Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
37aee429 by security tracker role at 2020-02-21T16:05:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1522,6 +1522,7 @@ CVE-2020-8634
CVE-2020-8633 (An issue was discovered in Zimbra Collaboration Suite (ZCS)
before 8.8 ...)
NOT-FOR-US: Zimbra Collaboration Suite (ZCS)
CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in
cloudinit/config/cc_ ...)
+ {DLA-2113-1}
- cloud-init 19.4-2 (bug #951363)
[buster] - cloud-init <no-dsa> (Minor issue)
[stretch] - cloud-init <no-dsa> (Minor issue)
@@ -1529,6 +1530,7 @@ CVE-2020-8632 (In cloud-init through 19.4,
rand_user_password in cloudinit/confi
NOTE: https://github.com/canonical/cloud-init/pull/189
NOTE:
https://github.com/canonical/cloud-init/commit/42788bf24a1a0a5421a2d00a7f59b59e38ba1a14
CVE-2020-8631 (cloud-init through 19.4 relies on Mersenne Twister for a random
passwo ...)
+ {DLA-2113-1}
- cloud-init 19.4-2 (bug #951362)
[buster] - cloud-init <no-dsa> (Minor issue)
[stretch] - cloud-init <no-dsa> (Minor issue)
@@ -8328,10 +8330,10 @@ CVE-2020-5536
RESERVED
CVE-2020-5535
RESERVED
-CVE-2020-5534
- RESERVED
-CVE-2020-5533
- RESERVED
+CVE-2020-5534 (Aterm WG2600HS firmware Ver1.3.2 and earlier allows an
authenticated a ...)
+ TODO: check
+CVE-2020-5533 (Cross-site scripting vulnerability in Aterm WG2600HS firmware
Ver1.3.2 ...)
+ TODO: check
CVE-2020-5532 (ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo
App for ...)
NOT-FOR-US: ilbo App
CVE-2020-5531 (Mitsubishi Electric MELSEC C Controller Module and MELIPC
Series MI500 ...)
@@ -8348,10 +8350,10 @@ CVE-2020-5527
RESERVED
CVE-2020-5526 (The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS
2.0.0 to 2. ...)
NOT-FOR-US: AWMS Mobile App for Android and iOS
-CVE-2020-5525
- RESERVED
-CVE-2020-5524
- RESERVED
+CVE-2020-5525 (Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier,
Aterm WG120 ...)
+ TODO: check
+CVE-2020-5524 (Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier,
Aterm WG120 ...)
+ TODO: check
CVE-2020-5523 (Android App 'MyPallete' and some of the Android banking
applications b ...)
NOT-FOR-US: MyPallete
CVE-2020-5522 (The kantan netprint App for Android 2.0.3 and earlier does not
verify ...)
@@ -8819,12 +8821,12 @@ CVE-2020-5328
RESERVED
CVE-2020-5327
RESERVED
-CVE-2020-5326
- RESERVED
+CVE-2020-5326 (Affected Dell Client platforms contain a BIOS Setup
configuration auth ...)
+ TODO: check
CVE-2020-5325
RESERVED
-CVE-2020-5324
- RESERVED
+CVE-2020-5324 (Dell Client Consumer and Commercial Platforms contain an
Arbitrary Fil ...)
+ TODO: check
CVE-2020-5323
RESERVED
CVE-2020-5322
@@ -12232,6 +12234,7 @@ CVE-2019-20098 (The VerifySmtpServerConnection!add.jspa
component in Atlassian J
CVE-2019-20097 (Bitbucket Server and Bitbucket Data Center versions starting
from 1.0. ...)
