[Git][security-tracker-team/security-tracker][master] Add temporary entry for spip issues

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
07478e45 by Salvatore Bonaccorso at 2019-09-17T04:58:41Z
Add temporary entry for spip issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,6 @@
+CVE-2019- [multiple spip issues]
+   - spip 3.2.5-1
+   TODO: CVE for individual issues need to be requested (identify 
requiring changes) and entry split up
 CVE-2019-16374
RESERVED
 CVE-2019-16373



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/07478e45684ba0b82919481e49bc55fdd760100f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/07478e45684ba0b82919481e49bc55fdd760100f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] opendmarc issue fixed in unstable

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bbb941fe by Salvatore Bonaccorso at 2019-09-17T04:37:57Z
opendmarc issue fixed in unstable

Thanks: Scott Kitterman

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -406,7 +406,7 @@ CVE-2019-16240
 CVE-2019-16239
RESERVED
 CVE-2019- [signature bypass with multiple From addresses]
-   - opendmarc  (bug #940081)
+   - opendmarc 1.3.2-7 (bug #940081)
NOTE: https://github.com/trusteddomainproject/OpenDMARC/pull/48
 CVE-2019-16275 (hostapd before 2.10 and wpa_supplicant before 2.10 allow an 
incorrect  ...)
{DLA-1922-1}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbb941fed5f68bf62514e292082cf9b0f6ca77d2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbb941fed5f68bf62514e292082cf9b0f6ca77d2
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reject of CVE-2019-9457 confirmed and will be in next list update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5e6a3680 by Salvatore Bonaccorso at 2019-09-17T04:34:34Z
Reject of CVE-2019-9457 confirmed and will be in next list update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -21372,11 +21372,8 @@ CVE-2019-9458 (In the Android kernel in the video 
driver there is a use after fr
[stretch] - linux 4.9.135-1
[jessie] - linux 3.16.64-1
NOTE: 
https://git.kernel.org/linus/ad608fbcf166fec809e402d548761768f602702c
-CVE-2019-9457 (In the Android kernel in ELF file loading there is possible 
memory cor ...)
-   - linux 4.12.6-1
-   [stretch] - linux 4.9.47-1
-   [jessie] - linux 3.16.59-1
-   NOTE: From commit point of view this is a duplicate of CVE-2018-14634
+CVE-2019-9457
+   REJECTED
 CVE-2019-9456 (In the Android kernel in Pixel C USB monitor driver there is a 
possibl ...)
- linux 4.15.11-1
[stretch] - linux 4.9.88-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5e6a3680c985652c98efd7d8fe3d7dc843b5e7cf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5e6a3680c985652c98efd7d8fe3d7dc843b5e7cf
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2016-10937/imapfilter: Reference commit for hostname validation for older openssl versions

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
31d78bc8 by Salvatore Bonaccorso at 2019-09-17T04:24:01Z
CVE-2016-10937/imapfilter: Reference commit for hostname validation for older 
openssl versions

Reference the additional commit wihch add support for hostname
validation for OpenSSL 1.0.2 and later.

Upstream as well released a new upstream version with the required
fixes.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -803,6 +803,8 @@ CVE-2016-10937 (IMAPFilter through 2.6.12 does not validate 
the hostname in an S
NOTE: https://github.com/lefcha/imapfilter/issues/142
NOTE: Patch for support for hostname validation (requrires OpenSSL 
1.1.0  and later):
NOTE: 
https://github.com/lefcha/imapfilter/commit/bf2515da752eddd54973adb0853c6aa289e921b6
+   NOTE: Patch for support for hostname validation (for OpenSSL 1.0.2 and 
later):
+   NOTE: 
https://github.com/lefcha/imapfilter/commit/3daa2692e37fc52ce630e39a3fb6faf270c054b1
 CVE-2019-16096 (Kilo 0.0.1 has a heap-based buffer overflow because there is 
an intege ...)
NOT-FOR-US: Kilo
 CVE-2019-16095 (Symonics libmysofa 0.7 has an invalid read in getDimension in 
hrtf/rea ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/31d78bc838c7f647112a46d552e953991767adb0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/31d78bc838c7f647112a46d552e953991767adb0
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] add dino ref

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
84676619 by Moritz Muehlenhoff at 2019-09-16T20:55:10Z
add dino ref

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -419,14 +419,17 @@ CVE-2019-16237 (Dino before 2019-09-10 does not properly 
check the source of an
{DSA-4524-1}
- dino-im 0.0.git20190911.2a70a4e-1
NOTE: 
https://github.com/dino/dino/commit/307f16cc86dd2b95aa02ab8a85110e4a2d5e7363
+   NOTE: https://gultsch.de/dino_multiple.html
 CVE-2019-16236 (Dino before 2019-09-10 does not check roster push 
authorization in mod ...)
{DSA-4524-1}
- dino-im 0.0.git20190911.2a70a4e-1
NOTE: 
https://github.com/dino/dino/commit/dd33f5f949248d87d34f399e8846d5ee5b8823d9
+   NOTE: https://gultsch.de/dino_multiple.html
 CVE-2019-16235 (Dino before 2019-09-10 does not properly check the source of a 
carbons ...)
{DSA-4524-1}
- dino-im 0.0.git20190911.2a70a4e-1
NOTE: 
https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc549c930
+   NOTE: https://gultsch.de/dino_multiple.html
 CVE-2019-16234 (drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux 
kernel 5. ...)
- linux 
NOTE: https://lkml.org/lkml/2019/9/9/487



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/84676619aa403fa570cc61657015ccb242054ad0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/84676619aa403fa570cc61657015ccb242054ad0
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-1924-1 for python3.4

[Roberto C . Sánchez]

Roberto C. Sánchez pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c410fcde by Roberto C. Sánchez at 2019-09-16T20:31:09Z
Reserve DLA-1924-1 for python3.4

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[16 Sep 2019] DLA-1924-1 python3.4 - security update
+   {CVE-2019-16056}
+   [jessie] - python3.4 3.4.2-1+deb8u7
 [16 Sep 2019] DLA-1923-1 ansible - security update
{CVE-2015-3908 CVE-2015-6240 CVE-2018-10875 CVE-2019-10156}
[jessie] - ansible 1.7.2+dfsg-2+deb8u2


=
data/dla-needed.txt
=
@@ -108,8 +108,6 @@ poppler (Thorsten Alteholz)
 --
 python2.7 (Roberto C. Sánchez)
 --
-python3.4 (Roberto C. Sánchez)
---
 qemu (Sylvain Beucler)
   NOTE: 20190913: An upload candidate is waiting for being tested on real 
hardware.
   NOTE: 20190913: https://www.beuc.net/tmp/debian-lts/qemu/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c410fcde6ea409398ea4f3a056fea27b7244193a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c410fcde6ea409398ea4f3a056fea27b7244193a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-1925-1 for python2.7

[Roberto C . Sánchez]

Roberto C. Sánchez pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c2c57dc6 by Roberto C. Sánchez at 2019-09-16T20:31:32Z
Reserve DLA-1925-1 for python2.7

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[16 Sep 2019] DLA-1925-1 python2.7 - security update
+   {CVE-2019-16056}
+   [jessie] - python2.7 2.7.9-2+deb8u5
 [16 Sep 2019] DLA-1924-1 python3.4 - security update
{CVE-2019-16056}
[jessie] - python3.4 3.4.2-1+deb8u7


=
data/dla-needed.txt
=
@@ -106,8 +106,6 @@ php5 (Roberto C. Sánchez)
 --
 poppler (Thorsten Alteholz)
 --
-python2.7 (Roberto C. Sánchez)
---
 qemu (Sylvain Beucler)
   NOTE: 20190913: An upload candidate is waiting for being tested on real 
hardware.
   NOTE: 20190913: https://www.beuc.net/tmp/debian-lts/qemu/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2c57dc6dcc9d2499ecaff7f29ab8ae2eb41d081

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2c57dc6dcc9d2499ecaff7f29ab8ae2eb41d081
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] AddCVE-2019-16197/dolibarr

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
669df538 by Salvatore Bonaccorso at 2019-09-16T20:18:44Z
AddCVE-2019-16197/dolibarr

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -523,7 +523,7 @@ CVE-2019-16199
 CVE-2019-16198
RESERVED
 CVE-2019-16197 (In htdocs/societe/card.php in Dolibarr 10.0.1, the value of 
the User-A ...)
-   TODO: check
+   - dolibarr 
 CVE-2019-16196
RESERVED
 CVE-2019-16195



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/669df538e768da991a1892edb0efb1089aeb445f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/669df538e768da991a1892edb0efb1089aeb445f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8567d6bb by Salvatore Bonaccorso at 2019-09-16T20:18:17Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -5,7 +5,7 @@ CVE-2019-16373
 CVE-2019-16372
RESERVED
 CVE-2019-16371 (LogMeIn LastPass before 4.33.0 allows attackers to construct a 
crafted ...)
-   TODO: check
+   NOT-FOR-US: LogMeIn LastPass
 CVE-2019-16370 (The PGP signing plugin in Gradle before 6.0 relies on the 
SHA-1 algori ...)
TODO: check
 CVE-2019-16369
@@ -37,11 +37,11 @@ CVE-2019-16357
 CVE-2019-16356
RESERVED
 CVE-2019-16355 (The File Session Manager in Beego 1.10.0 allows local users to 
read se ...)
-   TODO: check
+   NOT-FOR-US: Beego
 CVE-2019-16354 (The File Session Manager in Beego 1.10.0 allows local users to 
read se ...)
-   TODO: check
+   NOT-FOR-US: Beego
 CVE-2019-16353 (Emerson GE Automation Proficy Machine Edition 8.0 allows an 
access vio ...)
-   TODO: check
+   NOT-FOR-US: Emerson GE Automation Proficy Machine Edition
 CVE-2019-16352 (ffjpeg before 2019-08-21 has a heap-based buffer overflow in 
jfif_load ...)
TODO: check
 CVE-2019-16351 (ffjpeg before 2019-08-18 has a NULL pointer dereference in 
huffman_dec ...)
@@ -49,13 +49,13 @@ CVE-2019-16351 (ffjpeg before 2019-08-18 has a NULL pointer 
dereference in huffm
 CVE-2019-16350 (ffjpeg before 2019-08-18 has a NULL pointer dereference in 
idct2d8x8() ...)
TODO: check
 CVE-2019-16349 (Bento4 1.5.1-628 has a NULL pointer dereference in 
AP4_ByteStream::Rea ...)
-   TODO: check
+   NOT-FOR-US: Bento4
 CVE-2019-16348 (marc-q libwav through 2019-08-15 has a NULL pointer 
dereference in gai ...)
-   TODO: check
+   NOT-FOR-US: libwav
 CVE-2019-16347 (ngiflib 0.4 has a heap-based buffer overflow in WritePixels() 
in ngifl ...)
-   TODO: check
+   NOT-FOR-US: ngiflib
 CVE-2019-16346 (ngiflib 0.4 has a heap-based buffer overflow in WritePixel() 
in ngifli ...)
-   TODO: check
+   NOT-FOR-US: ngiflib
 CVE-2019-16345
RESERVED
 CVE-2019-16344
@@ -238,7 +238,7 @@ CVE-2016-10959 (The estatik plugin before 2.3.1 for 
WordPress has authenticated
 CVE-2016-10958 (The estatik plugin before 2.3.0 for WordPress has 
unauthenticated arbi ...)
NOT-FOR-US: estatik plugin for WordPress
 CVE-2016-10957 (The Akal theme through 2016-08-22 for WordPress has XSS via 
the framew ...)
-   TODO: check
+   NOT-FOR-US: Akal theme for WordPress
 CVE-2016-10956 (The mail-masta plugin 1.0 for WordPress has local file 
inclusion in co ...)
NOT-FOR-US: mail-masta plugin for WordPress
 CVE-2010-5333 (The web server in Integard Pro and Home before 2.0.0.9037 and 
2.2.x be ...)
@@ -274,7 +274,7 @@ CVE-2019-16266
 CVE-2019-16265
RESERVED
 CVE-2019-16264 (In Escuela de Gestion Publica Plurinacional (EGPP) Sistema 
Integrado d ...)
-   TODO: check
+   NOT-FOR-US: Escuela de Gestion Publica Plurinacional (EGPP) Sistema 
Integrado de Gestion Academica (GESAC)
 CVE-2019-16263
RESERVED
 CVE-2019-16262
@@ -880,7 +880,7 @@ CVE-2019-16058 (An issue was discovered in the pam_p11 
component 0.2.0 and 0.3.0
- pam-p11  (bug #939664)
NOTE: 
https://github.com/OpenSC/pam_p11/commit/d150b60e1e14c261b113f55681419ad1dfa8a76c
 CVE-2019-16057 (The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is 
vulnera ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2019-16056 (An issue was discovered in Python through 2.7.16, 3.x through 
3.5.7, 3 ...)
- python3.8 3.8.0~b4-1
- python3.7 



