Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
816455cc by security tracker role at 2019-12-21T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-19919 (Versions of handlebars prior to 4.3.0 are vulnerable to
Prototype Poll ...)
+ TODO: check
+CVE-2019-19918 (Lout 3.40 has a heap-based buffer overflow in the srcnext()
function i ...)
+ TODO: check
+CVE-2019-19917 (Lout 3.40 has a buffer overflow in the StringQuotedWord()
function in ...)
+ TODO: check
CVE-2020-3939
RESERVED
CVE-2020-3938
@@ -92,11 +98,11 @@ CVE-2019-19892
CVE-2019-19891
RESERVED
CVE-2019-19906 (cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write
leading ...)
- {DLA-2044-1}
+ {DSA-4591-1 DLA-2044-1}
- cyrus-sasl2 <unfixed> (bug #947043)
NOTE: https://github.com/cyrusimap/cyrus-sasl/issues/587
NOTE: https://www.openldap.org/its/index.cgi/Incoming?id=9123
-CVE-2019-16787
+CVE-2019-16787 (In NatHack between 3.6.0 and 3.6.3, a buffer overflow issue
exists whe ...)
NOTE:
https://github.com/NetHack/NetHack/security/advisories/GHSA-3cm7-rgh5-9pq5
NOTE: Duplicate of CVE-2019-19905
TODO: wait for MITRE CNA on feedback
@@ -6233,8 +6239,8 @@ CVE-2019-19233
RESERVED
CVE-2019-19232 (In Sudo through 1.8.29, an attacker with access to a Runas ALL
sudoer ...)
TODO: check
-CVE-2019-19231
- RESERVED
+CVE-2019-19231 (An insecure file access vulnerability exists in CA Client
Automation 1 ...)
+ TODO: check
CVE-2019-19230 (An unsafe deserialization vulnerability exists in CA Release
Automatio ...)
NOT-FOR-US: CA Release Automation (Nolio)
CVE-2019-19229 (admincgi-bin/service.fcgi on Fronius Solar Inverter devices
before 3.1 ...)
@@ -9909,7 +9915,7 @@ CVE-2019-18627
RESERVED
CVE-2019-18626
RESERVED
-CVE-2018-21029 (systemd 239 through 244 accepts any certificate signed by a
trusted ce ...)
+CVE-2018-21029 (** DISPUTED ** systemd 239 through 244 accepts any certificate
signed ...)
- systemd <unfixed>
[buster] - systemd <no-dsa> (Minor issue; systemd-resolved not enabled
by default)
[stretch] - systemd <not-affected> (Vulnerable code introduced later)
@@ -15631,10 +15637,10 @@ CVE-2019-16789
RESERVED
CVE-2019-16788
RESERVED
-CVE-2019-16786
- RESERVED
-CVE-2019-16785
- RESERVED
+CVE-2019-16786 (Waitress through version 1.3.1 would parse the
Transfer-Encoding heade ...)
+ TODO: check
+CVE-2019-16785 (Waitress through version 1.3.1 implemented a "MAY" part of the
RFC7230 ...)
+ TODO: check
CVE-2019-16784
RESERVED
CVE-2019-16783
@@ -19027,8 +19033,8 @@ CVE-2019-15586
RESERVED
CVE-2019-15585
RESERVED
-CVE-2019-15584
- RESERVED
+CVE-2019-15584 (A denial of service exists in gitlab <v12.3.2, <v12.2.6,
and < ...)
+ TODO: check
CVE-2019-15583
RESERVED
CVE-2019-15582
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/816455cc08cf4793add1148bed46308689df1bf8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/816455cc08cf4793add1148bed46308689df1bf8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
