Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d48aba1f by security tracker role at 2020-10-28T08:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,165 @@
+CVE-2020-27968
+ RESERVED
+CVE-2020-27967
+ RESERVED
+CVE-2020-27966
+ RESERVED
+CVE-2020-27965
+ RESERVED
+CVE-2020-27964
+ RESERVED
+CVE-2020-27963
+ RESERVED
+CVE-2020-27962
+ RESERVED
+CVE-2020-27961
+ RESERVED
+CVE-2020-27960
+ RESERVED
+CVE-2020-27959
+ RESERVED
+CVE-2020-27958
+ RESERVED
+CVE-2020-27957 (The RandomGameUnit extension for MediaWiki through 1.35 was
not proper ...)
+ TODO: check
+CVE-2020-27956 (An Arbitrary File Upload in the Upload Image component in
SourceCodest ...)
+ TODO: check
+CVE-2020-27955
+ RESERVED
+CVE-2020-27954
+ RESERVED
+CVE-2020-27953
+ RESERVED
+CVE-2020-27952
+ RESERVED
+CVE-2020-27951
+ RESERVED
+CVE-2020-27950
+ RESERVED
+CVE-2020-27949
+ RESERVED
+CVE-2020-27948
+ RESERVED
+CVE-2020-27947
+ RESERVED
+CVE-2020-27946
+ RESERVED
+CVE-2020-27945
+ RESERVED
+CVE-2020-27944
+ RESERVED
+CVE-2020-27943
+ RESERVED
+CVE-2020-27942
+ RESERVED
+CVE-2020-27941
+ RESERVED
+CVE-2020-27940
+ RESERVED
+CVE-2020-27939
+ RESERVED
+CVE-2020-27938
+ RESERVED
+CVE-2020-27937
+ RESERVED
+CVE-2020-27936
+ RESERVED
+CVE-2020-27935
+ RESERVED
+CVE-2020-27934
+ RESERVED
+CVE-2020-27933
+ RESERVED
+CVE-2020-27932
+ RESERVED
+CVE-2020-27931
+ RESERVED
+CVE-2020-27930
+ RESERVED
+CVE-2020-27929
+ RESERVED
+CVE-2020-27928
+ RESERVED
+CVE-2020-27927
+ RESERVED
+CVE-2020-27926
+ RESERVED
+CVE-2020-27925
+ RESERVED
+CVE-2020-27924
+ RESERVED
+CVE-2020-27923
+ RESERVED
+CVE-2020-27922
+ RESERVED
+CVE-2020-27921
+ RESERVED
+CVE-2020-27920
+ RESERVED
+CVE-2020-27919
+ RESERVED
+CVE-2020-27918
+ RESERVED
+CVE-2020-27917
+ RESERVED
+CVE-2020-27916
+ RESERVED
+CVE-2020-27915
+ RESERVED
+CVE-2020-27914
+ RESERVED
+CVE-2020-27913
+ RESERVED
+CVE-2020-27912
+ RESERVED
+CVE-2020-27911
+ RESERVED
+CVE-2020-27910
+ RESERVED
+CVE-2020-27909
+ RESERVED
+CVE-2020-27908
+ RESERVED
+CVE-2020-27907
+ RESERVED
+CVE-2020-27906
+ RESERVED
+CVE-2020-27905
+ RESERVED
+CVE-2020-27904
+ RESERVED
+CVE-2020-27903
+ RESERVED
+CVE-2020-27902
+ RESERVED
+CVE-2020-27901
+ RESERVED
+CVE-2020-27900
+ RESERVED
+CVE-2020-27899
+ RESERVED
+CVE-2020-27898
+ RESERVED
+CVE-2020-27897
+ RESERVED
+CVE-2020-27896
+ RESERVED
+CVE-2020-27895
+ RESERVED
+CVE-2020-27894
+ RESERVED
+CVE-2020-27893
+ RESERVED
+CVE-2020-27892 (The Zigbee protocol implementation on Texas Instruments CC2538
devices ...)
+ TODO: check
+CVE-2020-27891 (The Zigbee protocol implementation on Texas Instruments CC2538
devices ...)
+ TODO: check
+CVE-2020-27890 (The Zigbee protocol implementation on Texas Instruments CC2538
devices ...)
+ TODO: check
+CVE-2020-27889
+ RESERVED
+CVE-2020-27888 (An issue was discovered on Ubiquiti UniFi Meshing Access Point
UAP-AC- ...)
+ TODO: check
CVE-2021-0300
RESERVED
CVE-2021-0299
@@ -2112,12 +2274,12 @@ CVE-2020-27162
RESERVED
CVE-2020-27161
RESERVED
-CVE-2020-27160
- RESERVED
-CVE-2020-27159
- RESERVED
-CVE-2020-27158
- RESERVED
+CVE-2020-27160 (Addressed remote code execution vulnerability in
AvailableApps.php tha ...)
+ TODO: check
+CVE-2020-27159 (Addressed remote code execution vulnerability in DsdkProxy.php
due to ...)
+ TODO: check
+CVE-2020-27158 (Addressed remote code execution vulnerability in cgi_api.php
that allo ...)
+ TODO: check
CVE-2020-27157 (Veritas APTARE versions prior to 10.5 included code that
bypassed the ...)
NOT-FOR-US: Veritas
CVE-2020-27156 (Veritas APTARE versions prior to 10.5 did not perform adequate
authori ...)
@@ -5103,8 +5265,8 @@ CVE-2020-25767
RESERVED
CVE-2020-25766 (An issue was discovered in MISP before 2.4.132. It can perform
an unwa ...)
NOT-FOR-US: MISP
-CVE-2020-25765
- RESERVED
+CVE-2020-25765 (Addressed remote code execution vulnerability in
reg_device.php due to ...)
+ TODO: check
CVE-2020-25764
RESERVED
CVE-2020-25763 (Seat Reservation System version 1.0 suffers from an
Unauthenticated Fi ...)
@@ -24893,8 +25055,8 @@ CVE-2020-16142 (On Mercedes-Benz C Class AMG Premium
Plus c220 BlueTec vehicles,
NOT-FOR-US: Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles
CVE-2020-16141
RESERVED
-CVE-2020-16140
- RESERVED
+CVE-2020-16140 (The search functionality of the Greenmart theme 2.4.2 for
WordPress is ...)
