Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a03e01db by security tracker role at 2019-12-28T08:10:16Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,12 @@
-CVE-2019-20054 [fs/proc/proc_sysctl.c: NULL pointer dereferences]
+CVE-2019-20053 (An invalid memory address dereference was discovered in the
canUnpack ...)
+ TODO: check
+CVE-2019-20052 (A memory leak was discovered in Mat_VarCalloc in mat.c in
matio 1.5.17 ...)
+ TODO: check
+CVE-2019-20051 (A floating-point exception was discovered in
PackLinuxElf::elf_hash in ...)
+ TODO: check
+CVE-2019-20050
+ RESERVED
+CVE-2019-20054 (In the Linux kernel before 5.0.6, there is a NULL pointer
dereference ...)
- linux 5.2.6-1
[buster] - linux 4.19.67-1
[stretch] - linux 4.9.184-1
@@ -13846,6 +13854,7 @@ CVE-2019-17565
CVE-2019-17564
RESERVED
CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to
9.0.29, ...)
+ {DSA-4596-1}
- tomcat9 <unfixed>
- tomcat8 <removed>
- tomcat7 <removed>
@@ -30049,6 +30058,7 @@ CVE-2019-12420 (In Apache SpamAssassin before 3.4.3, a
message can be crafted in
CVE-2019-12419 (Apache CXF before 3.3.4 and 3.2.11 provides all of the
components that ...)
NOT-FOR-US: Apache CFX
CVE-2019-12418 (When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0
and 7.0. ...)
+ {DSA-4596-1}
- tomcat9 <unfixed>
- tomcat8 <removed>
- tomcat7 <removed>
@@ -30640,7 +30650,7 @@ CVE-2019-12214 (In FreeImage 3.18.0, an out-of-bounds
access occurs because of m
NOTE: in libopenjpeg, not freeimage. Without reproducer or stacktrace,
this is
NOTE: nearly unfixable.
CVE-2019-12213 (When FreeImage 3.18.0 reads a special TIFF file, the
TIFFReadDirectory ...)
- {DLA-2031-1}
+ {DSA-4593-1 DLA-2031-1}
- freeimage <unfixed> (bug #929597)
[buster] - freeimage <postponed> (Revisit when upstream fixes are
available)
[stretch] - freeimage <postponed> (Revisit when upstream fixes are
available)
@@ -30653,7 +30663,7 @@ CVE-2019-12212 (When FreeImage 3.18.0 reads a special
JXR file, the StreamCalcIF
[jessie] - freeimage <postponed> (Revisit when upstream fixes are
available)
NOTE:
https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
CVE-2019-12211 (When FreeImage 3.18.0 reads a tiff file, it will be handed to
the Load ...)
- {DLA-2031-1}
+ {DSA-4593-1 DLA-2031-1}
- freeimage <unfixed> (bug #929597)
[buster] - freeimage <postponed> (Revisit when upstream fixes are
available)
[stretch] - freeimage <postponed> (Revisit when upstream fixes are
available)
@@ -61617,6 +61627,7 @@ CVE-2019-1552 (OpenSSL has internal defaults for a
directory tree where it can f
- openssl1.0 <not-affected> (Windows-specific)
NOTE: https://www.openssl.org/news/secadv/20190730.txt
CVE-2019-1551 (There is an overflow bug in the x64_64 Montgomery squaring
procedure u ...)
+ {DSA-4594-1}
- openssl <unfixed> (low)
[buster] - openssl <postponed> (Wait until next upstream security
release)
[stretch] - openssl <postponed> (Wait until next upstream security
release)
@@ -65414,7 +65425,7 @@ CVE-2019-0222 (In Apache ActiveMQ 5.0.0 - 5.15.8,
unmarshalling corrupt MQTT fra
[jessie] - activemq <not-affected> (MQTT support not enabled)
NOTE:
http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt
CVE-2019-0221 (The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17,
8.5.0 ...)
- {DLA-1883-1 DLA-1810-1}
+ {DSA-4596-1 DLA-1883-1 DLA-1810-1}
- tomcat9 9.0.16-4 (bug #929895)
- tomcat8 <removed>
- tomcat7 <removed>
@@ -65490,6 +65501,7 @@ CVE-2019-0201 (An issue is present in Apache ZooKeeper
1.0.0 to 3.4.13 and 3.5.0
CVE-2019-0200 (A Denial of Service vulnerability was found in Apache Qpid
Broker-J ve ...)
- qpid-java <itp> (bug #840131)
CVE-2019-0199 (The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14
and 8.5. ...)
+ {DSA-4596-1}
- tomcat9 9.0.16-1
- tomcat8 8.5.38-1
[jessie] - tomcat8 <not-affected> (HTTP/2 support not implemented)
@@ -85559,7 +85571,7 @@ CVE-2018-11786 (In Apache Karaf prior to 4.2.0 release,
if the sshd service in K
CVE-2018-11785 (Missing authorization check in Apache Impala before 3.0.1
allows a Ker ...)
NOT-FOR-US: Apache Impala
CVE-2018-11784 (When the default servlet in Apache Tomcat versions 9.0.0.M1 to
9.0.11, ...)
