Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
639aa89f by security tracker role at 2019-12-29T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-20058 (** DISPUTED ** Bolt 3.7.0, if Symfony Web Profiler is used,
allows XSS ...)
+ TODO: check
+CVE-2019-20057 (com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in
Proxyman ...)
+ TODO: check
+CVE-2019-20056 (stb_image.h (aka the stb image loader) 2.23, as used in
libsixel and o ...)
+ TODO: check
CVE-2019-20055 (LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl
substri ...)
NOT-FOR-US: LuquidPixels LiquiFire OS
CVE-2019-20053 (An invalid memory address dereference was discovered in the
canUnpack ...)
@@ -257,6 +263,7 @@ CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 Q8,
there is a use-after
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/603/
CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer
over-read in ...)
+ {DLA-2049-1}
- imagemagick <unfixed> (low; bug #947309)
[buster] - imagemagick <no-dsa> (Minor issue)
[stretch] - imagemagick <no-dsa> (Minor issue)
@@ -264,6 +271,7 @@ CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a
heap-based buffer over-r
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617
(7.x)
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/34adc98afd5c7e7fb774d2ebdaea39e831c24dce
(6.x)
CVE-2019-19948 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer
overflow in ...)
+ {DLA-2049-1}
- imagemagick <unfixed> (low; bug #947308)
[buster] - imagemagick <no-dsa> (Minor issue)
[stretch] - imagemagick <no-dsa> (Minor issue)
@@ -1281,7 +1289,7 @@ CVE-2019-19810
CVE-2019-19809
RESERVED
CVE-2019-3467 (Debian-edu-config all versions < 2.11.10, a set of
configuration fi ...)
- {DSA-4589-1 DLA-2041-1}
+ {DSA-4595-1 DSA-4589-1 DLA-2041-1}
- debian-edu-config 2.11.10 (bug #946797)
- debian-lan-config 0.26 (bug #947459)
NOTE: debian-lan-config is effectively the same issue as in
debian-edu-config and a somewhat
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/639aa89f835faff7c14d48d9d9af80025408e163
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/639aa89f835faff7c14d48d9d9af80025408e163
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