+ TODO: check
CVE-2020-16139 (** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service in Cisco
Unified I ...)
NOT-FOR-US: Cisco
CVE-2020-16138 (** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service issue in
Cisco Uni ...)
@@ -33699,8 +33861,8 @@ CVE-2020-12831 (** DISPUTED ** An issue was discovered
in FRRouting FRR (aka Fre
- frr <unfixed> (unimportant)
NOTE: https://github.com/FRRouting/frr/pull/6383
NOTE:
https://github.com/FRRouting/frr/commit/7734484a378052a513c9e21165c13bf85f78ad48
-CVE-2020-12830
- RESERVED
+CVE-2020-12830 (Addressed multiple stack buffer overflow vulnerabilities that
could al ...)
+ TODO: check
CVE-2020-12829 (In QEMU through 5.0.0, an integer overflow was found in the
SM501 disp ...)
{DSA-4760-1}
- qemu 1:5.0-12 (low; bug #961451)
@@ -42598,14 +42760,14 @@ CVE-2020-9984 (An out-of-bounds read was addressed
with improved input validatio
NOT-FOR-US: Apple
CVE-2020-9983 (An out-of-bounds write issue was addressed with improved bounds
checki ...)
NOT-FOR-US: Safari
-CVE-2020-9982
- RESERVED
+CVE-2020-9982 (This issue was addressed with improved checks to prevent
unauthorized ...)
+ TODO: check
CVE-2020-9981
RESERVED
CVE-2020-9980 (An out-of-bounds write issue was addressed with improved bounds
checki ...)
NOT-FOR-US: Apple
-CVE-2020-9979
- RESERVED
+CVE-2020-9979 (A trust issue was addressed by removing a legacy API. This
issue is fi ...)
+ TODO: check
CVE-2020-9978
RESERVED
CVE-2020-9977
@@ -42616,8 +42778,8 @@ CVE-2020-9975
RESERVED
CVE-2020-9974
RESERVED
-CVE-2020-9973
- RESERVED
+CVE-2020-9973 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
CVE-2020-9972
RESERVED
CVE-2020-9971
@@ -42640,8 +42802,8 @@ CVE-2020-9963
RESERVED
CVE-2020-9962
RESERVED
-CVE-2020-9961
- RESERVED
+CVE-2020-9961 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
CVE-2020-9960
RESERVED
CVE-2020-9959 (A lock screen issue allowed access to messages on a locked
device. Thi ...)
@@ -42680,8 +42842,8 @@ CVE-2020-9943
RESERVED
CVE-2020-9942
RESERVED
-CVE-2020-9941
- RESERVED
+CVE-2020-9941 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
CVE-2020-9940 (A buffer overflow issue was addressed with improved memory
handling. T ...)
NOT-FOR-US: Apple
CVE-2020-9939 (This issue was addressed with improved checks. This issue is
fixed in ...)
@@ -42698,8 +42860,8 @@ CVE-2020-9934 (An issue existed in the handling of
environment variables. This i
NOT-FOR-US: Apple
CVE-2020-9933 (An authorization issue was addressed with improved state
management. T ...)
NOT-FOR-US: Apple
-CVE-2020-9932
- RESERVED
+CVE-2020-9932 (A memory corruption issue was addressed with improved
validation. This ...)
+ TODO: check
CVE-2020-9931 (A denial of service issue was addressed with improved input
validation ...)
NOT-FOR-US: Apple
CVE-2020-9930
@@ -42855,8 +43017,8 @@ CVE-2020-9868 (A certificate validation issue existed
when processing administra
NOT-FOR-US: Apple
CVE-2020-9867
RESERVED
-CVE-2020-9866
- RESERVED
+CVE-2020-9866 (A buffer overflow was addressed with improved bounds checking.
This is ...)
+ TODO: check
CVE-2020-9865 (A memory corruption issue was addressed by removing the
vulnerable cod ...)
NOT-FOR-US: Apple
CVE-2020-9864 (A logic issue was addressed with improved restrictions. This
issue is ...)
@@ -42872,14 +43034,14 @@ CVE-2020-9862 (A command injection issue existed in
Web Inspector. This issue wa
NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
CVE-2020-9861
RESERVED
-CVE-2020-9860
- RESERVED
+CVE-2020-9860 (A custom URL scheme handling issue was addressed with improved
input v ...)
+ TODO: check
CVE-2020-9859 (A memory consumption issue was addressed with improved memory
handling ...)
NOT-FOR-US: Apple
CVE-2020-9858 (A dynamic library loading issue was addressed with improved
path searc ...)
NOT-FOR-US: Apple
-CVE-2020-9857
- RESERVED
+CVE-2020-9857 (An issue existed in the parsing of URLs. This issue was
addressed with ...)
+ TODO: check
CVE-2020-9856 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2020-9855 (A validation issue existed in the handling of symlinks. This
issue was ...)
@@ -43056,16 +43218,16 @@ CVE-2020-9788 (A validation issue was addressed with
improved input sanitization
NOT-FOR-US: Apple
CVE-2020-9787 (A logic issue was addressed with improved restrictions. This
issue is ...)
NOT-FOR-US: Apple
-CVE-2020-9786
- RESERVED
+CVE-2020-9786 (This issue was addressed with improved checks This issue is
fixed in m ...)
+ TODO: check
CVE-2020-9785 (Multiple memory corruption issues were addressed with improved
state m ...)
NOT-FOR-US: Apple
CVE-2020-9784 (A logic issue was addressed with improved restrictions. This
issue is ...)
NOT-FOR-US: Apple Safari
CVE-2020-9783 (A use after free issue was addressed with improved memory
management. ...)
NOT-FOR-US: Apple
-CVE-2020-9782
- RESERVED
+CVE-2020-9782 (A parsing issue in the handling of directory paths was
addressed with ...)
+ TODO: check
CVE-2020-9781 (The issue was addressed by clearing website permission prompts
after n ...)
NOT-FOR-US: Apple
CVE-2020-9780 (The issue was resolved by clearing application previews when
content i ...)
@@ -43080,8 +43242,8 @@ CVE-2020-9776 (This issue was addressed with a new
entitlement. This issue is fi
NOT-FOR-US: Apple
CVE-2020-9775 (An issue existed in the handling of tabs displaying picture in
picture ...)