- {DLA-1545-1 DLA-1544-1}
+ {DSA-4596-1 DLA-1545-1 DLA-1544-1}
- tomcat9 <not-affected> (Fixed before initial upload to Debian)
- tomcat8 8.5.34-1
- tomcat8.0 <removed> (unimportant)
@@ -95590,7 +95602,7 @@ CVE-2018-8016 (The default configuration in Apache
Cassandra 3.8 through 3.11.1
CVE-2018-8015 (In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger
an endle ...)
NOT-FOR-US: Apache ORC
CVE-2018-8014 (The defaults settings for the CORS filter provided in Apache
Tomcat 9. ...)
- {DLA-1883-1 DLA-1400-1}
+ {DSA-4596-1 DLA-1883-1 DLA-1400-1}
- tomcat9 <not-affected> (Fixed before initial upload to Debian)
- tomcat8 8.5.32-1 (bug #898935)
- tomcat8.0 <removed> (unimportant)
@@ -235219,8 +235231,8 @@ CVE-2014-6434 (gpExec in GoPro HERO 3+ allows remote
attackers to execute arbitr
NOT-FOR-US: GoPro
CVE-2014-6433 (gpExec in GoPro HERO 3+ allows remote attackers to execute
arbitrary f ...)
NOT-FOR-US: GoPro
-CVE-2014-6420
- RESERVED
+CVE-2014-6420 (Cross-site scripting (XSS) vulnerability in Livefyre
LiveComments 3.0 ...)
+ TODO: check
CVE-2014-6419
RESERVED
CVE-2014-6415
@@ -237797,8 +237809,8 @@ CVE-2014-5291
RESERVED
CVE-2014-5290
RESERVED
-CVE-2014-5289
- RESERVED
+CVE-2014-5289 (Buffer overflow in Senkas Kolibri 2.0 allows remote attackers
to execu ...)
+ TODO: check
CVE-2014-5288
RESERVED
CVE-2014-5287
@@ -239726,8 +239738,8 @@ CVE-2014-4552 (Cross-site scripting (XSS)
vulnerability in library/includes/paym
NOT-FOR-US: WordPress plugin Spotlight
CVE-2014-4551 (Cross-site scripting (XSS) vulnerability in
diagnostics/test.php in th ...)
NOT-FOR-US: WordPress plugin Social Connect
-CVE-2014-4550
- RESERVED
+CVE-2014-4550 (Cross-site scripting (XSS) vulnerability in
preview-shortcode-external ...)
+ TODO: check
CVE-2014-4549 (Multiple cross-site scripting (XSS) vulnerabilities in
pages/3DComplet ...)
NOT-FOR-US: WordPress plugin WooCommerce SagePay Direct Payment Gateway
CVE-2014-4548 (Cross-site scripting (XSS) vulnerability in tinymce/popup.php
in the R ...)
@@ -239756,8 +239768,8 @@ CVE-2014-4537 (Cross-site scripting (XSS)
vulnerability in inpage.tpl.php in the
NOT-FOR-US: WordPress plugin Keyword Strategy Internal Links
CVE-2014-4536 (Multiple cross-site scripting (XSS) vulnerabilities in
tests/notAuto_t ...)
NOT-FOR-US: Infusionsoft Gravity Forms plugin for WordPress
-CVE-2014-4535
- RESERVED
+CVE-2014-4535 (Cross-site scripting (XSS) vulnerability in the Import Legacy
Media pl ...)
+ TODO: check
CVE-2014-4534 (Multiple cross-site scripting (XSS) vulnerabilities in
videoplayer/aut ...)
NOT-FOR-US: WordPress plugin HTML5 Video Player with Playlist
CVE-2014-4533 (Cross-site scripting (XSS) vulnerability in ajax_functions.php
in the ...)
@@ -243678,8 +243690,8 @@ CVE-2014-3139 (recoveryconsole/bpl/snmpd.php in
Unitrends Enterprise Backup 7.3.
NOT-FOR-US: Unitrends Enterprise Backup
CVE-2014-3138 (SQL injection vulnerability in Xerox DocuShare before 6.53
Patch 6 Hot ...)
NOT-FOR-US: Xerox DocuShare
-CVE-2014-3136
- RESERVED
+CVE-2014-3136 (Cross-site request forgery (CSRF) vulnerability in D-Link
DWR-113 (Rev ...)
+ TODO: check
CVE-2014-3135 (Multiple cross-site scripting (XSS) vulnerabilities in
vBulletin 5.1.1 ...)
NOT-FOR-US: vBulletin
CVE-2014-3134 (Cross-site scripting (XSS) vulnerability in the InfoView
application i ...)
@@ -275584,8 +275596,8 @@ CVE-2012-4982 (Open redirect vulnerability in
assets/login on the Forescout Coun
NOT-FOR-US: Forescout device
CVE-2012-4981
RESERVED
-CVE-2012-4980
- RESERVED
+CVE-2012-4980 (Multiple stack-based buffer overflows in CFProfile.exe in
Toshiba Conf ...)
+ TODO: check
CVE-2012-4979
RESERVED
CVE-2012-4978
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a03e01dbfe00b1a4844019ebc552ce8fc58bb5b1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a03e01dbfe00b1a4844019ebc552ce8fc58bb5b1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