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8567d6bb45651c24d1cca33d5b9a50baa2e42448

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8567d6bb45651c24d1cca33d5b9a50baa2e42448
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
deea5fcb by Salvatore Bonaccorso at 2019-09-16T20:12:43Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -204,43 +204,43 @@ CVE-2019-16278
 CVE-2019-16277 (PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in 
cstdlib/ ...)
TODO: check
 CVE-2017-18634 (The newspaper theme before 6.7.2 for WordPress has script 
injection vi ...)
-   TODO: check
+   NOT-FOR-US: newspaper theme for WordPress
 CVE-2016-10973 (The Brafton plugin before 3.4.8 for WordPress has XSS via the 
wp-admin ...)
-   TODO: check
+   NOT-FOR-US: Brafton plugin for WordPress
 CVE-2016-10972 (The newspaper theme before 6.7.2 for WordPress has a lack of 
options a ...)
-   TODO: check
+   NOT-FOR-US: newspaper theme for WordPress
 CVE-2016-10971 (The MemberSonic Lite plugin before 1.302 for WordPress has 
incorrect l ...)
-   TODO: check
+   NOT-FOR-US: MemberSonic Lite plugin for WordPress
 CVE-2016-10970 (The supportflow plugin before 0.7 for WordPress has XSS via a 
ticket e ...)
-   TODO: check
+   NOT-FOR-US: supportflow plugin for WordPress
 CVE-2016-10969 (The supportflow plugin before 0.7 for WordPress has XSS via a 
discussi ...)
-   TODO: check
+   NOT-FOR-US: supportflow plugin for WordPress
 CVE-2016-10968 (The peepso-core plugin before 1.6.1 for WordPress has 
PeepSoProfilePre ...)
-   TODO: check
+   NOT-FOR-US: peepso-core plugin for WordPress
 CVE-2016-10967 (The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via 
the wp-c ...)
-   TODO: check
+   NOT-FOR-US: real3d-flipbook-lite plugin for WordPress
 CVE-2016-10966 (The real3d-flipbook-lite plugin 1.0 for WordPress has 
bookName=../ dir ...)
-   TODO: check
+   NOT-FOR-US: real3d-flipbook-lite plugin for WordPress
 CVE-2016-10965 (The real3d-flipbook-lite plugin 1.0 for WordPress has 
deleteBook=../ d ...)
-   TODO: check
+   NOT-FOR-US: real3d-flipbook-lite plugin for WordPress
 CVE-2016-10964 (The dwnldr plugin before 1.01 for WordPress has XSS via the 
User-Agent ...)
-   TODO: check
+   NOT-FOR-US: dwnldr plugin for WordPress
 CVE-2016-10963 (The icegram plugin before 1.9.19 for WordPress has XSS. ...)
-   TODO: check
+   NOT-FOR-US: icegram plugin for WordPress
 CVE-2016-10962 (The icegram plugin before 1.9.19 for WordPress has CSRF via 
the wp-adm ...)
-   TODO: check
+   NOT-FOR-US: icegram plugin for WordPress
 CVE-2016-10961 (The colorway theme before 3.4.2 for WordPress has XSS via the 
contactN ...)
-   TODO: check
+   NOT-FOR-US: colorway theme for WordPress
 CVE-2016-10960 (The wsecure plugin before 2.4 for WordPress has remote code 
execution  ...)
-   TODO: check
+   NOT-FOR-US: wsecure plugin for WordPress
 CVE-2016-10959 (The estatik plugin before 2.3.1 for WordPress has 
authenticated arbitr ...)
-   TODO: check
+   NOT-FOR-US: estatik plugin for WordPress
 CVE-2016-10958 (The estatik plugin before 2.3.0 for WordPress has 
unauthenticated arbi ...)
-   TODO: check
+   NOT-FOR-US: estatik plugin for WordPress
 CVE-2016-10957 (The Akal theme through 2016-08-22 for WordPress has XSS via 
the framew ...)
TODO: check
 CVE-2016-10956 (The mail-masta plugin 1.0 for WordPress has local file 
inclusion in co ...)
-   TODO: check
+   NOT-FOR-US: mail-masta plugin for WordPress
 CVE-2010-5333 (The web server in Integard Pro and Home before 2.0.0.9037 and 
2.2.x be ...)
NOT-FOR-US: Integard
 CVE-2019-16319 (In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon 
dissector ...)
@@ -34370,7 +34370,7 @@ CVE-2019-4149 (IBM Business Automation Workflow 
V18.0.0.0 through V18.0.0.2 and
 CVE-2019-4148 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 
6.0.0.1 is vu ...)
NOT-FOR-US: IBM
 CVE-2019-4147 (IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable 
to SQL ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2019-4146 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 
6.0.0.1 could ...)
NOT-FOR-US: IBM
 CVE-2019-4145 (IBM Security Access Manager 9.0.1 through 9.0.6 could reveal 
highly se ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/deea5fcbfde0bff2042b82b5b97a6509979d023e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/deea5fcbfde0bff2042b82b5b97a6509979d023e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
aa8c43c8 by security tracker role at 2019-09-16T20:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,73 @@
+CVE-2019-16374
+   RESERVED
+CVE-2019-16373
+   RESERVED
+CVE-2019-16372
+   RESERVED
+CVE-2019-16371 (LogMeIn LastPass before 4.33.0 allows attackers to construct a 
crafted ...)
+   TODO: check
+CVE-2019-16370 (The PGP signing plugin in Gradle before 6.0 relies on the 
SHA-1 algori ...)
+   TODO: check
+CVE-2019-16369
+   RESERVED
+CVE-2019-16368
+   RESERVED
+CVE-2019-16367
+   RESERVED
+CVE-2019-16366 (In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based 
buffer ove ...)
+   TODO: check
+CVE-2019-16365
+   RESERVED
+CVE-2019-16364
+   RESERVED
+CVE-2019-16363
+   RESERVED
+CVE-2019-16362
+   RESERVED
+CVE-2019-16361
+   RESERVED
+CVE-2019-16360
+   RESERVED
+CVE-2019-16359
+   RESERVED
+CVE-2019-16358
+   RESERVED
+CVE-2019-16357
+   RESERVED
+CVE-2019-16356
+   RESERVED
+CVE-2019-16355 (The File Session Manager in Beego 1.10.0 allows local users to 
read se ...)
+   TODO: check
+CVE-2019-16354 (The File Session Manager in Beego 1.10.0 allows local users to 
read se ...)
+   TODO: check
+CVE-2019-16353 (Emerson GE Automation Proficy Machine Edition 8.0 allows an 
access vio ...)
+   TODO: check
+CVE-2019-16352 (ffjpeg before 2019-08-21 has a heap-based buffer overflow in 
jfif_load ...)
+   TODO: check
+CVE-2019-16351 (ffjpeg before 2019-08-18 has a NULL pointer dereference in 
huffman_dec ...)
+   TODO: check
+CVE-2019-16350 (ffjpeg before 2019-08-18 has a NULL pointer dereference in 
idct2d8x8() ...)
+   TODO: check
+CVE-2019-16349 (Bento4 1.5.1-628 has a NULL pointer dereference in 
AP4_ByteStream::Rea ...)
+   TODO: check
+CVE-2019-16348 (marc-q libwav through 2019-08-15 has a NULL pointer 
dereference in gai ...)
+   TODO: check
+CVE-2019-16347 (ngiflib 0.4 has a heap-based buffer overflow in WritePixels() 
in ngifl ...)
+   TODO: check
+CVE-2019-16346 (ngiflib 0.4 has a heap-based buffer overflow in WritePixel() 
in ngifli ...)
+   TODO: check
+CVE-2019-16345
+   RESERVED
+CVE-2019-16344
+   RESERVED
+CVE-2019-16343
+   RESERVED
+CVE-2018-21017 (GPAC 0.7.1 has a memory leak in dinf_Read in 
isomedia/box_code_base.c. ...)
+   TODO: check
+CVE-2018-21016 (audio_sample_entry_AddBox() at isomedia/box_code_base.c in 
GPAC 0.7.1  ...)
+   TODO: check
+CVE-2018-21015 (AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 
allows remot ...)
+   TODO: check
 CVE-2019-16342
RESERVED
 CVE-2019-16341
@@ -133,44 +203,44 @@ CVE-2019-16278
RESERVED
 CVE-2019-16277 (PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in 
cstdlib/ ...)
TODO: check
-CVE-2017-18634
-   RESERVED
-CVE-2016-10973
-   RESERVED
-CVE-2016-10972
-   RESERVED
-CVE-2016-10971
-   RESERVED
-CVE-2016-10970
-   RESERVED
-CVE-2016-10969
-   RESERVED
-CVE-2016-10968
-   RESERVED
-CVE-2016-10967
-   RESERVED
-CVE-2016-10966
-   RESERVED
-CVE-2016-10965
-   RESERVED
-CVE-2016-10964
-   RESERVED
-CVE-2016-10963
-   RESERVED
-CVE-2016-10962
-   RESERVED
-CVE-2016-10961
-   RESERVED
-CVE-2016-10960
-   RESERVED
-CVE-2016-10959
-   RESERVED
-CVE-2016-10958
-   RESERVED
-CVE-2016-10957
-   RESERVED
-CVE-2016-10956
-   RESERVED
+CVE-2017-18634 (The newspaper theme before 6.7.2 for WordPress has script 
injection vi ...)
+   TODO: check
+CVE-2016-10973 (The Brafton plugin before 3.4.8 for WordPress has XSS via the 
wp-admin ...)
+   TODO: check
+CVE-2016-10972 (The newspaper theme before 6.7.2 for WordPress has a lack of 
options a ...)
+   TODO: check
+CVE-2016-10971 (The MemberSonic Lite plugin before 1.302 for WordPress has 
incorrect l ...)
+   TODO: check
+CVE-2016-10970 (The supportflow plugin before 0.7 for WordPress has XSS via a 
ticket e ...)
+   TODO: check
+CVE-2016-10969 (The supportflow plugin before 0.7 for WordPress has XSS via a 
discussi ...)
+   TODO: check
+CVE-2016-10968 (The peepso-core plugin before 1.6.1 for WordPress has 
PeepSoProfilePre ...)
+   TODO: check
+CVE-2016-10967 (The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via 
the wp-c ...)
+   TODO: check
+CVE-2016-10966 (The real3d-flipbook-lite plugin 1.0 for WordPress has 
bookName=../ dir ...)
+   TODO: check
+CVE-2016-10965 (The real3d-flipbook-lite plugin 1.0 for WordPress has 
deleteBook=../ d ...)
+   TODO: check
+CVE-2016-10964 (The dwnldr plugin before 1.01 for WordPress has XSS via the 
User-Agent ...)
+   TODO: check
+CVE-2016-10963 (The icegram plugin before 1.9.19 for WordPress has XSS. ...)
+   TODO: check