NOT-FOR-US: Apple
-CVE-2020-9774
- RESERVED
+CVE-2020-9774 (An issue existed with Siri Suggestions access to encrypted
data. The i ...)
+ TODO: check
CVE-2020-9773 (The issue was addressed with improved handling of icon caches.
This is ...)
NOT-FOR-US: Apple
CVE-2020-9772 (A logic issue was addressed with improved restrictions. This
issue is ...)
@@ -58406,8 +58568,8 @@ CVE-2020-3882 (This issue was addressed with improved
checks. This issue is fixe
NOT-FOR-US: Apple
CVE-2020-3881 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
-CVE-2020-3880
- RESERVED
+CVE-2020-3880 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
CVE-2020-3879
RESERVED
CVE-2020-3878 (An out-of-bounds read was addressed with improved input
validation. Th ...)
@@ -58453,16 +58615,15 @@ CVE-2020-3865 (Multiple memory corruption issues were
addressed with improved me
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
- wpewebkit 2.26.4-1
NOTE: https://webkitgtk.org/security/WSA-2020-0002.html
-CVE-2020-3864
- RESERVED
+CVE-2020-3864 (A logic issue was addressed with improved validation. This
issue is fi ...)
{DSA-4627-1}
- webkit2gtk 2.26.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
- wpewebkit 2.26.4-1
NOTE: https://webkitgtk.org/security/WSA-2020-0002.html
-CVE-2020-3863
- RESERVED
+CVE-2020-3863 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
CVE-2020-3862 (A denial of service issue was addressed with improved memory
handling. ...)
{DSA-4627-1}
- webkit2gtk 2.26.4-1
@@ -58482,16 +58643,16 @@ CVE-2020-3857 (A memory corruption issue was
addressed with improved memory hand
NOT-FOR-US: Apple
CVE-2020-3856 (A memory corruption issue was addressed with improved input
validation ...)
NOT-FOR-US: Apple
-CVE-2020-3855
- RESERVED
+CVE-2020-3855 (An access issue was addressed with improved access
restrictions. This ...)
+ TODO: check
CVE-2020-3854 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
CVE-2020-3853 (A type confusion issue was addressed with improved memory
handling. Th ...)
NOT-FOR-US: Apple
-CVE-2020-3852
- RESERVED
-CVE-2020-3851
- RESERVED
+CVE-2020-3852 (A logic issue was addressed with improved validation. This
issue is fi ...)
+ TODO: check
+CVE-2020-3851 (A use after free issue was addressed with improved memory
management. ...)
+ TODO: check
CVE-2020-3850 (A memory corruption issue was addressed with improved input
validation ...)
NOT-FOR-US: Apple
CVE-2020-3849 (A memory corruption issue was addressed with improved input
validation ...)
@@ -100667,14 +100828,14 @@ CVE-2019-8903 (index.js in Total.js Platform before
3.2.3 allows path traversal.
NOT-FOR-US: Total.js Platform
CVE-2019-8902 (An issue was discovered in idreamsoft iCMS through 7.0.14. A
CSRF vuln ...)
NOT-FOR-US: idreamsoft iCMS
-CVE-2019-8901
- RESERVED
+CVE-2019-8901 (This issue was addressed by verifying host keys when connecting
to a p ...)
+ TODO: check
CVE-2019-8900
RESERVED
CVE-2019-8899
RESERVED
-CVE-2019-8898
- RESERVED
+CVE-2019-8898 (An information disclosure issue existed in the handling of the
Storage ...)
+ TODO: check
CVE-2019-8897
RESERVED
CVE-2019-8896
@@ -100753,32 +100914,31 @@ CVE-2019-8860
RESERVED
CVE-2019-8859
RESERVED
-CVE-2019-8858
- RESERVED
-CVE-2019-8857
- RESERVED
-CVE-2019-8856
- RESERVED
-CVE-2019-8855
- RESERVED
-CVE-2019-8854
- RESERVED
-CVE-2019-8853
- RESERVED
-CVE-2019-8852
- RESERVED
-CVE-2019-8851
- RESERVED
-CVE-2019-8850
- RESERVED
+CVE-2019-8858 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2019-8857 (The issue was addressed with improved validation when an iCloud
Link i ...)
+ TODO: check
+CVE-2019-8856 (An API issue existed in the handling of outgoing phone calls
initiated ...)
+ TODO: check
+CVE-2019-8855 (An access issue was addressed with additional sandbox
restrictions. Th ...)
+ TODO: check
+CVE-2019-8854 (A user privacy issue was addressed by removing the broadcast
MAC addre ...)
+ TODO: check
+CVE-2019-8853 (A validation issue was addressed with improved input
sanitization. Thi ...)
+ TODO: check
+CVE-2019-8852 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2019-8851 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2019-8850 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
CVE-2019-8849 (The issue was addressed by signaling that an executable stack
is not r ...)
NOT-FOR-US: Apple
-CVE-2019-8848
- RESERVED
-CVE-2019-8847
- RESERVED
-CVE-2019-8846
- RESERVED
+CVE-2019-8848 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2019-8847 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2019-8846 (A use after free issue was addressed with improved memory
management. ...)
{DSA-4610-1}
- webkit2gtk 2.26.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
@@ -100786,8 +100946,7 @@ CVE-2019-8846
NOTE: https://webkitgtk.org/security/WSA-2020-0001.html
CVE-2019-8845
RESERVED
-CVE-2019-8844
- RESERVED
+CVE-2019-8844 (Multiple memory corruption issues were addressed with improved
memory ...)
{DSA-4610-1}
- webkit2gtk 2.26.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
@@ -100795,54 +100954,52 @@ CVE-2019-8844
NOTE: https://webkitgtk.org/security/WSA-2020-0001.html
CVE-2019-8843
RESERVED
-CVE-2019-8842 [he `ippReadIO` function may under-read an extension field]
- RESERVED
+CVE-2019-8842 (A buffer overflow was addressed with improved bounds checking.
This is ...)
{DLA-2237-1}
- cups 2.3.1-12
[buster] - cups 2.2.10-6+deb10u3
[stretch] - cups 2.2.1-8+deb9u6
NOTE:
https://github.com/apple/cups/commit/82e3ee0e3230287b76a76fb8f16b92ca6e50b444
(cups/ipp.c: ippReadIO)
-CVE-2019-8841
- RESERVED
-CVE-2019-8840
- RESERVED
-CVE-2019-8839
- RESERVED
-CVE-2019-8838
- RESERVED
-CVE-2019-8837
- RESERVED
-CVE-2019-8836
- RESERVED
-CVE-2019-8835
- RESERVED
+CVE-2019-8841 (An information disclosure issue was addressed by removing the
vulnerab ...)