NOT-FOR-US: Bitbucket Server and Bitbucket Data Center
CVE-2019-20096 (In the Linux kernel before 5.1, there is a memory leak in
__feat_regis ...)
+ {DLA-2114-1}
- linux 5.2.6-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -12578,7 +12581,7 @@ CVE-2019-19966 (In the Linux kernel before 5.1.6, there
is a use-after-free in c
[stretch] - linux 4.9.184-1
NOTE:
https://git.kernel.org/linus/dea37a97265588da604c6ba80160a287b72c7bfd
CVE-2019-19965 (In the Linux kernel through 5.4.6, there is a NULL pointer
dereference ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.4.13-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -12659,7 +12662,7 @@ CVE-2019-19948 (In ImageMagick 7.0.8-43 Q16, there is a
heap-based buffer overfl
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/6ae32a9038e360b3491969d5d03d490884f02b4c
(7.x)
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/9e7db22f8c374301db3f968757f0d08070fd4e54
(6.x)
CVE-2019-19947 (In the Linux kernel through 5.4.6, there are information leaks
of unin ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.4.8-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -14878,7 +14881,7 @@ CVE-2019-19768 (In the Linux kernel 5.4.0-rc2, there is
a use-after-free (read)
- linux <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205711
CVE-2019-19767 (The Linux kernel before 5.4.2 mishandles
ext4_expand_extra_isize, as d ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.3.15-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -17840,49 +17843,50 @@ CVE-2019-19539 (An issue was discovered in Idelji Web
ViewPoint H01ABO-H01BY and
CVE-2019-19538
RESERVED
CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition
bug that ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.2.17-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
NOTE:
https://git.kernel.org/linus/303911cfc5b95d33687d9046133ff184cf5043ff
CVE-2019-19536 (In the Linux kernel before 5.2.9, there is an info-leak bug
that can b ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.2.9-1
[buster] - linux 4.19.67-1
[stretch] - linux 4.9.210-1
NOTE:
https://git.kernel.org/linus/ead16e53c2f0ed946d82d4037c630e2f60f4ab69
CVE-2019-19535 (In the Linux kernel before 5.2.9, there is an info-leak bug
that can b ...)
+ {DLA-2114-1}
- linux 5.2.9-1
[buster] - linux 4.19.67-1
[stretch] - linux 4.9.210-1
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/30a8beeb3042f49d0537b7050fd21b490166a3d9
CVE-2019-19534 (In the Linux kernel before 5.3.11, there is an info-leak bug
that can ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.3.15-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
NOTE:
https://git.kernel.org/linus/f7a1337f0d29b98733c8824e165fca3371d7d4fd
CVE-2019-19533 (In the Linux kernel before 5.3.4, there is an info-leak bug
that can b ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.3.7-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
NOTE:
https://git.kernel.org/linus/a10feaf8c464c3f9cfdd3a8a7ce17e1c0d498da1
CVE-2019-19532 (In the Linux kernel before 5.3.9, there are multiple
out-of-bounds wri ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.3.9-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
NOTE:
https://git.kernel.org/linus/d9d4b1e46d9543a82c23f6df03f4ad697dab361b
CVE-2019-19531 (In the Linux kernel before 5.2.9, there is a use-after-free
bug that c ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.2.9-1
[buster] - linux 4.19.67-1
[stretch] - linux 4.9.210-1
NOTE:
https://git.kernel.org/linus/fc05481b2fcabaaeccf63e32ac1baab54e5b6963
CVE-2019-19530 (In the Linux kernel before 5.2.10, there is a use-after-free
bug that ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.2.17-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
@@ -17900,7 +17904,7 @@ CVE-2019-19528 (In the Linux kernel before 5.3.7, there
is a use-after-free bug
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/edc4746f253d907d048de680a621e121517f484b
CVE-2019-19527 (In the Linux kernel before 5.2.10, there is a use-after-free
bug that ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.2.17-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
@@ -17913,19 +17917,20 @@ CVE-2019-19526 (In the Linux kernel before 5.3.9,
there is a use-after-free bug
[jessie] - linux <not-affected> (Vulnerability introduced later)
NOTE:
https://git.kernel.org/linus/6af3aa57a0984e061f61308fe181a9a12359fecc
CVE-2019-19525 (In the Linux kernel before 5.3.6, there is a use-after-free
bug that c ...)