[Git][security-tracker-team/security-tracker][master] Add cloned bug for CVE-2019-16159/bird2

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
abfcce36 by Salvatore Bonaccorso at 2019-09-16T19:47:42Z
Add cloned bug for CVE-2019-16159/bird2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -575,7 +575,7 @@ CVE-2019-16159 (BIRD Internet Routing Daemon 1.6.x through 
1.6.7 and 2.x through
- bird 1.6.8-1 (bug #939990)
[stretch] - bird  (Vulnerable code introduced later)
[jessie] - bird  (Vulnerable code introduced later)
-   - bird2 2.0.6-1
+   - bird2 2.0.6-1 (bug #940522)
NOTE: 
https://gitlab.labs.nic.cz/labs/bird/commit/1657c41c96b3c07d9265b07dd4912033ead4124b
 (1.6.x)
NOTE: 
https://gitlab.labs.nic.cz/labs/bird/commit/8388f5a7e14108a1458fea35bfbb5a453e2c563c
 (2.0.x)
 CVE-2019-16158



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/abfcce360742445cf08b23f83eb278c6b60a088d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/abfcce360742445cf08b23f83eb278c6b60a088d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dino-im DSA

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c651cbb8 by Moritz Muehlenhoff at 2019-09-16T19:45:10Z
dino-im DSA

- - - - -


1 changed file:

- data/DSA/list


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[16 Sep 2019] DSA-4524-1 dino-im - security update
+   {CVE-2019-16235 CVE-2019-16236 CVE-2019-16237}
+   [buster] - dino-im 0.0.git20181129-1+deb10u1
 [15 Sep 2019] DSA-4523-1 thunderbird - security update
{CVE-2019-11739 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 
CVE-2019-11744 CVE-2019-11746 CVE-2019-11752}
[stretch] - thunderbird 1:60.9.0-1~deb9u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c651cbb8d810f50c6a266808e76af9bc645ce2d3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c651cbb8d810f50c6a266808e76af9bc645ce2d3
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add as well src:bird2 for CVE-2019-16159 tracking

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
34db1f1b by Salvatore Bonaccorso at 2019-09-16T19:43:54Z
Add as well src:bird2 for CVE-2019-16159 tracking

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -575,6 +575,7 @@ CVE-2019-16159 (BIRD Internet Routing Daemon 1.6.x through 
1.6.7 and 2.x through
- bird 1.6.8-1 (bug #939990)
[stretch] - bird  (Vulnerable code introduced later)
[jessie] - bird  (Vulnerable code introduced later)
+   - bird2 2.0.6-1
NOTE: 
https://gitlab.labs.nic.cz/labs/bird/commit/1657c41c96b3c07d9265b07dd4912033ead4124b
 (1.6.x)
NOTE: 
https://gitlab.labs.nic.cz/labs/bird/commit/8388f5a7e14108a1458fea35bfbb5a453e2c563c
 (2.0.x)
 CVE-2019-16158



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/34db1f1bd17d97137968c45fe2d1f14dec596a3a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/34db1f1bd17d97137968c45fe2d1f14dec596a3a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Remove leftover TODO item

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fde8ebf1 by Salvatore Bonaccorso at 2019-09-16T19:39:26Z
Remove leftover TODO item

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -21337,7 +21337,6 @@ CVE-2019-9453 (In the Android kernel in F2FS touch 
driver there is a possible ou
- linux 5.2.6-1
[buster] - linux 4.19.67-1
NOTE: 
https://git.kernel.org/linus/2777e654371dd4207a3a7f4fb5fa39550053a080
-   TODO: check
 CVE-2019-9452 (In the Android kernel in SEC_TS touch driver there is a 
possible out o ...)
TODO: check
 CVE-2019-9451 (In the Android kernel in the touchscreen driver there is a 
possible ou ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fde8ebf147acc97d9560b343399effebb1da14fc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fde8ebf147acc97d9560b343399effebb1da14fc
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-12175/bro (and respective fixed version)

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b234a1a9 by Salvatore Bonaccorso at 2019-09-16T19:37:39Z
Add CVE-2019-12175/bro (and respective fixed version)

The CVEs for Zeek Network Security Monitor might need careful
investigation in future and montitor for a src:zeek package. For now at
time of wrinting the commit message, in Debian the respective source
package is still named src:bro.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -12865,7 +12865,7 @@ CVE-2019-12177 (Privilege escalation due to insecure 
directory permissions affec
 CVE-2019-12176 (Privilege escalation in the "HTC Account Service" and 
"ViveportDesktop ...)
NOT-FOR-US: HTC VIVEPORT
 CVE-2019-12175 (In Zeek Network Security Monitor (formerly known as Bro) 
before 2.6.2, ...)
-   TODO: check
+   - bro 2.6.4+ds1-1
 CVE-2019-12174 (hide.me before 2.4.4 on macOS suffers from a privilege 
escalation vuln ...)
NOT-FOR-US: hide.me
 CVE-2019-12173 (MacDown 0.7.1 (870) allows remote code execution via a 
file:\\\ URI, w ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b234a1a9541843dcd21beb7c9957352b5c0ab73a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b234a1a9541843dcd21beb7c9957352b5c0ab73a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-1336{3,4}/piwigo

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8744012b by Salvatore Bonaccorso at 2019-09-16T19:37:11Z
Add CVE-2019-1336{3,4}/piwigo

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -9614,9 +9614,9 @@ CVE-2019-13366
 CVE-2019-13365
RESERVED
 CVE-2019-13364 (admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the 
vat ...)
-   TODO: check
+   - piwigo 
 CVE-2019-13363 (admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS 
via the nb ...)
-   TODO: check
+   - piwigo 
 CVE-2019-13362 (Codedoc v3.2 has a stack-based buffer overflow in add_variable 
in code ...)
NOT-FOR-US: Codedoc
 CVE-2019-13361 (Smanos W100 1.0.0 devices have Insecure Permissions, 
exploitable by an ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8744012b3136edba1cf3378b48448ee5080f8e22

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8744012b3136edba1cf3378b48448ee5080f8e22
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5cba99b4 by Salvatore Bonaccorso at 2019-09-16T19:36:39Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -9228,13 +9228,13 @@ CVE-2019-13522 (An attacker could use a specially 
crafted project file to corrup
 CVE-2019-13521
RESERVED
 CVE-2019-13520 (Multiple buffer overflow issues have been identified in Alpha5 
Smart L ...)
-   TODO: check
+   NOT-FOR-US: Fuji Electric
 CVE-2019-13519
RESERVED
 CVE-2019-13518 (An attacker could use a specially crafted project file to 
overflow the ...)
-   TODO: check
+   NOT-FOR-US: EZAutomation
 CVE-2019-13517 (In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis 
Enterprise Serve ...)
-   TODO: check
+   NOT-FOR-US: Pyxis
 CVE-2019-13516 (In OSIsoft PI Web API and prior, the affected product is 
vulnerable to ...)
NOT-FOR-US: OSIsoft LLC
 CVE-2019-13515 (OSIsoft PI Web API 2018 and prior may allow disclosure of 
sensitive in ...)
@@ -10195,7 +10195,7 @@ CVE-2019-13158
 CVE-2019-13157
RESERVED
 CVE-2019-13156 (NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based 
buffer ove ...)
-   TODO: check
+   NOT-FOR-US: Naver Cloud Explorer
 CVE-2019-13155 (An issue was discovered in TRENDnet TEW-827DRU firmware before 
2.05B11 ...)
NOT-FOR-US: TRENDnet TEW-827DRU firmware
 CVE-2019-13154 (An issue was discovered in TRENDnet TEW-827DRU firmware before 
2.05B11 ...)
@@ -10831,9 +10831,9 @@ CVE-2019-12945
 CVE-2019-12944
RESERVED
 CVE-2019-12943 (TTLock devices do not properly restrict password-reset 
attempts, leadi ...)
-   TODO: check
+   NOT-FOR-US: TTLock devices
 CVE-2019-12942 (TTLock devices do not properly block guest access in certain 
situation ...)
-   TODO: check
+   NOT-FOR-US: TTLock devices
 CVE-2019-12941
RESERVED
 CVE-2019-12940 (LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of 
Service (me ...)
@@ -11175,7 +11175,7 @@ CVE-2019-12812
 CVE-2019-12811
RESERVED
 CVE-2019-12810 (A memory corruption vulnerability exists in the .PSD parsing 
functiona ...)
-   TODO: check
+   NOT-FOR-US: ALSee
 CVE-2019-12809 (Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier 
versions contai ...)
NOT-FOR-US: Yes24ViewerX ActiveX Control
 CVE-2019-12808 (ALTOOLS update service 18.1 and earlier versions contains a 
local priv ...)
@@ -11831,7 +11831,7 @@ CVE-2019-12534
 CVE-2019-12533
RESERVED
 CVE-2019-12532 (Improper access control in the Insyde software tools may allow 
an auth ...)
-   TODO: check
+   NOT-FOR-US: Insyde software tools
 CVE-2019-12531
RESERVED
 CVE-2019-12530 (Incorrect access control was discovered in the stdonato 
Dashboard plug ...)
@@ -13490,9 +13490,9 @@ CVE-2019-11901
 CVE-2019-11900
RESERVED
 CVE-2019-11899 (An unauthenticated attacker can achieve unauthorized access to 
sensiti ...)
-   TODO: check
+   NOT-FOR-US: Bosch Access Professional Edition
 CVE-2019-11898 (Unauthorized APE administration privileges can be achieved by 
reverse  ...)
-   TODO: check
+   NOT-FOR-US: Bosch Access Professional Edition
 CVE-2019-11897 (A Server-Side Request Forgery (SSRF) vulnerability in the 
backup  ...)
TODO: check
 CVE-2019-11896 (A potential incorrect privilege assignment vulnerability 
exists in the ...)
@@ -13791,7 +13791,7 @@ CVE-2019-11771 (AIX builds of Eclipse OpenJ9 before 
0.15.0 contain unused RPATHs
 CVE-2019-11770 (In Eclipse Buildship versions prior to 3.1.1, the build files 
indicate ...)
NOT-FOR-US: Eclipse Buildship
 CVE-2019-11769 (An issue was discovered in TeamViewer 14.2.2558. Updating the 
product  ...)
-   TODO: check
+   NOT-FOR-US: TeamViewer
 CVE-2019-11768 (An issue was discovered in phpMyAdmin before 4.9.0.1. A 
vulnerability  ...)
- phpmyadmin  (bug #930048)
[jessie] - phpmyadmin  (vulnerable code is not present)
@@ -14439,11 +14439,11 @@ CVE-2019-11605 (An issue was discovered in GitLab 
Community and Enterprise Editi
 CVE-2019-11604 (An issue was discovered in Quest KACE Systems Management 
Appliance bef ...)
NOT-FOR-US: Quest KACE Systems Management Appliance
 CVE-2019-11603 (A HTTP Traversal Attack in earlier versions than ProSyst mBS 
SDK 8.2.6 ...)
-   TODO: check
+   NOT-FOR-US: ProSyst mBS SDK and Bosch IoT Gateway Software
 CVE-2019-11602 (Leakage of stack traces in remote access to backup  
restore in ea ...)
-   TODO: check
+   NOT-FOR-US: ProSyst mBS SDK and Bosch IoT Gateway Software
 CVE-2019-11601 (A directory traversal vulnerability in remote access to backup 
 r ...)
-   TODO: check
+   NOT-FOR-US: ProSyst mBS SDK and Bosch IoT Gateway Software
 CVE-2019-11600 (A SQL injection vulnerability in the activities API in 
OpenProject bef ...)
   