+ TODO: check
+CVE-2019-8840 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2019-8839 (A buffer overflow was addressed with improved bounds checking.
This is ...)
+ TODO: check
+CVE-2019-8838 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2019-8837 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
+CVE-2019-8836 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2019-8835 (Multiple memory corruption issues were addressed with improved
memory ...)
{DSA-4610-1}
- webkit2gtk 2.26.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2020-0001.html
-CVE-2019-8834
- RESERVED
-CVE-2019-8833
- RESERVED
-CVE-2019-8832
- RESERVED
-CVE-2019-8831
- RESERVED
-CVE-2019-8830
- RESERVED
-CVE-2019-8829
- RESERVED
-CVE-2019-8828
- RESERVED
-CVE-2019-8827
- RESERVED
-CVE-2019-8826
- RESERVED
-CVE-2019-8825
- RESERVED
-CVE-2019-8824
- RESERVED
+CVE-2019-8834 (A configuration issue was addressed with additional
restrictions. This ...)
+ TODO: check
+CVE-2019-8833 (A memory corruption issue was addressed by removing the
vulnerable cod ...)
+ TODO: check
+CVE-2019-8832 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2019-8831 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2019-8830 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
+CVE-2019-8829 (A memory corruption vulnerability was addressed with improved
locking. ...)
+ TODO: check
+CVE-2019-8828 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2019-8827 (The HTTP referrer header may be used to leak browsing history.
The iss ...)
+ TODO: check
+CVE-2019-8826 (A memory corruption issue was addressed with improved state
management ...)
+ TODO: check
+CVE-2019-8825 (A memory corruption issue was addressed with improved state
management ...)
+ TODO: check
+CVE-2019-8824 (A memory corruption issue was addressed with improved state
management ...)
+ TODO: check
CVE-2019-8823 (Multiple memory corruption issues were addressed with improved
memory ...)
{DSA-4558-1}
- webkit2gtk 2.26.1-1
@@ -100915,8 +101072,8 @@ CVE-2019-8811 (Multiple memory corruption issues were
addressed with improved me
NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8810
RESERVED
-CVE-2019-8809
- RESERVED
+CVE-2019-8809 (A validation issue was addressed with improved logic. This
issue is fi ...)
+ TODO: check
CVE-2019-8808 (Multiple memory corruption issues were addressed with improved
memory ...)
{DSA-4558-1}
- webkit2gtk 2.26.0-1
@@ -100939,14 +101096,14 @@ CVE-2019-8801 (A dynamic library loading issue
existed in iTunes setup. This was
NOT-FOR-US: Apple
CVE-2019-8800 (A memory corruption issue was addressed with improved
validation. This ...)
NOT-FOR-US: Apple
-CVE-2019-8799
- RESERVED
+CVE-2019-8799 (This issue was resolved by replacing device names with a random
identi ...)
+ TODO: check
CVE-2019-8798 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
CVE-2019-8797 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
-CVE-2019-8796
- RESERVED
+CVE-2019-8796 (A logic issue was addressed with improved validation. This
issue is fi ...)
+ TODO: check
CVE-2019-8795 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
CVE-2019-8794 (A validation issue was addressed with improved input
sanitization. Thi ...)
@@ -100957,8 +101114,8 @@ CVE-2019-8792 (An injection issue was addressed with
improved validation. This i
NOT-FOR-US: Shazam Android App
CVE-2019-8791 (An issue existed in the parsing of URL schemes. This issue was
address ...)
NOT-FOR-US: Shazam Android App
-CVE-2019-8790
- RESERVED
+CVE-2019-8790 (This issue was addresses by updating incorrect URLSession file
descrip ...)
+ TODO: check
CVE-2019-8789 (A validation issue existed in the handling of symlinks. This
issue was ...)
NOT-FOR-US: Apple
CVE-2019-8788 (An issue existed in the parsing of URLs. This issue was
addressed with ...)
@@ -100985,26 +101142,25 @@ CVE-2019-8782 (Multiple memory corruption issues
were addressed with improved me
NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8781 (A memory corruption issue was addressed with improved state
management ...)
NOT-FOR-US: Apple
-CVE-2019-8780
- RESERVED
+CVE-2019-8780 (The issue was addressed with improved permissions logic. This
issue is ...)
+ TODO: check
CVE-2019-8779 (A logic issue applied the incorrect restrictions. This issue
was addre ...)
NOT-FOR-US: Apple
CVE-2019-8778
RESERVED
-CVE-2019-8777
- RESERVED
-CVE-2019-8776
- RESERVED
+CVE-2019-8777 (A lock screen issue allowed access to contacts on a locked
device. Thi ...)
+ TODO: check
+CVE-2019-8776 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
CVE-2019-8775 (The issue was addressed by restricting options offered on a
locked dev ...)
NOT-FOR-US: Apple
-CVE-2019-8774
- RESERVED
-CVE-2019-8773
- RESERVED
+CVE-2019-8774 (A resource exhaustion issue was addressed with improved input
validati ...)
+ TODO: check
+CVE-2019-8773 (Multiple memory corruption issues were addressed with improved
memory ...)
+ TODO: check
CVE-2019-8772 (An issue existed in the handling of links in encrypted PDFs.
This issu ...)
NOT-FOR-US: Apple
-CVE-2019-8771
- RESERVED
+CVE-2019-8771 (This issue was addressed with improved iframe sandbox
enforcement. Thi ...)
{DSA-4558-1}
- webkit2gtk 2.26.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
@@ -101023,8 +101179,8 @@ CVE-2019-8768 ("Clear History and Website Data" did
not clear the history. The i
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
-CVE-2019-8767
- RESERVED
+CVE-2019-8767 (A memory consumption issue was addressed with improved memory
handling ...)
+ TODO: check
CVE-2019-8766 (Multiple memory corruption issues were addressed with improved
memory ...)
