP2000;IPS Module;NGFW 
Module;NIP6300;NIP6600 ...)
+       TODO: check
+CVE-2019-5257 (Certain Huawei products (AP2000;IPS Module;NGFW 
Module;NIP6300;NIP6600 ...)
+       TODO: check
+CVE-2019-5256 (Certain Huawei products (AP2000;IPS Module;NGFW 
Module;NIP6300;NIP6600 ...)
+       TODO: check
+CVE-2019-5255 (Certain Huawei products (AP2000;IPS Module;NGFW 
Module;NIP6300;NIP6600 ...)
+       TODO: check
+CVE-2019-5254 (Certain Huawei products (AP2000;IPS Module;NGFW 
Module;NIP6300;NIP6600 ...)
+       TODO: check
+CVE-2019-5253 (E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has 
an impro ...)
+       TODO: check
+CVE-2019-5252 (There is an improper authentication vulnerability in Huawei 
smartphone ...)
+       TODO: check
 CVE-2019-5251 (There is a path traversal vulnerability in several Huawei 
smartphones. ...)
        NOT-FOR-US: Huawei
 CVE-2019-5250 (Mate 20 Pro smartphones with versions earlier than 
9.1.0.135(C00E133R3 ...)
@@ -48885,8 +48892,8 @@ CVE-2019-5237 (Huawei PCManager with the versions 
before 9.0.1.66 (Oversea) and
        NOT-FOR-US: Huawei
 CVE-2019-5236 (Huawei smart phones Emily-L29C with versions of 
8.1.0.132a(C432), 8.1. ...)
        NOT-FOR-US: Huawei
-CVE-2019-5235
-       RESERVED
+CVE-2019-5235 (Some Huawei smart phones have a null pointer dereference 
vulnerability ...)
+       TODO: check
 CVE-2019-5234
        RESERVED
 CVE-2019-5233 (Huawei smartphones with versions earlier than Taurus-AL00B 
10.0.0.41(S ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c6fecacf0982f7aa607d69aade406bb50cd1ce80

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c6fecacf0982f7aa607d69aade406bb50cd1ce80
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to