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-9445/linux

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
df669198 by Salvatore Bonaccorso at 2019-09-16T19:09:46Z
Add CVE-2019-9445/linux

For now mark it as undetermined. The Android bulleting eferences a full
merge of various f2fs changes. This might be a duplicate of an already
assigned CVE furthermore for the f2fs driver.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -21353,7 +21353,8 @@ CVE-2019-9447 (In the Android kernel in the FingerTipS 
touchscreen driver there
 CVE-2019-9446 (In the Android kernel in the FingerTipS touchscreen driver 
there is a  ...)
NOT-FOR-US: Android kernel
 CVE-2019-9445 (In the Android kernel in F2FS driver there is a possible out of 
bounds ...)
-   TODO: check
+   - linux 
+   TODO: check, not very clear which commit Android security team is 
referring to
 CVE-2019-9444 (In the Android kernel in sync debug fs driver there is a kernel 
pointe ...)
TODO: check
 CVE-2019-9443 (In the Android kernel in the vl53L0 driver there is a possible 
out of  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/df669198cec07e6d09850f8120b95eb31ecb032c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/df669198cec07e6d09850f8120b95eb31ecb032c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-9454/linux

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ef7babd2 by Salvatore Bonaccorso at 2019-09-16T19:04:42Z
Add CVE-2019-9454/linux

This is most likely a duplicate of CVE-2017-18551 unless Android
security team wanted to cover another angle of the issue. Asked for
clarification to the Android security team.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -21328,7 +21328,11 @@ CVE-2019-9455 (In the Android kernel in the video 
driver there is a kernel point
[stretch] - linux 4.9.168-1
NOTE: 
https://git.kernel.org/linus/5e99456c20f712dcc13d9f6ca4278937d5367355
 CVE-2019-9454 (In the Android kernel in i2c driver there is a possible out of 
bounds  ...)
-   TODO: check
+   - linux 4.14.17-1
+   [stretch] - linux 4.9.168-1
+   [jessie] - linux 3.16.56-1
+   NOTE: 
https://git.kernel.org/linus/89c6efa61f5709327ecfa24bff18e57a4e80c7fa
+   NOTE: Commit wise a duplicate of CVE-2017-18551
 CVE-2019-9453 (In the Android kernel in F2FS touch driver there is a possible 
out of  ...)
- linux 5.2.6-1
[buster] - linux 4.19.67-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef7babd22517e576ba645a4bcd3da34b9990df53

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef7babd22517e576ba645a4bcd3da34b9990df53
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-9456/linux

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
10a9d80d by Salvatore Bonaccorso at 2019-09-16T18:58:22Z
Add CVE-2019-9456/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -21319,7 +21319,10 @@ CVE-2019-9457 (In the Android kernel in ELF file 
loading there is possible memor
[jessie] - linux 3.16.59-1
NOTE: From commit point of view this is a duplicate of CVE-2018-14634
 CVE-2019-9456 (In the Android kernel in Pixel C USB monitor driver there is a 
possibl ...)
-   TODO: check
+   - linux 4.15.11-1
+   [stretch] - linux 4.9.88-1
+   [jessie] - linux 3.16.57-1
+   NOTE: 
https://git.kernel.org/linus/a5f596830e27e15f7a0ecd6be55e433d776986d8
 CVE-2019-9455 (In the Android kernel in the video driver there is a kernel 
pointer le ...)
- linux 4.19.37-1
[stretch] - linux 4.9.168-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/10a9d80d9c234c86abc47d66c215ce7dd0d71574

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/10a9d80d9c234c86abc47d66c215ce7dd0d71574
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-9457/linux

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e56003e2 by Salvatore Bonaccorso at 2019-09-16T18:51:48Z
Add CVE-2019-9457/linux

This is likely a duplicate of CVE-2018-14634 but maybe Android security
team wanted to cover another angle. Asked for confirmation to the
Android security team about the CVE. In any case the commit is included
in the mentioned versions in Debian branches.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -21314,7 +21314,10 @@ CVE-2019-9458 (In the Android kernel in the video 
driver there is a use after fr
[jessie] - linux 3.16.64-1
NOTE: 
https://git.kernel.org/linus/ad608fbcf166fec809e402d548761768f602702c
 CVE-2019-9457 (In the Android kernel in ELF file loading there is possible 
memory cor ...)
-   TODO: check
+   - linux 4.12.6-1
+   [stretch] - linux 4.9.47-1
+   [jessie] - linux 3.16.59-1
+   NOTE: From commit point of view this is a duplicate of CVE-2018-14634
 CVE-2019-9456 (In the Android kernel in Pixel C USB monitor driver there is a 
possibl ...)
TODO: check
 CVE-2019-9455 (In the Android kernel in the video driver there is a kernel 
pointer le ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e56003e26c708fe09faab1152e439bb90f93f327

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e56003e26c708fe09faab1152e439bb90f93f327
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2019-2180/jessie: fixed prior CVE assignment

[Sylvain Beucler]

Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2d4ee2d3 by Sylvain Beucler at 2019-09-16T16:39:37Z
CVE-2019-2180/jessie: fixed prior CVE assignment

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -88,7 +88,7 @@
{CVE-2019-1010247}
[jessie] - libapache2-mod-auth-openidc 1.6.0-1+deb8u1
 [22 Aug 2019] DLA-1893-1 cups - security update
-   {CVE-2019-8675 CVE-2019-8696}
+   {CVE-2019-8675 CVE-2019-8696 CVE-2019-2180}
[jessie] - cups 1.7.5-11+deb8u5
 [21 Aug 2019] DLA-1886-2 openjdk-7 - regression update
[jessie] - openjdk-7 7u231-2.6.19-1~deb8u2


=
data/dla-needed.txt
=
@@ -24,8 +24,6 @@ clamav (Jonas Meurer)
   NOTE: 20190822: upstream has released 0.101.4, wait for stretch update (see 
bug
   NOTE: report) (hle)
 --
-cups (Sylvain Beucler)
---
 freeimage
   NOTE: Maintainer will take care of the update.
   NOTE: https://lists.debian.org/debian-lts/2019/05/msg00079.html



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d4ee2d3b6ca5ed59164b04e59fcbf34b294a47c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d4ee2d3b6ca5ed59164b04e59fcbf34b294a47c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dla: claim cups

[Sylvain Beucler]

Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
586da80b by Sylvain Beucler at 2019-09-16T16:22:34Z
dla: claim cups

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -24,6 +24,8 @@ clamav (Jonas Meurer)
   NOTE: 20190822: upstream has released 0.101.4, wait for stretch update (see 
bug
   NOTE: report) (hle)
 --
+cups (Sylvain Beucler)
+--
 freeimage
   NOTE: Maintainer will take care of the update.
   NOTE: https://lists.debian.org/debian-lts/2019/05/msg00079.html



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/586da80be58b9079dd60d6f6d8c26dc15a4cdd3e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/586da80be58b9079dd60d6f6d8c26dc15a4cdd3e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-9458/linux

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4a18915c by Salvatore Bonaccorso at 2019-09-16T16:10:04Z
Add CVE-2019-9458/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -21309,7 +21309,10 @@ CVE-2019-9460
 CVE-2019-9459
RESERVED
 CVE-2019-9458 (In the Android kernel in the video driver there is a use after 
free du ...)
-   TODO: check
+   - linux 4.18.20-1
+   [stretch] - linux 4.9.135-1
+   [jessie] - linux 3.16.64-1
+   NOTE: 
https://git.kernel.org/linus/ad608fbcf166fec809e402d548761768f602702c
 CVE-2019-9457 (In the Android kernel in ELF file loading there is possible 
memory cor ...)
TODO: check
 CVE-2019-9456 (In the Android kernel in Pixel C USB monitor driver there is a 
possibl ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4a18915c44be04209b666040b928b5ea88e37d26

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4a18915c44be04209b666040b928b5ea88e37d26
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-9245/linux

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
842ca6c5 by Salvatore Bonaccorso at 2019-09-16T16:02:57Z
Add CVE-2019-9245/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -21740,7 +21740,8 @@ CVE-2019-9247
 CVE-2019-9246
RESERVED
 CVE-2019-9245 (In the Android kernel in the f2fs driver there is a possible 
out of bo ...)
-   TODO: check
+   - linux 4.19.16-1
+   NOTE: 
https://git.kernel.org/linus/64beba0558fce7b59e9a8a7afd77290e82a22163
 CVE-2019-9244
RESERVED
 CVE-2019-9243



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/842ca6c59761971b55e14b819ac58850843046bd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/842ca6c59761971b55e14b819ac58850843046bd
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-9453/linux