{DSA-4558-1}
- webkit2gtk 2.26.0-1
@@ -101049,44 +101205,44 @@ CVE-2019-8763 (Multiple memory corruption issues
were addressed with improved me
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
-CVE-2019-8762
- RESERVED
-CVE-2019-8761
- RESERVED
+CVE-2019-8762 (A validation issue was addressed with improved logic. This
issue is fi ...)
+ TODO: check
+CVE-2019-8761 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
CVE-2019-8760 (This issue was addressed by improving Face ID machine learning
models. ...)
NOT-FOR-US: Apple
-CVE-2019-8759
- RESERVED
+CVE-2019-8759 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
CVE-2019-8758 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
CVE-2019-8757 (A race condition existed when reading and writing user
preferences. Th ...)
NOT-FOR-US: Apple
-CVE-2019-8756
- RESERVED
+CVE-2019-8756 (Multiple memory corruption issues were addressed with improved
input v ...)
+ TODO: check
CVE-2019-8755 (A logic issue was addressed with improved restrictions. This
issue is ...)
NOT-FOR-US: Apple
-CVE-2019-8754
- RESERVED
-CVE-2019-8753
- RESERVED
-CVE-2019-8752
- RESERVED
-CVE-2019-8751
- RESERVED
+CVE-2019-8754 (A cross-origin issue existed with "iframe" elements. This was
addresse ...)
+ TODO: check
+CVE-2019-8753 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2019-8752 (Multiple memory corruption issues were addressed with improved
memory ...)
+ TODO: check
+CVE-2019-8751 (Multiple memory corruption issues were addressed with improved
memory ...)
+ TODO: check
CVE-2019-8750 (Multiple memory corruption issues were addressed with improved
input v ...)
NOT-FOR-US: Apple
-CVE-2019-8749
- RESERVED
+CVE-2019-8749 (Multiple memory corruption issues were addressed with improved
input v ...)
+ TODO: check
CVE-2019-8748 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
CVE-2019-8747 (A memory corruption vulnerability was addressed with improved
locking. ...)
NOT-FOR-US: Apple
-CVE-2019-8746
- RESERVED
+CVE-2019-8746 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
CVE-2019-8745 (A buffer overflow was addressed with improved bounds checking.
This is ...)
NOT-FOR-US: Apple
-CVE-2019-8744
- RESERVED
+CVE-2019-8744 (A memory corruption issue existed in the handling of IPv6
packets. Thi ...)
+ TODO: check
CVE-2019-8743 (Multiple memory corruption issues were addressed with improved
memory ...)
{DSA-4558-1}
- webkit2gtk 2.26.0-1
@@ -101097,39 +101253,39 @@ CVE-2019-8742 (The issue was addressed by
restricting options offered on a locke
NOT-FOR-US: Apple
CVE-2019-8741 (A denial of service issue was addressed with improved input
validation ...)
NOT-FOR-US: Apple
-CVE-2019-8740
- RESERVED
+CVE-2019-8740 (A memory corruption vulnerability was addressed with improved
locking. ...)
+ TODO: check
CVE-2019-8739 (A memory corruption issue was addressed with improved state
management ...)
NOT-FOR-US: Apple
CVE-2019-8738 (A memory corruption issue was addressed with improved state
management ...)
NOT-FOR-US: Apple
-CVE-2019-8737
- RESERVED
-CVE-2019-8736
- RESERVED
+CVE-2019-8737 (A denial of service issue was addressed with improved
validation. This ...)
+ TODO: check
+CVE-2019-8736 (An input validation issue was addressed with improved input
validation ...)
+ TODO: check
CVE-2019-8735 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.24.2-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
-CVE-2019-8734
- RESERVED
+CVE-2019-8734 (Multiple memory corruption issues were addressed with improved
memory ...)
+ TODO: check
CVE-2019-8733 (Multiple memory corruption issues were addressed with improved
memory ...)
{DSA-4515-1}
- webkit2gtk 2.24.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
-CVE-2019-8732
- RESERVED
+CVE-2019-8732 (The issue was addressed with improved data deletion. This issue
is fix ...)
+ TODO: check
CVE-2019-8731 (A permissions issue existed in which execute permission was
incorrectl ...)
NOT-FOR-US: Apple
CVE-2019-8730 (The contents of locked notes sometimes appeared in search
results. Thi ...)
NOT-FOR-US: Apple
CVE-2019-8729
RESERVED
-CVE-2019-8728
- RESERVED
+CVE-2019-8728 (Multiple memory corruption issues were addressed with improved
memory ...)
+ TODO: check
CVE-2019-8727 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2019-8726 (Multiple memory corruption issues were addressed with improved
memory ...)
@@ -101160,20 +101316,20 @@ CVE-2019-8719 (A logic issue was addressed with
improved state management. This
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
-CVE-2019-8718
- RESERVED
+CVE-2019-8718 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
CVE-2019-8717 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
-CVE-2019-8716
- RESERVED
-CVE-2019-8715
- RESERVED
+CVE-2019-8716 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2019-8715 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
CVE-2019-8714
RESERVED
CVE-2019-8713
RESERVED
-CVE-2019-8712
- RESERVED
+CVE-2019-8712 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
CVE-2019-8711 (A logic issue existed with the display of notification
previews. This ...)
NOT-FOR-US: Apple
CVE-2019-8710 (Multiple memory corruption issues were addressed with improved
memory ...)
@@ -101182,18 +101338,18 @@ CVE-2019-8710 (Multiple memory corruption issues
were addressed with improved me
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
-CVE-2019-8709
- RESERVED
-CVE-2019-8708
- RESERVED
+CVE-2019-8709 (A memory corruption issue was addressed with improved state
management ...)
+ TODO: check
+CVE-2019-8708 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
CVE-2019-8707 (Multiple memory corruption issues were addressed with improved
memory ...)
{DSA-4515-1}
- webkit2gtk 2.24.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
-CVE-2019-8706
- RESERVED
+CVE-2019-8706 (A memory corruption issue was addressed with improved state
management ...)
+ TODO: check
CVE-2019-8705 (A memory corruption issue was addressed with improved
validation. This ...)
NOT-FOR-US: Apple
CVE-2019-8704 (An authentication issue was addressed with improved state
management. ...)
@@ -101212,8 +101368,7 @@ CVE-2019-8698 (A validation issue existed in the
entitlement verification. This
NOT-FOR-US: Apple
CVE-2019-8697 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
-CVE-2019-8696 [stack-buffer-overflow in libcups's asn1_get_packed function]
- RESERVED
+CVE-2019-8696 (A buffer overflow issue was addressed with improved memory
handling. T ...)
{DLA-1893-1}
- cups 2.2.12-1 (bug #934957)
[buster] - cups 2.2.10-6+deb10u1
@@ -101311,8 +101466,7 @@ CVE-2019-8676 (Multiple memory corruption issues were
addressed with improved me
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
-CVE-2019-8675 [stack-buffer-overflow in libcups's asn1_get_type function]
- RESERVED
+CVE-2019-8675 (A buffer overflow issue was addressed with improved memory
handling. T ...)
{DLA-1893-1}
- cups 2.2.12-1 (bug #934957)
[buster] - cups 2.2.10-6+deb10u1
@@ -101350,8 +101504,8 @@ CVE-2019-8669 (Multiple memory corruption issues were
addressed with improved me
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
-CVE-2019-8668
- RESERVED
+CVE-2019-8668 (A denial of service issue was addressed with improved
validation. This ...)
+ TODO: check
CVE-2019-8667 (An inconsistent user interface issue was addressed with
improved state ...)
NOT-FOR-US: Apple
CVE-2019-8666 (Multiple memory corruption issues were addressed with improved
memory ...)
@@ -101362,8 +101516,8 @@ CVE-2019-8666 (Multiple memory corruption issues were
addressed with improved me
NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8665 (A denial of service issue was addressed with improved
validation. This ...)
NOT-FOR-US: Apple
-CVE-2019-8664
- RESERVED
+CVE-2019-8664 (An input validation issue was addressed with improved input
validation ...)
+ TODO: check
CVE-2019-8663 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2019-8662 (This issue was addressed with improved checks. This issue is
fixed in ...)
@@ -101382,8 +101536,8 @@ CVE-2019-8658 (A logic issue was addressed with
improved state management. This
NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8657 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
-CVE-2019-8656
- RESERVED
+CVE-2019-8656 (This was addressed with additional checks by Gatekeeper on
files mount ...)
+ TODO: check
CVE-2019-8655
RESERVED
CVE-2019-8654 (An inconsistent user interface issue was addressed with
improved state ...)
@@ -101408,8 +101562,8 @@ CVE-2019-8647 (A use after free issue was addressed
with improved memory managem
NOT-FOR-US: Apple
CVE-2019-8646 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
-CVE-2019-8645
- RESERVED
+CVE-2019-8645 (An issue existed in the handling of encrypted Mail. This issue
was add ...)
+ TODO: check
CVE-2019-8644 (Multiple memory corruption issues were addressed with improved
memory ...)
{DSA-4515-1}
- webkit2gtk 2.24.4-1
@@ -101418,16 +101572,16 @@ CVE-2019-8644 (Multiple memory corruption issues
were addressed with improved me
NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8643
RESERVED
-CVE-2019-8642
- RESERVED
+CVE-2019-8642 (An issue existed in the handling of S-MIME certificates. This
issue wa ...)
+ TODO: check
CVE-2019-8641 (An out-of-bounds read was addressed with improved input
validation. ...)
NOT-FOR-US: Apple
-CVE-2019-8640
- RESERVED
-CVE-2019-8639
- RESERVED
-CVE-2019-8638
- RESERVED
+CVE-2019-8640 (A logic issue was addressed with improved validation. This
issue is fi ...)
+ TODO: check
+CVE-2019-8639 (Multiple memory corruption issues were addressed with improved
memory ...)
+ TODO: check
+CVE-2019-8638 (Multiple memory corruption issues were addressed with improved
memory ...)
+ TODO: check
CVE-2019-8637 (An input validation issue was addressed with improved input
validation ...)
NOT-FOR-US: Apple
CVE-2019-8636
@@ -101436,12 +101590,12 @@ CVE-2019-8635 (A memory corruption issue was
addressed with improved memory hand
NOT-FOR-US: Apple
CVE-2019-8634 (An authentication issue was addressed with improved state
management. ...)
NOT-FOR-US: Apple
-CVE-2019-8633
- RESERVED
+CVE-2019-8633 (A validation issue was addressed with improved input
sanitization. Thi ...)
+ TODO: check
CVE-2019-8632 (Some analytics data was sent using HTTP rather than HTTPS. This
was ad ...)
NOT-FOR-US: Apple
-CVE-2019-8631
- RESERVED
+CVE-2019-8631 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
CVE-2019-8630 (The issue was addressed with improved UI handling. This issue
is fixed ...)
NOT-FOR-US: Apple
CVE-2019-8629 (A memory initialization issue was addressed with improved
memory handl ...)
@@ -101479,8 +101633,8 @@ CVE-2019-8619 (Multiple memory corruption issues were
addressed with improved me
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
-CVE-2019-8618
- RESERVED
+CVE-2019-8618 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
CVE-2019-8617 (An access issue was addressed with additional sandbox
restrictions. Th ...)
NOT-FOR-US: Apple
CVE-2019-8616 (A memory corruption issue was addressed with improved memory
handling. ...)
@@ -101493,8 +101647,8 @@ CVE-2019-8614
RESERVED
CVE-2019-8613 (A use after free issue was addressed with improved memory
management. ...)
NOT-FOR-US: Apple
-CVE-2019-8612
- RESERVED
+CVE-2019-8612 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
CVE-2019-8611 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
@@ -101561,16 +101715,16 @@ CVE-2019-8594 (Multiple memory corruption issues
were addressed with improved me
NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8593 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
-CVE-2019-8592
- RESERVED
+CVE-2019-8592 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
CVE-2019-8591 (A type confusion issue was addressed with improved memory
handling. Th ...)
NOT-FOR-US: Apple
CVE-2019-8590 (A logic issue was addressed with improved restrictions. This
issue is ...)
NOT-FOR-US: Apple
CVE-2019-8589 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
-CVE-2019-8588
- RESERVED
+CVE-2019-8588 (A null pointer dereference was addressed with improved input
validatio ...)
+ TODO: check
CVE-2019-8587 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
@@ -101593,37 +101747,37 @@ CVE-2019-8583 (Multiple memory corruption issues
were addressed with improved me
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
-CVE-2019-8582
- RESERVED
-CVE-2019-8581
- RESERVED
-CVE-2019-8580
- RESERVED
-CVE-2019-8579
- RESERVED
-CVE-2019-8578
- RESERVED
+CVE-2019-8582 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2019-8581 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
+CVE-2019-8580 (Source-routed IPv4 packets were disabled by default. This issue
is fix ...)
