Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
35840e7b by security tracker role at 2019-12-24T20:10:32Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-19956 (xmlParseBalancedChunkMemoryRecover in parser.c in libxml2
before 2.9.1 ...)
+ TODO: check
+CVE-2019-19955
+ RESERVED
+CVE-2019-19954 (Signal Desktop before 1.29.1 on Windows allows local users to
gain pri ...)
+ TODO: check
CVE-2019-19953 (In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a
heap-based buff ...)
- graphicsmagick <unfixed> (bug #947311)
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf
@@ -77,12 +83,12 @@ CVE-2019-19927
CVE-2019-19926 (multiSelect in select.c in SQLite 3.30.1 mishandles certain
errors dur ...)
- sqlite3 <not-affected> (Incomplete fix for CVE-2019-19880 not applied)
NOTE:
https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
-CVE-2019-19925
- RESERVED
-CVE-2019-19924
- RESERVED
-CVE-2019-19923
- RESERVED
+CVE-2019-19925 (zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1
mishandles a NULL ...)
+ TODO: check
+CVE-2019-19924 (SQLite 3.30.1 mishandles certain parser-tree rewriting,
related to exp ...)
+ TODO: check
+CVE-2019-19923 (flattenSubquery in select.c in SQLite 3.30.1 mishandles
certain uses o ...)
+ TODO: check
CVE-2019-19922 (kernel/sched/fair.c in the Linux kernel before 5.3.9, when
cpu.cfs_quo ...)
- linux 5.3.9-1
NOTE:
https://git.kernel.org/linus/de53fd7aedb100f03e5d2231cfce0e4993282425
@@ -197,7 +203,7 @@ CVE-2019-19906 (cyrus-sasl (aka Cyrus SASL) 2.1.27 has an
out-of-bounds write le
NOTE: https://www.openldap.org/its/index.cgi/Incoming?id=9123
CVE-2019-16787
REJECTED
-CVE-2019-19905 (NetHack before 3.6.4 is prone to a buffer overflow
vulnerability when ...)
+CVE-2019-19905 (NetHack 3.6.x before 3.6.4 is prone to a buffer overflow
vulnerability ...)
- nethack <unfixed> (low; bug #947005)
[buster] - nethack <no-dsa> (Minor issue)
[stretch] - nethack <no-dsa> (Minor issue)
@@ -3539,8 +3545,8 @@ CVE-2019-19697
RESERVED
CVE-2019-19696
RESERVED
-CVE-2019-19695
- RESERVED
+CVE-2019-19695 (A privilege escalation vulnerability in Trend Micro Antivirus
for Mac ...)
+ TODO: check
CVE-2019-19694
RESERVED
CVE-2019-19693 (The Trend Micro Security 2020 consumer family of products
contains a v ...)
@@ -11105,8 +11111,8 @@ CVE-2019-18251 (In Omron CX-Supervisor, Versions 3.5
(12) and prior, Omron CX-Su
NOT-FOR-US: Omron
CVE-2019-18250 (In all versions of ABB Power Generation Information Manager
(PGIM) and ...)
NOT-FOR-US: ABB
-CVE-2019-18249
- RESERVED
+CVE-2019-18249 (Reliable Controls MACH-ProWebCom/Sys, all versions prior to
2.15 (Firm ...)
+ TODO: check
CVE-2019-18248
RESERVED
CVE-2019-18247 (An attacker may use a specially crafted message to force
Relion 650 se ...)
@@ -120507,8 +120513,8 @@ CVE-2017-16785 (Cacti 1.1.27 has reflected XSS via
the PATH_INFO to host.php. ..
NOTE: one of the applied patches reopened the vulnerability
CVE-2017-16779
RESERVED
-CVE-2017-16778
- RESERVED
+CVE-2017-16778 (An access control weakness in the DTMF tone receiver of Fermax
Outdoor ...)
+ TODO: check
CVE-2017-16777 (If HashiCorp Vagrant VMware Fusion plugin (aka
vagrant-vmware-fusion) ...)
NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
CVE-2017-16776 (Security researchers discovered an authentication bypass
vulnerability ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/35840e7ba1dd4d813444c3b509ff1db0c5961a9e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/35840e7ba1dd4d813444c3b509ff1db0c5961a9e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