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b9fbbfe2 by Salvatore Bonaccorso at 2019-09-16T15:54:31Z
Add CVE-2019-9453/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -21321,6 +21321,9 @@ CVE-2019-9455 (In the Android kernel in the video 
driver there is a kernel point
 CVE-2019-9454 (In the Android kernel in i2c driver there is a possible out of 
bounds  ...)
TODO: check
 CVE-2019-9453 (In the Android kernel in F2FS touch driver there is a possible 
out of  ...)
+   - linux 5.2.6-1
+   [buster] - linux 4.19.67-1
+   NOTE: 
https://git.kernel.org/linus/2777e654371dd4207a3a7f4fb5fa39550053a080
TODO: check
 CVE-2019-9452 (In the Android kernel in SEC_TS touch driver there is a 
possible out o ...)
TODO: check



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9fbbfe2b58a667167cb95890c6f7da959d6b913

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9fbbfe2b58a667167cb95890c6f7da959d6b913
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track CVE-2019-915{3,4,5} with node-openpgp RFP/ITP

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
86c6d750 by Salvatore Bonaccorso at 2019-09-16T15:49:39Z
Track CVE-2019-915{3,4,5} with node-openpgp RFP/ITP

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -22039,11 +22039,11 @@ CVE-2019-9162 (In the Linux kernel before 4.20.12, 
net/ipv4/netfilter/nf_nat_snm
NOTE: Fixed by: 
https://git.kernel.org/linus/c4c07b4d6fa1f11880eab8e076d3d060ef3f55fc
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1776
 CVE-2019-9155 (A cryptographic issue in OpenPGP.js =4.2.0 allows an 
attacker who  ...)
-   NOT-FOR-US: OpenPGP.js (not used by Enigmail in Debian)
+   - node-openpgp  (bug #787774)
 CVE-2019-9154 (Improper Verification of a Cryptographic Signature in 
OpenPGP.js = ...)
-   NOT-FOR-US: OpenPGP.js (not used by Enigmail in Debian)
+   - node-openpgp  (bug #787774)
 CVE-2019-9153 (Improper Verification of a Cryptographic Signature in 
OpenPGP.js = ...)
-   NOT-FOR-US: OpenPGP.js (not used by Enigmail in Debian)
+   - node-openpgp  (bug #787774)
 CVE-2019-9152 (An issue was discovered in the HDF HDF5 1.10.4 library. There 
is an ou ...)
- hdf5 
[buster] - hdf5  (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/86c6d7500772e581e43565ea5d0b916af1c1d9fd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/86c6d7500772e581e43565ea5d0b916af1c1d9fd
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Correct tracking of source package in CVE-2015-8013

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
024ea980 by Salvatore Bonaccorso at 2019-09-16T15:48:29Z
Correct tracking of source package in CVE-2015-8013

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -185143,7 +185143,7 @@ CVE-2015-7872 (The key_gc_unused_keys function in 
security/keys/gc.c in the Linu
NOTE: Upstream commit: 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61
 (v4.3-rc7)
NOTE: http://www.openwall.com/lists/oss-security/2015/10/20/5
 CVE-2015-8013 (s2k.js in OpenPGP.js will decrypt arbitrary messages regardless 
of pas ...)
-   - libjs-openpgp  (bug #787774)
+   - node-openpgp  (bug #787774)
NOTE: http://www.openwall.com/lists/oss-security/2015/10/13/7
 CVE-2015-7840 (The command line management console (CMC) in SolarWinds Log and 
Event  ...)
NOT-FOR-US: SolarWinds



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/024ea9809c2fe713f5af95de9d64b600c8d7f620

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/024ea9809c2fe713f5af95de9d64b600c8d7f620
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Remove trailing whitespaces

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
80206c5c by Salvatore Bonaccorso at 2019-09-16T15:46:30Z
Remove trailing whitespaces

- - - - -
cae659af by Salvatore Bonaccorso at 2019-09-16T15:46:30Z
Reference upstream commit for CVE-2019-2181

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -12284,11 +12284,11 @@ CVE-2019-12387 (In Twisted before 19.2.1, twisted.web 
did not validate or saniti
NOTE: 
https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2
 CVE-2019-12386 (An issue was discovered in Ampache through 3.9.1. A stored XSS 
exists  ...)
- ampache 
-NOTE: https://github.com/ampache/ampache/issues/1872 
+NOTE: https://github.com/ampache/ampache/issues/1872
 NOTE: according to the github issue, it is not really fixed yet
 CVE-2019-12385 (An issue was discovered in Ampache through 3.9.1. The search 
engine is ...)
- ampache 
-NOTE: https://github.com/ampache/ampache/issues/1872 
+NOTE: https://github.com/ampache/ampache/issues/1872
 NOTE: according to the github issue, it is not really fixed yet
 CVE-2019-12384 (FasterXML jackson-databind 2.x before 2.9.9.1 might allow 
attackers to ...)
{DLA-1831-1}
@@ -30085,7 +30085,7 @@ CVE-2019-5995 (Missing authorization vulnerability 
exists in EOS series digital
 CVE-2019-5994 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS 
series digit ...)
NOT-FOR-US: Canon
 CVE-2019-5993 (Cross-site request forgery (CSRF) vulnerability in Category 
Specific R ...)
-   NOT-FOR-US: Category Specific RSS feed Subscription 
+   NOT-FOR-US: Category Specific RSS feed Subscription
 CVE-2019-5992 (Cross-site request forgery (CSRF) vulnerability in WordPress 
Ultra Sim ...)
NOT-FOR-US: WordPress Ultra Simple Paypal Shopping Cart
 CVE-2019-5991 (SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 
4.10.3 allow ...)
@@ -40779,11 +40779,12 @@ CVE-2019-2182 (In the Android kernel in the kernel 
MMU code there is a possible
NOTE: Fixed by: 
https://git.kernel.org/linus/15122ee2c515a253b0c66a3e618bc7ebe35105eb
 CVE-2019-2181 (In binder_transaction of binder.c in the Android kernel, there 
is a po ...)
- linux 5.2.6-1
+   NOTE: Fixed by: 
https://git.kernel.org/linus/0b0509508beff65c1d50541861bc0d4973487dc5
 CVE-2019-2180 (In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is 
a possi ...)
- cups 2.2.12-1 (bug #934957)
[buster] - cups 2.2.10-6+deb10u1
[stretch] - cups 2.2.1-8+deb9u4
-   NOTE: Covers the "Fixed IPP buffer overflow (rdar://50035411)" angle of 

+   NOTE: Covers the "Fixed IPP buffer overflow (rdar://50035411)" angle of
NOTE: 
https://github.com/apple/cups/commit/f24e6cf6a39300ad0c3726a41a4aab51ad54c109
 CVE-2019-2179 (In NDEF_MsgValidate of ndef_utils in Android 7.1.1, 7.1.2, 8.0, 
8.1 an ...)
NOT-FOR-US: Android



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/39e3a038c8ae8bd13f9ff36b3e9be01e492c548a...cae659af6f60b90a721c0f4d00be97ac1519a0f9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/39e3a038c8ae8bd13f9ff36b3e9be01e492c548a...cae659af6f60b90a721c0f4d00be97ac1519a0f9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] add earlier bird fix

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
39e3a038 by Moritz Muehlenhoff at 2019-09-16T15:44:23Z
add earlier bird fix

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -572,7 +572,7 @@ CVE-2019-16161 (Onigmo through 6.2.0 has a NULL pointer 
dereference in onig_erro
 CVE-2019-16160
RESERVED
 CVE-2019-16159 (BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x 
through 2.0.5 ...)
-   - bird 2.0.6-1 (bug #939990)
+   - bird 1.6.8-1 (bug #939990)
[stretch] - bird  (Vulnerable code introduced later)
[jessie] - bird  (Vulnerable code introduced later)
NOTE: 
https://gitlab.labs.nic.cz/labs/bird/commit/1657c41c96b3c07d9265b07dd4912033ead4124b
 (1.6.x)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/39e3a038c8ae8bd13f9ff36b3e9be01e492c548a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/39e3a038c8ae8bd13f9ff36b3e9be01e492c548a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bird fixed

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8b27309e by Moritz Muehlenhoff at 2019-09-16T15:42:17Z
bird fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -572,7 +572,7 @@ CVE-2019-16161 (Onigmo through 6.2.0 has a NULL pointer 
dereference in onig_erro
 CVE-2019-16160
RESERVED
 CVE-2019-16159 (BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x 
through 2.0.5 ...)
-   - bird  (bug #939990)
+   - bird 2.0.6-1 (bug #939990)
[stretch] - bird  (Vulnerable code introduced later)
[jessie] - bird  (Vulnerable code introduced later)
NOTE: 
https://gitlab.labs.nic.cz/labs/bird/commit/1657c41c96b3c07d9265b07dd4912033ead4124b
 (1.6.x)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b27309ecf37c0ee64b23eb1468ade2639e0f82e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b27309ecf37c0ee64b23eb1468ade2639e0f82e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new linux issue