+ TODO: check
+CVE-2019-8579 (An input validation issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2019-8578 (A use after free issue was addressed with improved memory
management. ...)
+ TODO: check
CVE-2019-8577 (An input validation issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
CVE-2019-8576 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
NOT-FOR-US: Apple
-CVE-2019-8575
- RESERVED
+CVE-2019-8575 (The issue was addressed with improved data deletion. This issue
is fix ...)
+ TODO: check
CVE-2019-8574 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
-CVE-2019-8573
- RESERVED
-CVE-2019-8572
- RESERVED
+CVE-2019-8573 (An input validation issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2019-8572 (A null pointer dereference was addressed with improved input
validatio ...)
+ TODO: check
CVE-2019-8571 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
-CVE-2019-8570
- RESERVED
-CVE-2019-8569
- RESERVED
+CVE-2019-8570 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2019-8569 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
CVE-2019-8568 (A validation issue existed in the handling of symlinks. This
issue was ...)
NOT-FOR-US: Apple
CVE-2019-8567 (A user privacy issue was addressed by removing the broadcast
MAC addre ...)
@@ -101632,8 +101786,8 @@ CVE-2019-8566 (An API issue existed in the handling
of microphone data. This iss
NOT-FOR-US: Apple
CVE-2019-8565 (A race condition was addressed with additional validation. This
issue ...)
NOT-FOR-US: Apple
-CVE-2019-8564
- RESERVED
+CVE-2019-8564 (A logic issue was addressed with improved validation. This
issue is fi ...)
+ TODO: check
CVE-2019-8563 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
@@ -101678,8 +101832,8 @@ CVE-2019-8549 (Multiple input validation issues
existed in MIG generated code. T
NOT-FOR-US: Apple
CVE-2019-8548 (An issue existed where partially entered passcodes may not
clear when ...)
NOT-FOR-US: Apple
-CVE-2019-8547
- RESERVED
+CVE-2019-8547 (An out-of-bounds read issue existed that led to the disclosure
of kern ...)
+ TODO: check
CVE-2019-8546 (An access issue was addressed with additional sandbox
restrictions. Th ...)
NOT-FOR-US: Apple
CVE-2019-8545 (A memory corruption issue was addressed with improved state
management ...)
@@ -101697,10 +101851,10 @@ CVE-2019-8541 (A privacy issue existed in motion
sensor calibration. This issue
NOT-FOR-US: Apple
CVE-2019-8540 (A memory initialization issue was addressed with improved
memory handl ...)
NOT-FOR-US: Apple
-CVE-2019-8539
- RESERVED
-CVE-2019-8538
- RESERVED
+CVE-2019-8539 (A memory initialization issue was addressed with improved
memory handl ...)
+ TODO: check
+CVE-2019-8538 (A denial of service issue was addressed with improved
validation. This ...)
+ TODO: check
CVE-2019-8537 (An access issue was addressed with improved memory management.
This is ...)
NOT-FOR-US: Apple
CVE-2019-8536 (A memory corruption issue was addressed with improved memory
handling. ...)
@@ -101713,26 +101867,26 @@ CVE-2019-8535 (A memory corruption issue was
addressed with improved state manag
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
-CVE-2019-8534
- RESERVED
+CVE-2019-8534 (A logic issue existed resulting in memory corruption. This was
address ...)
+ TODO: check
CVE-2019-8533 (A lock handling issue was addressed with improved lock
handling. This ...)
NOT-FOR-US: Apple
-CVE-2019-8532
- RESERVED
-CVE-2019-8531
- RESERVED
+CVE-2019-8532 (A permissions issue was addressed by removing vulnerable code
and addi ...)
+ TODO: check
+CVE-2019-8531 (A validation issue existed in Trust Anchor Management. This
issue was ...)
+ TODO: check
CVE-2019-8530 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2019-8529 (A memory corruption issue was addressed with improved input
validation ...)
NOT-FOR-US: Apple
-CVE-2019-8528
- RESERVED
+CVE-2019-8528 (A use after free issue was addressed with improved memory
management. ...)
+ TODO: check
CVE-2019-8527 (A buffer overflow was addressed with improved size validation.
This is ...)
NOT-FOR-US: Apple
CVE-2019-8526 (A use after free issue was addressed with improved memory
management. ...)
NOT-FOR-US: Apple
-CVE-2019-8525
- RESERVED
+CVE-2019-8525 (A memory corruption issue was addressed with improved state
management ...)
+ TODO: check
CVE-2019-8524 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
@@ -101775,8 +101929,8 @@ CVE-2019-8511 (A buffer overflow issue was addressed
with improved memory handli
NOT-FOR-US: Apple
CVE-2019-8510 (An out-of-bounds read issue existed that led to the disclosure
of kern ...)
NOT-FOR-US: Apple
-CVE-2019-8509
- RESERVED
+CVE-2019-8509 (This issue was addressed by removing the vulnerable code. This
issue i ...)
+ TODO: check
CVE-2019-8508 (A buffer overflow was addressed with improved bounds checking.
This is ...)
NOT-FOR-US: Apple
CVE-2019-8507 (Multiple memory corruption issues were addressed with improved
input v ...)
@@ -104860,14 +105014,14 @@ CVE-2019-7292 (A validation issue was addressed
with improved logic. This issue
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
-CVE-2019-7291
- RESERVED
+CVE-2019-7291 (A denial of service issue was addressed with improved memory
handling. ...)
+ TODO: check
CVE-2019-7290 (An access issue was addressed with additional sandbox
restrictions. Th ...)
NOT-FOR-US: Shortcuts for iOS
CVE-2019-7289 (A parsing issue in the handling of directory paths was
addressed with ...)
NOT-FOR-US: Shortcuts for iOS
-CVE-2019-7288
- RESERVED
+CVE-2019-7288 (The issue was addressed with improved validation on the
FaceTime serve ...)
+ TODO: check
CVE-2019-7287 (A memory corruption issue was addressed with improved input
validation ...)
NOT-FOR-US: Apple
CVE-2019-7286 (A memory corruption issue was addressed with improved input
validation ...)