+ {DLA-2114-1}
- linux 5.3.7-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7fd25e6fc035f4b04b75bca6d7e8daa069603a76
CVE-2019-19524 (In the Linux kernel before 5.3.12, there is a use-after-free
bug that ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.3.15-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
NOTE:
https://git.kernel.org/linus/fa3a5a1880c91bb92594ad42dfe9eedad7996b86
CVE-2019-19523 (In the Linux kernel before 5.3.7, there is a use-after-free
bug that c ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.3.7-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
@@ -18460,8 +18465,8 @@ CVE-2019-19454
RESERVED
CVE-2019-19453
RESERVED
-CVE-2019-19452
- RESERVED
+CVE-2019-19452 (A buffer overflow was found in Patriot Viper RGB through 1.1
when proc ...)
+ TODO: check
CVE-2019-19451 (When GNOME Dia before 2019-11-27 is launched with a filename
argument ...)
- dia <unfixed> (unimportant; bug #945876)
NOTE: https://gitlab.gnome.org/GNOME/dia/issues/428
@@ -18477,6 +18482,7 @@ CVE-2019-19448 (In the Linux kernel 5.0.21 and 5.3.11,
mounting a crafted btrfs
- linux <unfixed>
NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448
CVE-2019-19447 (In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem
image, ...)
+ {DLA-2114-1}
- linux 5.4.6-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -19024,7 +19030,7 @@ CVE-2019-19333 (In all versions of libyang before
1.0-r5, a stack-based buffer o
[buster] - libyang <no-dsa> (Minor issue)
NOTE:
https://github.com/CESNET/libyang/commit/f6d684ade99dd37b21babaa8a856f64faa1e2e0d
CVE-2019-19332 (An out-of-bounds memory write issue was found in the Linux
Kernel, ver ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.4.6-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -19342,7 +19348,7 @@ CVE-2019-19229 (admincgi-bin/service.fcgi on Fronius
Solar Inverter devices befo
CVE-2019-19228 (Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow
attacke ...)
NOT-FOR-US: Fronius Solar Inverter devices
CVE-2019-19227 (In the AppleTalk subsystem in the Linux kernel before 5.1,
there is a ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.2.6-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -19753,6 +19759,7 @@ CVE-2019-19069 (A memory leak in the
fastrpc_dma_buf_attach() function in driver
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/fc739a058d99c9297ef6bfd923b809d85855b9a9
CVE-2019-19068 (A memory leak in the rtl8xxxu_submit_int_urb() function in
drivers/net ...)
+ {DLA-2114-1}
- linux 5.4.13-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -19761,7 +19768,7 @@ CVE-2019-19067 (** DISPUTED ** Four memory leaks in the
acp_hw_init() function i
- linux 5.3.9-1 (unimportant)
NOTE:
https://git.kernel.org/linus/57be09c6e8747bf48704136d9e3f92bfb93f5725
CVE-2019-19066 (A memory leak in the bfad_im_get_stats() function in
drivers/scsi/bfa/ ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.4.13-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -19778,7 +19785,7 @@ CVE-2019-19063 (Two memory leaks in the rtl_usb_probe()
function in drivers/net/
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
CVE-2019-19062 (A memory leak in the crypto_report() function in
crypto/crypto_user_ba ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.4.6-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -19802,12 +19809,12 @@ CVE-2019-19058 (A memory leak in the alloc_sgtable()
function in drivers/net/wir
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b4b814fec1a5a849383f7b3886b654a13abbda7d
CVE-2019-19057 (Two memory leaks in the mwifiex_pcie_init_evt_ring() function
in drive ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.4.8-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
CVE-2019-19056 (A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function
in drive ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.4.13-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -19826,13 +19833,13 @@ CVE-2019-19053 (A memory leak in the
rpmsg_eptdev_write_iter() function in drive
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19052 (A memory leak in the gs_can_open() function in
drivers/net/can/usb/gs_ ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.3.15-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
NOTE:
https://git.kernel.org/linus/fb5be6a7b4863ecc44963bb80ca614584b6c7817
CVE-2019-19051 (A memory leak in the i2400m_op_rfkill_sw_toggle() function in
drivers/ ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.3.15-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -19890,6 +19897,7 @@ CVE-2019-19039 (** DISPUTED ** __btrfs_free_extent in
fs/btrfs/extent-tree.c in
CVE-2019-19038
RESERVED
CVE-2019-19037 (ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through
5.3.12 a ...)
+ {DLA-2114-1}
- linux 5.4.8-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -20448,6 +20456,7 @@ CVE-2019-18810 (A memory leak in the
komeda_wb_connector_add() function in drive
NOTE:
https://git.kernel.org/linus/a0ecd6fdbf5d648123a7315c695fb6850d702835
NOTE: CONFIG_DRM_KOMEDA not enabled in Debian builds.
CVE-2019-18809 (A memory leak in the af9005_identify_state() function in
drivers/media ...)
+ {DLA-2114-1}
- linux 5.4.13-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -22958,6 +22967,7 @@ CVE-2019-18676 (An issue was discovered in Squid 3.x
and 4.x through 4.8. Due to
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
NOTE: Squid 4:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch
CVE-2019-18683 (An issue was discovered in drivers/media/platform/vivid in the
Linux k ...)
+ {DLA-2114-1}
- linux 5.3.15-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
@@ -24126,6 +24136,7 @@ CVE-2019-18284 (A vulnerability has been identified in
SPPA-T3000 Application Se
CVE-2019-18283 (A vulnerability has been identified in SPPA-T3000 Application
Server ( ...)
NOT-FOR-US: Siemens
CVE-2019-18282 (The flow_dissector feature in the Linux kernel 4.3 through 5.x
before ...)
+ {DLA-2114-1}
- linux 5.3.15-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
@@ -26398,7 +26409,7 @@ CVE-2019-17668 (Samsung Galaxy S10 and Note10 devices
allow unlock operations vi
CVE-2019-17667 (Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and
HTML inj ...)
NOT-FOR-US: Comtech H8 Heights Remote Gateway devices
CVE-2019-17666 (rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in
the Lin ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.3.9-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
@@ -27915,7 +27926,7 @@ CVE-2019-17131 (vBulletin before 5.5.4 allows
clickjacking. ...)
CVE-2019-17130 (vBulletin through 5.5.4 mishandles external URLs within the
/core/vb/v ...)
NOT-FOR-US: vBulletin
CVE-2019-17133 (In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid
in net/w ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.3.9-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
@@ -28046,6 +28057,7 @@ CVE-2019-17077
CVE-2019-17076 (An issue was discovered in Jamf Pro 9.x and 10.x before
10.15.1. Deser ...)
NOT-FOR-US: Jamf Pro
CVE-2019-17075 (An issue was discovered in write_tpt_entry in
drivers/infiniband/hw/cx ...)
+ {DLA-2114-1}
- linux 5.3.7-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
@@ -28098,31 +28110,31 @@ CVE-2019-17058 (Footy Tipping Software AFL Web
Edition 2019 allows arbitrary fil
CVE-2019-17057 (Footy Tipping Software AFL Web Edition 2019 allows XSS. ...)
NOT-FOR-US: Footy Tipping Software AFL Web Edition
CVE-2019-17056 (llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network
module i ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.3.7-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
NOTE:
https://git.kernel.org/linus/3a359798b176183ef09efb7a3dc59abad1cc7104
CVE-2019-17055 (base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN
network ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.3.7-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
NOTE:
https://git.kernel.org/linus/b91ee4aa2a2199ba4d4650706c272985a5a32d80
CVE-2019-17054 (atalk_create in net/appletalk/ddp.c in the AF_APPLETALK
network module ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.3.7-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
NOTE:
https://git.kernel.org/linus/6cc03e8aa36c51f3b26a0d21a3c4ce2809c842ac
CVE-2019-17053 (ieee802154_create in net/ieee802154/socket.c in the
AF_IEEE802154 netw ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.3.7-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
NOTE:
https://git.kernel.org/linus/e69dbd4619e7674c1679cba49afd9dd9ac347eef
CVE-2019-17052 (ax25_create in net/ax25/af_ax25.c in the AF_AX25 network
module in the ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.3.7-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
@@ -29119,7 +29131,7 @@ CVE-2019-16728 (DOMPurify before 2.0.1 allows XSS
because of innerHTML mutation
[stretch] - dompurify.js <ignored> (Minor issue)
NOTE: https://research.securitum.com/dompurify-bypass-using-mxss/
CVE-2019-16746 (An issue was discovered in net/wireless/nl80211.c in the Linux
kernel ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.3.7-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
@@ -31369,7 +31381,7 @@ CVE-2018-21009 (Poppler before 0.66.0 has an integer
overflow in Parser::makeStr
- poppler 0.69.0-2
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a
CVE-2018-21008 (An issue was discovered in the Linux kernel before 4.16.7. A
use-after ...)