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9ee93f0a by Moritz Muehlenhoff at 2019-09-16T15:36:18Z
new linux issue
cups CVE assigned
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -16393,9 +16393,9 @@ CVE-2019-10894 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 
2.6.7, and 3.0.0, the GSS
 CVE-2019-10893 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 
(Free/Open So ...)
NOT-FOR-US: CentOS-WebPanel.com
 CVE-2019-10892 (hnap_main in /htdocs/cgibin on D-link DIR-806 v1.0 devices has 
a stack ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2019-10891 (D-Link DIR-806 devices allow remote attackers to execute 
arbitrary she ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2019-10890
RESERVED
 CVE-2019-10889
@@ -16710,7 +16710,7 @@ CVE-2019-10751 (All versions of the HTTPie package 
prior to version 1.0.3 are vu
NOTE: https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107
NOTE: 
https://github.com/jakubroztocil/httpie/commit/df36d6255df5793129b02ac82f1010171bd8a0a8
 CVE-2019-10750 (deeply is vulnerable to Prototype Pollution in versions before 
3.1.0.  ...)
-   TODO: check
+   NOT-FOR-US: deeply
 CVE-2019-10749
RESERVED
 CVE-2019-10748
@@ -16792,7 +16792,7 @@ CVE-2019-10726
 CVE-2019-10725
RESERVED
 CVE-2019-10724 (There is a vulnerability with the Dolby DAX2 API system 
services in wh ...)
-   TODO: check
+   NOT-FOR-US: Dolby
 CVE-2019-10723 (An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache 
class i ...)
- libpodofo  (low; bug #926667)
[buster] - libpodofo  (Minor issue)
@@ -16934,7 +16934,7 @@ CVE-2019-10711 (Incorrect access control in the RTSP 
stream and web portal on al
 CVE-2019-10710 (Insecure permissions in the Web management portal on all IP 
cameras ba ...)
NOT-FOR-US: IP cameras based on Hisilicon Hi3510 firmware
 CVE-2019-10709 (AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 
hardware has a  ...)
-   TODO: check
+   NOT-FOR-US: Asus
 CVE-2019-10708 (S-CMS PHP v1.0 has SQL injection via the 
4/js/scms.php?action=unlike i ...)
NOT-FOR-US: S-CMS PHP
 CVE-2019-10707 (MKCMS V5.0 has SQL injection via the bplay.php play parameter. 
...)
@@ -21331,11 +21331,11 @@ CVE-2019-9450 (In the Android kernel in the 
FingerTipS touchscreen driver there
 CVE-2019-9449 (In the Android kernel in FingerTipS touchscreen driver there is 
a poss ...)
TODO: check
 CVE-2019-9448 (In the Android kernel in the FingerTipS touchscreen driver 
there is a  ...)
-   TODO: check
+   NOT-FOR-US: Android kernel
 CVE-2019-9447 (In the Android kernel in the FingerTipS touchscreen driver 
there is a  ...)
-   TODO: check
+   NOT-FOR-US: Android kernel
 CVE-2019-9446 (In the Android kernel in the FingerTipS touchscreen driver 
there is a  ...)
-   TODO: check
+   NOT-FOR-US: Android kernel
 CVE-2019-9445 (In the Android kernel in F2FS driver there is a possible out of 
bounds ...)
TODO: check
 CVE-2019-9444 (In the Android kernel in sync debug fs driver there is a kernel 
pointe ...)
@@ -21355,7 +21355,7 @@ CVE-2019-9438
 CVE-2019-9437
RESERVED
 CVE-2019-9436 (In the Android kernel in the bootloader there is a possible 
secure boo ...)
-   TODO: check
+   NOT-FOR-US: LG components for Android
 CVE-2019-9435
RESERVED
 CVE-2019-9434
@@ -21375,7 +21375,7 @@ CVE-2019-9428
 CVE-2019-9427
RESERVED
 CVE-2019-9426 (In the Android kernel in Bluetooth there is a possible out of 
bounds w ...)
-   TODO: check
+   NOT-FOR-US: Broadcom components for Android
 CVE-2019-9425
RESERVED
 CVE-2019-9424
@@ -22039,11 +22039,11 @@ CVE-2019-9162 (In the Linux kernel before 4.20.12, 
net/ipv4/netfilter/nf_nat_snm
NOTE: Fixed by: 
https://git.kernel.org/linus/c4c07b4d6fa1f11880eab8e076d3d060ef3f55fc
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1776
 CVE-2019-9155 (A cryptographic issue in OpenPGP.js =4.2.0 allows an 
attacker who  ...)
-   TODO: check
+   NOT-FOR-US: OpenPGP.js (not used by Enigmail in Debian)
 CVE-2019-9154 (Improper Verification of a Cryptographic Signature in 
OpenPGP.js = ...)
-   TODO: check
+   NOT-FOR-US: OpenPGP.js (not used by Enigmail in Debian)
 CVE-2019-9153 (Improper Verification of a Cryptographic Signature in 
OpenPGP.js = ...)
-   TODO: check
+   NOT-FOR-US: OpenPGP.js (not used by Enigmail in Debian)
 CVE-2019-9152 (An issue was discovered in the HDF HDF5 1.10.4 library. There 
is an ou ...)
- hdf5 
[buster] - hdf5  (Minor issue)
@@ -23969,11 +23969,11 @@ CVE-2019-8453 (Some of the DLLs loaded by Check Point 
ZoneAlarm up to 15.4.062 a
 CVE-2019-8452 (A hard-link created from log file archive of Check Point 
ZoneAlarm up  ...)
NOT-FOR-US: Check Point ZoneAlarm

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-9455/linux

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
649fe011 by Salvatore Bonaccorso at 2019-09-16T15:26:32Z
Add CVE-2019-9455/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -21315,7 +21315,9 @@ CVE-2019-9457 (In the Android kernel in ELF file 
loading there is possible memor
 CVE-2019-9456 (In the Android kernel in Pixel C USB monitor driver there is a 
possibl ...)
TODO: check
 CVE-2019-9455 (In the Android kernel in the video driver there is a kernel 
pointer le ...)
-   TODO: check
+   - linux 4.19.37-1
+   [stretch] - linux 4.9.168-1
+   NOTE: 
https://git.kernel.org/linus/5e99456c20f712dcc13d9f6ca4278937d5367355
 CVE-2019-9454 (In the Android kernel in i2c driver there is a possible out of 
bounds  ...)
TODO: check
 CVE-2019-9453 (In the Android kernel in F2FS touch driver there is a possible 
out of  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/649fe011af46374169f1bf4db51527d524fc93e8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/649fe011af46374169f1bf4db51527d524fc93e8
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-2182/linux information according to kernel-sec

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d43c4361 by Salvatore Bonaccorso at 2019-09-16T15:18:54Z
Add CVE-2019-2182/linux information according to kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -40768,7 +40768,8 @@ CVE-2019-2184
 CVE-2019-2183
RESERVED
 CVE-2019-2182 (In the Android kernel in the kernel MMU code there is a 
possible execu ...)
-   TODO: check
+   - linux 4.16.5-1
+   NOTE: Fixed by: 
https://git.kernel.org/linus/15122ee2c515a253b0c66a3e618bc7ebe35105eb
 CVE-2019-2181 (In binder_transaction of binder.c in the Android kernel, there 
is a po ...)
TODO: check
 CVE-2019-2180 (In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is 
a possi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d43c4361d35a8365da28cf568029eb3f4a21db59

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d43c4361d35a8365da28cf568029eb3f4a21db59
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] add note for ampache issues

[Thorsten Alteholz]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
de89d35b by Thorsten Alteholz at 2019-09-16T14:14:59Z
add note for ampache issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -12284,8 +12284,12 @@ CVE-2019-12387 (In Twisted before 19.2.1, twisted.web 
did not validate or saniti
NOTE: 
https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2
 CVE-2019-12386 (An issue was discovered in Ampache through 3.9.1. A stored XSS 
exists  ...)
- ampache 
+NOTE: https://github.com/ampache/ampache/issues/1872 
+NOTE: according to the github issue, it is not really fixed yet
 CVE-2019-12385 (An issue was discovered in Ampache through 3.9.1. The search 
engine is ...)
- ampache 
+NOTE: https://github.com/ampache/ampache/issues/1872 
+NOTE: according to the github issue, it is not really fixed yet
 CVE-2019-12384 (FasterXML jackson-databind 2.x before 2.9.9.1 might allow 
attackers to ...)
{DLA-1831-1}
- jackson-databind 2.9.8-3 (bug #930750)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/de89d35b3fe98f50b70476e17ef127a20b0a9987

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/de89d35b3fe98f50b70476e17ef127a20b0a9987
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: follow security team and mark adplug CVEs as no-dsa

[Thorsten Alteholz]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
eefebce9 by Thorsten Alteholz at 2019-09-16T14:04:28Z
follow security team and mark adplug CVEs as no-dsa

- - - - -
b905e78c by Thorsten Alteholz at 2019-09-16T14:04:49Z
only no-dsa issues for adplug

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=
data/CVE/list
=
@@ -3296,6 +3296,7 @@ CVE-2019-15151 (AdPlug 2.3.1 has a double free in the 
Cu6mPlayer class in u6m.h.
- adplug 
[buster] - adplug  (Minor issue)
[stretch] - adplug  (Minor issue)
+   [jessie] - adplug  (Minor issue)
NOTE: https://github.com/adplug/adplug/issues/91
 CVE-2019-15150 (In the OAuth2 Client extension before 0.4 for MediaWiki, a 
CSRF vulner ...)
NOT-FOR-US: OAuth2 Client MediaWiki extension
@@ -4651,16 +4652,19 @@ CVE-2019-14734 (AdPlug 2.3.1 has multiple heap-based 
buffer overflows in CmtkLoa
- adplug 
[buster] - adplug  (Minor issue)
[stretch] - adplug  (Minor issue)
+   [jessie] - adplug  (Minor issue)
NOTE: https://github.com/adplug/adplug/issues/90
 CVE-2019-14733 (AdPlug 2.3.1 has multiple heap-based buffer overflows in 
CradLoader::l ...)
- adplug 
[buster] - adplug  (Minor issue)
[stretch] - adplug  (Minor issue)
+   [jessie] - adplug  (Minor issue)
NOTE: https://github.com/adplug/adplug/issues/89
 CVE-2019-14732 (AdPlug 2.3.1 has multiple heap-based buffer overflows in 
Ca2mLoader::l ...)
- adplug 
[buster] - adplug  (Minor issue)
[stretch] - adplug  (Minor issue)
+   [jessie] - adplug  (Minor issue)
NOTE: https://github.com/adplug/adplug/issues/88
 CVE-2019-14731 (An issue was discovered in ZenTao 11.5.1. There is an XSS 
(stored) vul ...)
NOT-FOR-US: ZenTao CMS
@@ -4742,16 +4746,19 @@ CVE-2019-14692 (AdPlug 2.3.1 has a heap-based buffer 
overflow in CmkjPlayer::loa
- adplug 
[buster] - adplug  (Minor issue)
[stretch] - adplug  (Minor issue)
+   [jessie] - adplug  (Minor issue)
NOTE: https://github.com/adplug/adplug/issues/87
 CVE-2019-14691 (AdPlug 2.3.1 has a heap-based buffer overflow in 
CdtmLoader::load() in ...)
- adplug 
[buster] - adplug  (Minor issue)
[stretch] - adplug  (Minor issue)
+   [jessie] - adplug  (Minor issue)
NOTE: https://github.com/adplug/adplug/issues/86
 CVE-2019-14690 (AdPlug 2.3.1 has a heap-based buffer overflow in 
CxadbmfPlayer::__bmf_ ...)
- adplug 
[buster] - adplug  (Minor issue)
[stretch] - adplug  (Minor issue)
+   [jessie] - adplug  (Minor issue)
NOTE: https://github.com/adplug/adplug/issues/85
 CVE-2019-14697 (musl libc through 1.1.23 has an x87 floating-point stack 
adjustment im ...)
- musl 1.1.23-2


=
data/dla-needed.txt
=
@@ -9,8 +9,6 @@ To pick an issue, simply add your name behind it. To learn more 
about how
 this list is updated have a look at
 https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 
---
-adplug
 --
 ampache
   NOTE: package only in Jessie



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/7c276f89617ee6cd7e2a37478720be5f255e1810...b905e78c24b34b14b2559ac274347f1df3a33a9a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/7c276f89617ee6cd7e2a37478720be5f255e1810...b905e78c24b34b14b2559ac274347f1df3a33a9a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add Debian tracking bug for CVE-2019-14540 and CVE-2019-16335

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7c276f89 by Salvatore Bonaccorso at 2019-09-16T13:31:17Z
Add Debian tracking bug for CVE-2019-14540 and CVE-2019-16335