@@ -107467,8 +107621,8 @@ CVE-2018-20699 (Docker Engine before 18.09 allows
attackers to cause a denial of
NOTE: Negligible security impact
CVE-2019-6239 (This issue was addressed with improved handling of file
metadata. This ...)
NOT-FOR-US: Apple
-CVE-2019-6238
- RESERVED
+CVE-2019-6238 (A validation issue existed in the handling of symlinks. This
issue was ...)
+ TODO: check
CVE-2019-6237 (Multiple memory corruption issues were addressed with improved
memory ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
@@ -166287,8 +166441,8 @@ CVE-2018-4476
RESERVED
CVE-2018-4475
RESERVED
-CVE-2018-4474
- RESERVED
+CVE-2018-4474 (A memory consumption issue was addressed with improved memory
handling ...)
+ TODO: check
CVE-2018-4473
RESERVED
CVE-2018-4472
@@ -166299,10 +166453,10 @@ CVE-2018-4470 (A privacy issue in the handling of
Open Directory records was add
NOT-FOR-US: Apple
CVE-2018-4469
RESERVED
-CVE-2018-4468
- RESERVED
-CVE-2018-4467
- RESERVED
+CVE-2018-4468 (This issue was addressed by removing additional entitlements.
This iss ...)
+ TODO: check
+CVE-2018-4467 (A memory corruption issue was addressed with improved state
management ...)
+ TODO: check
CVE-2018-4466
RESERVED
CVE-2018-4465 (A memory corruption issue was addressed with improved memory
handling. ...)
@@ -166333,24 +166487,24 @@ CVE-2018-4454
RESERVED
CVE-2018-4453
RESERVED
-CVE-2018-4452
- RESERVED
-CVE-2018-4451
- RESERVED
+CVE-2018-4452 (A memory consumption issue was addressed with improved memory
handling ...)
+ TODO: check
+CVE-2018-4451 (This issue is fixed in macOS Mojave 10.14. A memory corruption
issue w ...)
+ TODO: check
CVE-2018-4450 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
CVE-2018-4449 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
-CVE-2018-4448
- RESERVED
+CVE-2018-4448 (A memory initialization issue was addressed with improved
memory handl ...)
+ TODO: check
CVE-2018-4447 (A memory corruption issue was addressed with improved state
management ...)
NOT-FOR-US: Apple
CVE-2018-4446 (This issue was addressed with improved entitlements. This issue
affect ...)
NOT-FOR-US: Apple
CVE-2018-4445 ("Clear History and Website Data" did not clear the history. The
issue ...)
NOT-FOR-US: Apple
-CVE-2018-4444
- RESERVED
+CVE-2018-4444 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
CVE-2018-4443 (A memory corruption issue was addressed with improved memory
handling. ...)
- webkit2gtk 2.22.3-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
@@ -166381,8 +166535,8 @@ CVE-2018-4435 (A logic issue was addressed with
improved restrictions. This issu
NOT-FOR-US: Apple
CVE-2018-4434 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
-CVE-2018-4433
- RESERVED
+CVE-2018-4433 (A configuration issue was addressed with additional
restrictions. This ...)
+ TODO: check
CVE-2018-4432
RESERVED
CVE-2018-4431 (A memory initialization issue was addressed with improved
memory handl ...)
@@ -166391,8 +166545,8 @@ CVE-2018-4430 (A lock screen issue allowed access to
contacts on a locked device
NOT-FOR-US: Apple
CVE-2018-4429 (A spoofing issue existed in the handling of URLs. This issue
was addre ...)
NOT-FOR-US: Apple
-CVE-2018-4428
- RESERVED
+CVE-2018-4428 (A lock screen issue allowed access to the share function on a
locked d ...)
+ TODO: check
CVE-2018-4427 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
CVE-2018-4426 (A memory corruption issue was addressed with improved memory
handling. ...)
@@ -166469,10 +166623,10 @@ CVE-2018-4392 (Multiple memory corruption issues
were addressed with improved me
- webkit2gtk 2.22.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
NOTE: Not covered by security support
-CVE-2018-4391
- RESERVED
-CVE-2018-4390
- RESERVED
+CVE-2018-4391 (An inconsistent user interface issue was addressed with
improved state ...)
+ TODO: check
+CVE-2018-4390 (An inconsistent user interface issue was addressed with
improved state ...)
+ TODO: check
CVE-2018-4389 (An inconsistent user interface issue was addressed with
improved state ...)
NOT-FOR-US: Apple
CVE-2018-4388 (A lock screen issue allowed access to the share function on a
locked d ...)
@@ -166493,8 +166647,8 @@ CVE-2018-4382 (Multiple memory corruption issues were
addressed with improved me
- webkit2gtk 2.22.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
NOTE: Not covered by security support
-CVE-2018-4381
- RESERVED
+CVE-2018-4381 (A resource exhaustion issue was addressed with improved input
validati ...)
+ TODO: check
CVE-2018-4380 (A lock screen issue allowed access to photos and contacts on a
locked ...)
NOT-FOR-US: Apple
CVE-2018-4379 (A lock screen issue allowed access to the share function on a
locked d ...)
@@ -166595,8 +166749,8 @@ CVE-2018-4341 (A memory corruption issue was
addressed with improved memory hand
NOT-FOR-US: Apple
CVE-2018-4340 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
-CVE-2018-4339
- RESERVED
+CVE-2018-4339 (This issue was addressed with a new entitlement. This issue is
fixed i ...)
+ TODO: check
CVE-2018-4338 (A validation issue was addressed with improved input
sanitization. Thi ...)
NOT-FOR-US: Apple
CVE-2018-4337 (A memory corruption issue was addressed with improved memory
handling. ...)
@@ -166713,8 +166867,8 @@ CVE-2018-4298 (In macOS High Sierra before 10.13.3,
Security Update 2018-001 Sie
NOT-FOR-US: Apple
CVE-2018-4297
RESERVED
-CVE-2018-4296
- RESERVED
+CVE-2018-4296 (This issue is fixed in macOS Mojave 10.14. A permissions issue
existed ...)
+ TODO: check
CVE-2018-4295 (An input validation issue was addressed with improved input
validation ...)
NOT-FOR-US: Apple
CVE-2018-4294
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d48aba1f76e6ce931cf42f4396ea7dce0dd4f86a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d48aba1f76e6ce931cf42f4396ea7dce0dd4f86a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