- {DLA-1930-1}
+ {DLA-2114-1 DLA-1930-1}
- linux 4.18.6-1
[stretch] - linux 4.9.210-1
NOTE:
https://git.kernel.org/linus/abd39c6ded9db53aa44c2540092bdd5fb6590fa8
@@ -31416,7 +31428,7 @@ CVE-2019-15918 (An issue was discovered in the Linux
kernel before 5.0.10. SMB2_
[jessie] - linux <not-affected> (Vulnerability introduced later)
NOTE:
https://git.kernel.org/linus/b57a55e2200ede754e4dc9cce4ba9402544b9365
CVE-2019-15917 (An issue was discovered in the Linux kernel before 5.0.5.
There is a u ...)
- {DLA-1930-1}
+ {DLA-2114-1 DLA-1930-1}
- linux 4.19.37-1
[stretch] - linux 4.9.210-1
NOTE:
https://git.kernel.org/linus/56897b217a1d0a91c9920cb418d6b3fe922f590a
@@ -32691,7 +32703,7 @@ CVE-2019-15507 (In Octopus Deploy versions 2018.8.4 to
2019.7.6, when a web requ
CVE-2019-15506 (An issue was discovered in Kaseya Virtual System Administrator
(VSA) t ...)
NOT-FOR-US: Kaseya Virtual System Administrator (VSA)
CVE-2019-15505 (drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel
through ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.2.17-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
@@ -33385,7 +33397,7 @@ CVE-2019-15292 (An issue was discovered in the Linux
kernel before 5.0.9. There
- linux 4.19.37-1
[stretch] - linux 4.9.184-1
CVE-2019-15291 (An issue was discovered in the Linux kernel through 5.2.9.
There is a ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.3.15-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
@@ -33467,7 +33479,7 @@ CVE-2019-15218 (An issue was discovered in the Linux
kernel before 5.1.8. There
[stretch] - linux 4.9.184-1
NOTE:
https://git.kernel.org/linus/31e0456de5be379b10fea0fa94a681057114a96e
CVE-2019-15217 (An issue was discovered in the Linux kernel before 5.2.3.
There is a N ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.2.6-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -33742,7 +33754,7 @@ CVE-2019-15150 (In the OAuth2 Client extension before
0.4 for MediaWiki, a CSRF
CVE-2019-15149 (** DISPUTED ** core.py in Mitogen before 0.2.8 has a typo that
drops t ...)
NOT-FOR-US: Mitogen
CVE-2018-20976 (An issue was discovered in fs/xfs/xfs_super.c in the Linux
kernel befo ...)
- {DLA-1930-1}
+ {DLA-2114-1 DLA-1930-1}
- linux 4.18.6-1
[stretch] - linux 4.9.210-1
NOTE:
https://git.kernel.org/linus/c9fbd7bbc23dbdd73364be4d045e5d3612cf6e82
@@ -34058,7 +34070,7 @@ CVE-2019-15099 (drivers/net/wireless/ath/ath10k/usb.c
in the Linux kernel throug
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://lore.kernel.org/linux-wireless/[email protected]/T/#u
CVE-2019-15098 (drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel
through 5.2. ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.3.7-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
@@ -34724,7 +34736,7 @@ CVE-2019-14902 (There is an issue in all samba 4.11.x
versions before 4.11.5, al
[jessie] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-14902.html
CVE-2019-14901 (A heap overflow flaw was found in the Linux kernel, all
versions 3.x.x ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.4.13-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -34737,19 +34749,19 @@ CVE-2019-14898 [RHEL-7 specific incompete fix issue
for CVE-2019-11599]
RESERVED
- linux <not-affected> (RHEL-7 specific incomplete fix for
CVE-2019-11599)
CVE-2019-14897 (A stack-based buffer overflow was found in the Linux kernel,
version k ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.4.19-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
CVE-2019-14896 (A heap-based buffer overflow vulnerability was found in the
Linux kern ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.4.19-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
CVE-2019-14895 (A heap-based buffer overflow was discovered in the Linux
kernel, all v ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.4.13-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -35152,18 +35164,18 @@ CVE-2019-14817 (A flaw was found in, ghostscript
versions prior to 9.50, in the
NOTE: from
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
NOTE: which changed the access to file permissions.
CVE-2019-14816 (There is heap-based buffer overflow in kernel, all versions up
to, exc ...)
- {DLA-1930-1}
+ {DLA-2114-1 DLA-1930-1}
- linux 5.2.17-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
CVE-2019-14815 (A vulnerability was found in Linux Kernel, where a Heap
Overflow was f ...)
- {DLA-1930-1}
+ {DLA-2114-1 DLA-1930-1}
- linux 5.2.17-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
[jessie] - linux <not-affected> (Vulnerability introduced later)
CVE-2019-14814 (There is heap-based buffer overflow in Linux kernel, all
versions up t ...)
- {DLA-1930-1}
+ {DLA-2114-1 DLA-1930-1}
- linux 5.2.17-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
@@ -35720,6 +35732,7 @@ CVE-2019-14617
CVE-2019-14616
RESERVED
CVE-2019-14615 (Insufficient control flow in certain data structures for some
Intel(R) ...)
+ {DLA-2114-1}
- linux 5.4.13-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -49396,7 +49409,7 @@ CVE-2019-10221
- dogtag-pki <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1732565
CVE-2019-10220 (Linux kernel CIFS implementation, version 4.9.0 is vulnerable
to a rel ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 5.3.9-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -72505,7 +72518,7 @@ CVE-2019-2217 (In setCpuVulkanInUse of GpuStats.cpp,
there is possible memory co
CVE-2019-2216
RESERVED
CVE-2019-2215 (A use-after-free in binder.c allows an elevation of privilege
from an ...)
- {DLA-2068-1}
+ {DLA-2114-1 DLA-2068-1}
- linux 4.15.4-1
[stretch] - linux 4.9.210-1
NOTE: Fixed by:
https://git.kernel.org/linus/f5cb779ba16334b45ba8946d6bfa6d9834d1527f
@@ -79104,7 +79117,7 @@ CVE-2019-0138 (Improper directory permissions in
Intel(R) ACU Wizard version 12.
CVE-2019-0137
RESERVED
CVE-2019-0136 (Insufficient access control in the Intel(R) PROSet/Wireless
WiFi Softw ...)
- {DLA-1930-1 DLA-1919-1}
+ {DLA-2114-1 DLA-1930-1 DLA-1919-1}
- linux 5.2.6-1
[buster] - linux 4.19.67-1
[stretch] - linux 4.9.210-1
@@ -95245,14 +95258,14 @@ CVE-2018-13095 (An issue was discovered in
fs/xfs/libxfs/xfs_inode_buf.c in the
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199915
NOTE:
https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=23fcb3340d033d9f081e21e6c12c2db7eaa541d3
CVE-2018-13094 (An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in
the Linux ...)
- {DLA-1529-1}
+ {DLA-2114-1 DLA-1529-1}
- linux 4.17.14-1
[stretch] - linux 4.9.210-1
[jessie] - linux-4.9 <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199969
NOTE:
https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=bb3d48dcf86a97dc25fe9fc2c11938e19cb4399a
CVE-2018-13093 (An issue was discovered in fs/xfs/xfs_icache.c in the Linux
kernel thr ...)
- {DLA-1529-1}
+ {DLA-2114-1 DLA-1529-1}
- linux 4.17.14-1
[stretch] - linux 4.9.210-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199367
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/37aee429fe4e091e4fde2dadd98f17b764d695e6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/37aee429fe4e091e4fde2dadd98f17b764d695e6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
