[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 16 Dec 2019 00:10:53 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5654dc8b by security tracker role at 2019-12-16T08:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,26 @@
-CVE-2019-19807 [ALSA: timer: Fix incorrectly assigned timer instance]
+CVE-2019-19808
+       RESERVED
+CVE-2019-19806
+       RESERVED
+CVE-2019-19805
+       RESERVED
+CVE-2019-19804
+       RESERVED
+CVE-2019-19803
+       RESERVED
+CVE-2019-19802
+       RESERVED
+CVE-2019-19801
+       RESERVED
+CVE-2019-19800
+       RESERVED
+CVE-2019-19799
+       RESERVED
+CVE-2019-19798
+       RESERVED
+CVE-2019-19797 (read_colordef in read.c in Xfig fig2dev 3.2.7b has an 
out-of-bounds wr ...)
+       TODO: check
+CVE-2019-19807 (In the Linux kernel before 5.3.11, sound/core/timer.c has a 
use-after- ...)
        - linux 5.3.15-1
        [buster] - linux <not-affected> (Vulnerable code introduced later and 
not present in released Debian version)
        [stretch] - linux <not-affected> (Vulnerable code introduced later and 
not present in released Debian version)
@@ -206103,6 +206125,7 @@ CVE-2015-6665 (Cross-site scripting (XSS) 
vulnerability in the Ajax handler in D
        NOTE: https://www.drupal.org/SA-CORE-2015-003
        NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
 CVE-2015-6673 (Use-after-free vulnerability in Decoder.cpp in libpgf before 
6.15.32. ...)
+       {DLA-2035-1}
        - libpgf 6.14.12-3.2 (bug #798032)
        NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/14
        NOTE: Details on the CVE assignment: 
http://www.openwall.com/lists/oss-security/2015/08/25/9
@@ -228303,8 +228326,7 @@ CVE-2014-8709 (The ieee80211_fragment function in 
net/mac80211/tx.c in the Linux
        - linux-2.6 <removed>
        NOTE: Fixed by 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=338f977f4eb441e69bb9a46eaa0ac715c931a67f
 (v3.14-rc3)
        NOTE: Introduced by 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2de8e0d999b8790861cd3749bec2236ccc1c8110
 (v2.6.30-rc1)
-CVE-2014-8650 [does not handle mutual authentication]
-       RESERVED
+CVE-2014-8650 (python-requests-Kerberos through 0.5 does not handle mutual 
authentica ...)
        - python-requests-kerberos 0.5-2 (bug #768408)
        NOTE: https://github.com/requests/requests-kerberos/pull/36
        NOTE: request adding 
https://github.com/mkomitee/requests-kerberos/commit/9c1e08cc17bb6950455a85d33d391ecd2bce6eb6
@@ -228657,8 +228679,7 @@ CVE-2014-8354 (The HorizontalFilter function in 
resize.c in ImageMagick before 6
        - imagemagick 8:6.8.9.9-1
        [squeeze] - imagemagick <no-dsa> (Minor issue)
        NOTE: https://int21.de/cve/CVE-2014-8354-oob-heap-overflow.html
-CVE-2014-8561 [Remotely DOS: convert +profile regression enters infinite loop 
exhausting memory]
-       RESERVED
+CVE-2014-8561 (imagemagick 6.8.9.6 has remote DOS via infinite loop ...)
        - imagemagick 8:6.8.9.9-1 (bug #764872)
        [wheezy] - imagemagick <not-affected> (Vulnerable code introduced 
later; regression)
        [squeeze] - imagemagick <not-affected> (Vulnerable code introduced 
later; regression)
@@ -237879,8 +237900,7 @@ CVE-2014-4914 (The Zend_Db_Select::order function in 
Zend Framework before 1.12.
        - zendframework 1.12.7-0.1 (bug #754201)
        NOTE: http://framework.zend.com/security/advisory/ZF2014-04
        NOTE: 
https://github.com/zendframework/zf1/commit/da09186c60b9168520e994af4253fba9c19c2b3d
-CVE-2014-4913 [ZF2014-03: Potential XSS vector in multiple view helpers]
-       RESERVED
+CVE-2014-4913 (ZF2014-03 has a potential cross site scripting vector in 
multiple view ...)
        - zendframework <not-affected> (Vulnerable code not present, only 
affects ZF2)
        NOTE: http://framework.zend.com/security/advisory/ZF2014-03
 CVE-2014-4911 (The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL 
before 1 ...)
@@ -240355,13 +240375,11 @@ CVE-2014-3703 (OpenStack PackStack 2012.2.1, when 
the Open vSwitch (OVS) monolit
        NOT-FOR-US: Red Hat Openstack 4 Neutron
 CVE-2014-3702 (Directory traversal vulnerability in eNovance eDeploy allows 
remote at ...)
        - edeploy <itp> (bug #717664)
-CVE-2014-3701
-       RESERVED
+CVE-2014-3701 (eDeploy has tmp file race condition flaws ...)
        - edeploy <itp> (bug #717664)
 CVE-2014-3700 (eDeploy through at least 2014-10-14 has remote code execution 
due to e ...)
        - edeploy <itp> (bug #717664)
-CVE-2014-3699
-       RESERVED
+CVE-2014-3699 (eDeploy has RCE via cPickle deserialization of untrusted data 
...)
        - edeploy <itp> (bug #717664)
 CVE-2014-3698 (The jabber_idn_validate function in jutil.c in the Jabber 
protocol plu ...)
        {DSA-3055-1}
@@ -240524,8 +240542,7 @@ CVE-2014-3653 (Cross-site scripting (XSS) 
vulnerability in the template preview
        - foreman <itp> (bug #663101)
        NOTE: http://projects.theforeman.org/issues/7483
        NOTE: https://github.com/sodabrew/foreman/issues/1
-CVE-2014-3652
-       RESERVED
+CVE-2014-3652 (JBoss KeyCloak: Open redirect vulnerability via failure to 
validate th ...)
        NOT-FOR-US: JBoss KeyCloak
 CVE-2014-3651 (JBoss KeyCloak before 1.0.3.Final allows remote attackers to 
cause a d ...)
        NOT-FOR-US: JBoss KeyCloak
@@ -240556,8 +240573,7 @@ CVE-2014-3645 (arch/x86/kvm/vmx.c in the KVM 
subsystem in the Linux kernel befor
        NOTE: 
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bfd0a56b90005f8c8a004baf407ad90045c2b11e
 (v3.12-rc1)
 CVE-2014-3644
        RESERVED
-CVE-2014-3643
-       RESERVED
+CVE-2014-3643 (jersey: XXE via parameter entities not disabled by the jersey 
SAX pars ...)
        NOT-FOR-US: Jersey SAX parser
 CVE-2014-3642 (vmdb/app/controllers/application_controller/performance.rb in 
Red Hat  ...)
        NOT-FOR-US: Red Hat CloudForms Management Engine
@@ -241046,8 +241062,7 @@ CVE-2014-3537 (The web interface in CUPS before 1.7.4 
allows local users in the
        - cups 1.7.4-1
        [squeeze] - cups 1.4.4-7+squeeze6
        NOTE: https://www.cups.org/str.php?L4450
-CVE-2014-3536
-       RESERVED
+CVE-2014-3536 (CFME (CloudForms Management Engine) 5: RHN account information 
is logg ...)
        NOT-FOR-US: Red Hat CloudForms
 CVE-2014-3535 (include/linux/netdevice.h in the Linux kernel before 2.6.36 
incorrectl ...)
        - linux <not-affected> (RHEL-specific, incomplete backport)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5654dc8b6293a7bce5fa6c366082ff8d9221a751

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5654dc8b6293a7bce5fa6c366082ff8d9221a751
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to