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -13,7 +13,7 @@ CVE-2019-16337
 CVE-2019-16336
RESERVED
 CVE-2019-16335 (A Polymorphic Typing issue was discovered in FasterXML 
jackson-databin ...)
-   - jackson-databind 
+   - jackson-databind  (bug #940498)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2449
NOTE: 
https://github.com/FasterXML/jackson-databind/commit/73c1c2cc76e6cdd7f3a5615cbe3207fe96e4d3db
 CVE-2019-16334 (In Bludit v3.9.2, there is a persistent XSS vulnerability in 
the Categ ...)
@@ -5112,7 +5112,7 @@ CVE-2019-14541 (GnuCOBOL 2.2 has a stack-based buffer 
overflow in cb_encode_prog
[jessie] - open-cobol  (Minor issue)
NOTE: https://sourceforge.net/p/open-cobol/bugs/584/
 CVE-2019-14540 (A Polymorphic Typing issue was discovered in FasterXML 
jackson-databin ...)
-   - jackson-databind 
+   - jackson-databind  (bug #940498)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2410
NOTE: https://github.com/FasterXML/jackson-databind/issues/2449
NOTE: 
https://github.com/FasterXML/jackson-databind/commit/d4983c740fec7d5576b207a8c30a63d3ea7443de



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c276f89617ee6cd7e2a37478720be5f255e1810

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c276f89617ee6cd7e2a37478720be5f255e1810
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity

[Holger Levsen]

Holger Levsen pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2e40b454 by Holger Levsen at 2019-09-16T13:16:55Z
semi-automatic unclaim after 2 weeks of inactivity

Signed-off-by: Holger Levsen hol...@layer-acht.org

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -53,7 +53,7 @@ imapfilter
   NOTE: 20190910: No patch exists but a possible solution. Note that openssl in
   NOTE: Jessie is < 1.0.2. (apo)
 --
-libav (Mike Gabriel)
+libav
   NOTE: 20190831: There are currently 19 CVE issues known for libav in jessie,
   NOTE: 20190831: 11 tagged as . These issues have been triaged, no 
patch
   NOTE: 20190831: has been found, so far. If you pick libav, be prepared to 
work
@@ -67,7 +67,7 @@ libav (Mike Gabriel)
 --
 libcrypto++
 --
-libgcrypt20 (Mike Gabriel)
+libgcrypt20
 --
 libmatio (Adrian Bunk)
   NOTE: fairly high number of open issues. Not sure why we never had a look at 
them.
@@ -97,7 +97,7 @@ linux-4.9 (Ben Hutchings)
 milkytracker
   NOTE: 20190830: Several  issues open for jessie.
 --
-nghttp2 (Abhijith PA)
+nghttp2
 --
 openssl
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e40b4540f30e2d058d1f703c36565246376d9aa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e40b4540f30e2d058d1f703c36565246376d9aa
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reference commit for CVE-2019-14540

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7ec1de3a by Salvatore Bonaccorso at 2019-09-16T13:14:40Z
Reference commit for CVE-2019-14540

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -5115,6 +5115,7 @@ CVE-2019-14540 (A Polymorphic Typing issue was discovered 
in FasterXML jackson-d
- jackson-databind 
NOTE: https://github.com/FasterXML/jackson-databind/issues/2410
NOTE: https://github.com/FasterXML/jackson-databind/issues/2449
+   NOTE: 
https://github.com/FasterXML/jackson-databind/commit/d4983c740fec7d5576b207a8c30a63d3ea7443de
 CVE-2019-14539
RESERVED
 CVE-2019-14538



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7ec1de3a60f38b2c0fab19635dd81fddae3eebf1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7ec1de3a60f38b2c0fab19635dd81fddae3eebf1
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-14540/jackson-databind

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b062af15 by Salvatore Bonaccorso at 2019-09-16T13:11:18Z
Add CVE-2019-14540/jackson-databind

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -5112,7 +5112,9 @@ CVE-2019-14541 (GnuCOBOL 2.2 has a stack-based buffer 
overflow in cb_encode_prog
[jessie] - open-cobol  (Minor issue)
NOTE: https://sourceforge.net/p/open-cobol/bugs/584/
 CVE-2019-14540 (A Polymorphic Typing issue was discovered in FasterXML 
jackson-databin ...)
-   TODO: check
+   - jackson-databind 
+   NOTE: https://github.com/FasterXML/jackson-databind/issues/2410
+   NOTE: https://github.com/FasterXML/jackson-databind/issues/2449
 CVE-2019-14539
RESERVED
 CVE-2019-14538



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b062af153671cd643f7de3a9268e5bbd6426d6bd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b062af153671cd643f7de3a9268e5bbd6426d6bd
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-16335/jackson-databind

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d021ba38 by Salvatore Bonaccorso at 2019-09-16T13:06:18Z
Add CVE-2019-16335/jackson-databind

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -13,7 +13,9 @@ CVE-2019-16337
 CVE-2019-16336
RESERVED
 CVE-2019-16335 (A Polymorphic Typing issue was discovered in FasterXML 
jackson-databin ...)
-   TODO: check
+   - jackson-databind 
+   NOTE: https://github.com/FasterXML/jackson-databind/issues/2449
+   NOTE: 
https://github.com/FasterXML/jackson-databind/commit/73c1c2cc76e6cdd7f3a5615cbe3207fe96e4d3db
 CVE-2019-16334 (In Bludit v3.9.2, there is a persistent XSS vulnerability in 
the Categ ...)
NOT-FOR-US: Bludit
 CVE-2019-16333 (GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting 
(XSS) in adm ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d021ba38c5092aba99476c35149feff0a9408b98

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d021ba38c5092aba99476c35149feff0a9408b98
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entries for ansible which got an update in DLA-1923-1

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
21e25131 by Salvatore Bonaccorso at 2019-09-16T12:50:20Z
Remove no-dsa tagged entries for ansible which got an update in DLA-1923-1

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -18269,7 +18269,6 @@ CVE-2019-10156 (A flaw was discovered in the way 
Ansible templating was implemen
- ansible 2.8.3+dfsg-1 (low; bug #930065)
[buster] - ansible  (Minor issue)
[stretch] - ansible  (Minor issue)
-   [jessie] - ansible  (Minor issue, most likely not affected)
NOTE: https://github.com/ansible/ansible/pull/57188
 CVE-2019-10155 (The Libreswan Project has found a vulnerability in the 
processing of I ...)
- libreswan 3.27-6 (bug #930338)
@@ -69626,7 +69625,6 @@ CVE-2018-10876 (A flaw was found in Linux kernel in the 
ext4 filesystem code. A
 CVE-2018-10875 (A flaw was found in ansible. ansible.cfg is read from the 
current work ...)
{DSA-4396-1}
- ansible 2.6.1+dfsg-1
-   [jessie] - ansible  (Too intrusive to backport)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596533
NOTE: https://github.com/ansible/ansible/pull/42070
NOTE: 
https://github.com/ansible/ansible/commit/4cecbe81adbc655d7ab734165d3ac539f8ba5981
@@ -191442,7 +191440,6 @@ CVE-2015-5516 (Memory leak in the last hop kernel 
module in F5 BIG-IP LTM, GTM,
NOT-FOR-US: F5 BIG-IP
 CVE-2015-6240 (The chroot, jail, and zone connection plugins in ansible before 
1.9.2  ...)
- ansible 1.9.2+dfsg-1 (low)
-   [jessie] - ansible  (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/3
 CVE-2015-5515 (The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x 
before 7.x- ...)
NOT-FOR-US: Drupal addon not packaged in Debian
@@ -196109,7 +196106,6 @@ CVE-2015-3909
RESERVED
 CVE-2015-3908 (Ansible before 1.9.2 does not verify that the server hostname 
matches  ...)
- ansible 1.9.2+dfsg-1 (low)
-   [jessie] - ansible  (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/4
NOTE: Fixed in commit 
https://github.com/ansible/ansible/commit/be7c59c7bbe2c7cfaad0151c42693ebd0ea4243f
 CVE-2015-3907 (CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 
allows XXE  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/21e251316f792d3da6ed4edd7dbb196cb1508a83

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/21e251316f792d3da6ed4edd7dbb196cb1508a83
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Update status for CVE-2019-15031/linux in stretch and jessie

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
26719de3 by Salvatore Bonaccorso at 2019-09-16T12:47:56Z
Update status for CVE-2019-15031/linux in stretch and jessie

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3742,6 +3742,8 @@ CVE-2019-15032
RESERVED
 CVE-2019-15031 (In the Linux kernel through 5.2.14 on the powerpc platform, a 
local us ...)
- linux 
+   [stretch] - linux  (Vulnerable code introduced later)
+   [jessie] - linux  (Vulnerable code introduced later)
NOTE: 
https://git.kernel.org/linus/a8318c13e79badb92bc6640704a64cc022a6eb97
 CVE-2019-15030 (In the Linux kernel through 5.2.14 on the powerpc platform, a 
local us ...)
- linux 



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/26719de36c1102825c0311d3a4b37870aca8d478

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/26719de36c1102825c0311d3a4b37870aca8d478
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Triage open CVE for libsixel/Jessie.

[Markus Koschany]

Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
480184ed by Markus Koschany at 2019-09-16T12:44:58Z
Triage open CVE for libsixel/Jessie.

Most issues do not affect Jessie because the vulnerable code does not exist or
only exist when the fsanitize flag is used.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -42818,18 +42818,21 @@ CVE-2018-19763 (There is a heap-based buffer 
over-read at writer.c (function: wr
- libsixel 1.8.2-2 (bug #931311)
[buster] - libsixel  (Minor issue)
[stretch] - libsixel  (Minor issue)
+   [jessie] - libsixel  (The vulnerable code is not present)
NOTE: https://github.com/saitoha/libsixel/issues/82
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649201 (reproducer)
 CVE-2018-19762 (There is a heap-based buffer overflow at fromsixel.c 
(function: image_ ...)
- libsixel 1.8.2-2 (bug #931311)
[buster] - libsixel  (Minor issue)
[stretch] - libsixel  (Minor issue)
+   [jessie] - libsixel  (The vulnerable code is not present)
NOTE: https://github.com/saitoha/libsixel/issues/81
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649199 (reproducer)
 CVE-2018-19761 (There is an illegal address access at fromsixel.c (function: 
sixel_dec ...)
- libsixel 1.8.2-2 (bug #931311)
[buster] - libsixel  (Minor issue)
[stretch] - libsixel  (Minor issue)
+   [jessie] - libsixel  (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/78
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649200 (reproducer)
 CVE-2018-19760 (cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. 
...)
@@ -42843,6 +42846,7 @@ CVE-2018-19759 (There is a heap-based buffer over-read 
at stb_image_write.h (fun
- libsixel 1.8.2-2 (bug #931311)
[buster] - libsixel  (Minor issue)
[stretch] - libsixel  (Minor issue)
+   [jessie] - libsixel  (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/77
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649202 (reproducer)
 CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in 
wav_write_header in ...)
@@ -42857,12 +42861,14 @@ CVE-2018-19757 (There is a NULL pointer dereference 
at function sixel_helper_set
- libsixel 1.8.2-2 (bug #931311)
[buster] - libsixel  (Minor issue)
[stretch] - libsixel  (Minor issue)
+   [jessie] - libsixel  (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/79
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649197 (reproducer)
 CVE-2018-19756 (There is a heap-based buffer over-read at stb_image.h 
(function: stbi_ ...)
- libsixel 1.8.2-2 (bug #931311)
[buster] - libsixel  (Minor issue)
[stretch] - libsixel  (Minor issue)
+   [jessie] - libsixel  (The vulnerable code is not present)
NOTE: https://github.com/saitoha/libsixel/issues/80
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649198 (reproducer)
 CVE-2018-19755 (There is an illegal address access at asm/preproc.c (function: 
is_mmac ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/480184edc1fbeff50a51879b247bddd2bb2594a4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/480184edc1fbeff50a51879b247bddd2bb2594a4
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-1923-1 for ansible

[Roberto C . Sánchez]

Roberto C. Sánchez pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fae35d1c by Roberto C. Sánchez at 2019-09-16T12:21:47Z
Reserve DLA-1923-1 for ansible

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[16 Sep 2019] DLA-1923-1 ansible - security update
+   {CVE-2015-3908 CVE-2015-6240 CVE-2018-10875 CVE-2019-10156}
+   [jessie] - ansible 1.7.2+dfsg-2+deb8u2
 [15 Sep 2019] DLA-1922-1 wpa - security update
{CVE-2019-16275}
[jessie] - wpa 2.3-1+deb8u9


=
data/dla-needed.txt
=
@@ -15,9 +15,6 @@ adplug
 ampache
   NOTE: package only in Jessie
 --
-ansible (Roberto C. Sánchez)
-  NOTE: 20190906: update is ready; sent request for testing to debian-lts@; 
intend to upload on 20190916 (roberto)
---
 cimg (Thorsten Alteholz)
   NOTE: inline function load_network_external is affected, variable filename
   NOTE: 20190916: also taking care of no-dsa



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fae35d1ce5a34ccbe9a6a13367b5b62eb6bd2d34

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fae35d1ce5a34ccbe9a6a13367b5b62eb6bd2d34
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4edd7587 by Moritz Muehlenhoff at 2019-09-16T09:52:52Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -15,11 +15,11 @@ CVE-2019-16336
 CVE-2019-16335 (A Polymorphic Typing issue was discovered in FasterXML 
jackson-databin ...)
TODO: check
 CVE-2019-16334 (In Bludit v3.9.2, there is a persistent XSS vulnerability in 
the Categ ...)
-   TODO: check
+   NOT-FOR-US: Bludit
 CVE-2019-16333 (GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting 
(XSS) in adm ...)
-   TODO: check
+   NOT-FOR-US: GetSimple CMS
 CVE-2019-16332 (In the api-bearer-auth plugin before 20190907 for WordPress, 
the serve ...)
-   TODO: check
+   NOT-FOR-US: Wordpress plugin
 CVE-2019- [Remotely exploitable null pointer dereference bug]
- libapreq2 2.13-6 (bug #939937)
NOTE: http://svn.apache.org/r1866760
@@ -44,9 +44,9 @@ CVE-2019-16323
 CVE-2019-16322
RESERVED
 CVE-2019-16321 (ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a 
request for a ...)
-   TODO: check
+   NOT-FOR-US: ScadaBR
 CVE-2019-16320 (Cobham Sea Tel v170 224521 through v194 225444 devices allow 
attackers ...)
-   TODO: check
+   NOT-FOR-US: Cobham Sea Tel
 CVE-2019-16318 (In Pimcore before 5.7.1, an attacker with limited privileges 
can bypas ...)
NOT-FOR-US: Pimcore
 CVE-2019-16317 (In Pimcore before 5.7.1, an attacker with limited privileges 
can trigg ...)
@@ -70,15 +70,15 @@ CVE-2019-16309 (FlameCMS 3.3.5 has SQL injection in 
account/login.php via accoun
 CVE-2019-16308
RESERVED
 CVE-2019-16307 (A Reflected Cross-Site Scripting (XSS) vulnerability in the 
webEx modu ...)
-   TODO: check
+   NOT-FOR-US: Fuji
 CVE-2019-16306
RESERVED
 CVE-2019-16305 (In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable 
to comm ...)
-   TODO: check
+   NOT-FOR-US: MobaXterm
 CVE-2019-16304
RESERVED
 CVE-2019-16303 (A class generated by the Generator in JHipster before 6.3.0 
and JHipst ...)
-   TODO: check
+   NOT-FOR-US: JHipster
 CVE-2019-16302
RESERVED
 CVE-2019-16301
@@ -96,7 +96,7 @@ CVE-2019-16296
 CVE-2019-16295
RESERVED
 CVE-2019-16294 (SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows 
remote  ...)
-   TODO: check
+   NOT-FOR-US: Notepad++
 CVE-2019-16293 (The Create Discoveries feature of Open-AudIT before 3.2.0 
allows an au ...)
NOT-FOR-US: Open-AudIT
 CVE-2019-16292



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4edd7587888da8c6197fab302584a995e2985aa9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4edd7587888da8c6197fab302584a995e2985aa9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
095823b9 by security tracker role at 2019-09-16T08:10:26Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,25 @@
+CVE-2019-16342
+   RESERVED
+CVE-2019-16341
+   RESERVED
+CVE-2019-16340
+   RESERVED
+CVE-2019-16339
+   RESERVED
+CVE-2019-16338
+   RESERVED
+CVE-2019-16337
+   RESERVED
+CVE-2019-16336
+   RESERVED
+CVE-2019-16335 (A Polymorphic Typing issue was discovered in FasterXML 
jackson-databin ...)
+   TODO: check
+CVE-2019-16334 (In Bludit v3.9.2, there is a persistent XSS vulnerability in 
the Categ ...)
+   TODO: check
+CVE-2019-16333 (GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting 
(XSS) in adm ...)
+   TODO: check
+CVE-2019-16332 (In the api-bearer-auth plugin before 20190907 for WordPress, 
the serve ...)
+   TODO: check
 CVE-2019- [Remotely exploitable null pointer dereference bug]
- libapreq2 2.13-6 (bug #939937)
NOTE: http://svn.apache.org/r1866760
@@ -149,7 +171,7 @@ CVE-2016-10956
RESERVED
 CVE-2010-5333 (The web server in Integard Pro and Home before 2.0.0.9037 and 
2.2.x be ...)
NOT-FOR-US: Integard
-CVE-2019-16319 [wireshark wnpa-sec-2019-21]
+CVE-2019-16319 (In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon 
dissector ...)
- wireshark 3.0.4-1 (low)
[buster] - wireshark  (Can be fixed along in next 3.0.x DSA)
[stretch] - wireshark  (Can be fixed along in next 2.6.x DSA)
@@ -5085,8 +5107,8 @@ CVE-2019-14541 (GnuCOBOL 2.2 has a stack-based buffer 
overflow in cb_encode_prog
[stretch] - open-cobol  (Minor issue)
[jessie] - open-cobol  (Minor issue)
NOTE: https://sourceforge.net/p/open-cobol/bugs/584/
-CVE-2019-14540
-   RESERVED
+CVE-2019-14540 (A Polymorphic Typing issue was discovered in FasterXML 
jackson-databin ...)
+   TODO: check
 CVE-2019-14539
RESERVED
 CVE-2019-14538
@@ -13802,7 +13824,7 @@ CVE-2019-11753
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11753
 CVE-2019-11752
RESERVED
-   {DSA-4516-1 DLA-1910-1}
+   {DSA-4523-1 DSA-4516-1 DLA-1910-1}
- firefox 69.0-1
- firefox-esr 68.1.0esr-1
- thunderbird 1:60.9.0-1
@@ -13854,7 +13876,7 @@ CVE-2019-11747
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11747
 CVE-2019-11746
RESERVED
-   {DSA-4516-1 DLA-1910-1}
+   {DSA-4523-1 DSA-4516-1 DLA-1910-1}
- firefox 69.0-1
- firefox-esr 68.1.0esr-1
- thunderbird 1:60.9.0-1
@@ -13866,7 +13888,7 @@ CVE-2019-11745
RESERVED
 CVE-2019-11744
RESERVED
-   {DSA-4516-1 DLA-1910-1}
+   {DSA-4523-1 DSA-4516-1 DLA-1910-1}
- firefox 69.0-1
- firefox-esr 68.1.0esr-1
- thunderbird 1:60.9.0-1
@@ -13876,7 +13898,7 @@ CVE-2019-11744
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11744
 CVE-2019-11743
RESERVED
-   {DSA-4516-1 DLA-1910-1}
+   {DSA-4523-1 DSA-4516-1 DLA-1910-1}
- firefox 69.0-1
- firefox-esr 68.1.0esr-1
- thunderbird 1:60.9.0-1
@@ -13885,7 +13907,7 @@ CVE-2019-11743
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11743
 CVE-2019-11742
RESERVED
-   {DSA-4516-1 DLA-1910-1}
+   {DSA-4523-1 DSA-4516-1 DLA-1910-1}
- firefox 69.0-1
- firefox-esr 68.1.0esr-1
- thunderbird 1:60.9.0-1
@@ -13899,7 +13921,7 @@ CVE-2019-11741
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11741
 CVE-2019-11740
RESERVED
-   {DSA-4516-1 DLA-1910-1}
+   {DSA-4523-1 DSA-4516-1 DLA-1910-1}
- firefox 69.0-1
- firefox-esr 68.1.0esr-1
- thunderbird 1:60.9.0-1
@@ -13909,6 +13931,7 @@ CVE-2019-11740
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11740
 CVE-2019-11739
RESERVED
+   {DSA-4523-1}
- thunderbird 1:60.9.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11739
 CVE-2019-11738



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/095823b9d4cb675878fda88c4a8a8919c864c693

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/095823b9d4cb675878fda88c4a8a8919c864c693
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] claim poppler

[Thorsten Alteholz]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2407fd97 by Thorsten Alteholz at 2019-09-16T07:35:20Z
claim poppler

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -109,7 +109,7 @@ php-pecl-http (Roberto C. Sánchez)
 php5 (Roberto C. Sánchez)
   NOTE: 20190910: Also investigate/(fix?) https://bugs.debian.org/939981
 --
-poppler
+poppler (Thorsten Alteholz)
 --
 python2.7 (Roberto C. Sánchez)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2407fd97cedf2b82be1d7254097f0e73a158e5ff

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2407fd97cedf2b82be1d7254097f0e73a158e5ff
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] update note

[Thorsten Alteholz]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
134ad1ab by Thorsten Alteholz at 2019-09-16T06:14:09Z
update note

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -20,6 +20,7 @@ ansible (Roberto C. Sánchez)
 --
 cimg (Thorsten Alteholz)
   NOTE: inline function load_network_external is affected, variable filename
+  NOTE: 20190916: also taking care of no-dsa
 --
 clamav (Jonas Meurer)
   NOTE: wait for definitive patch to be available, then upgrade to latest 
upstream



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/134ad1ab35df2b99164c589b1463291ace75bc96

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/134ad1ab35df2b99164c589b1463291ace75bc96
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits