[Git][security-tracker-team/security-tracker][master] Update notes for ibus
Brian May pushed to branch master at Debian Security Tracker / security-tracker Commits: 2bde5a62 by Brian May at 2019-12-09T06:44:30Z Update notes for ibus - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -26,7 +26,9 @@ freeimage (hle) NOTE: 20191123: upstream appears to have merged a modified version of my patch -- ibus - NOTE: 20191020: Fix for regression in KDE apps still not available (apo) + NOTE: 20191210: Requires glib2.0 to be patched also. + NOTE: 20191210: See https://bugs.debian.org/941018 + NOTE: 20191210: See https://gitlab.gnome.org/GNOME/glib/merge_requests/1176 -- intel-microcode NOTE: 20191113: Waiting for DSA-4565-2 first View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bde5a628d806700db91d89962d8b99cbca1553e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bde5a628d806700db91d89962d8b99cbca1553e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] thrift moved to unstable with 0.13.0-2 upload
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 84bef3ea by Salvatore Bonaccorso at 2019-12-09T06:25:38Z thrift moved to unstable with 0.13.0-2 upload - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -61329,7 +61329,7 @@ CVE-2019-0211 (In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM eve NOTE: https://svn.apache.org/r1855378 CVE-2019-0210 (In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJS ...) [experimental] - thrift 0.13.0-1 - - thrift + - thrift 0.13.0-2 NOTE: https://www.openwall.com/lists/oss-security/2019/10/17/2 CVE-2019-0209 REJECTED @@ -61341,7 +61341,7 @@ CVE-2019-0206 REJECTED CVE-2019-0205 (In Apache Thrift all versions up to and including 0.12.0, a server or ...) [experimental] - thrift 0.13.0-1 - - thrift + - thrift 0.13.0-2 NOTE: https://www.openwall.com/lists/oss-security/2019/10/17/1 CVE-2019-0204 (A specifically crafted Docker image running under the root user can ov ...) - apache-mesos (bug #760315) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/84bef3eaeb9176cf2e5eccf90a0015dabecb9d1a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/84bef3eaeb9176cf2e5eccf90a0015dabecb9d1a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 822748a4 by Thorsten Alteholz at 2019-12-08T22:02:33Z update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -68,7 +68,7 @@ linux (Ben Hutchings) linux-4.9 (Ben Hutchings) -- opendmarc (Thorsten Alteholz) - NOTE: 20191124: still testing package, original patch does not seem to be enough + NOTE: 20191208: still testing package, original patch does not seem to be enough, still ongoing -- opensc (Roberto C. Sánchez) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/822748a406eeed36c88ce85ae96a6502f4d8c5d8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/822748a406eeed36c88ce85ae96a6502f4d8c5d8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add upstream commit to adress CVE-2019-19630/htmldoc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a53904e3 by Salvatore Bonaccorso at 2019-12-08T19:32:55Z Add upstream commit to adress CVE-2019-19630/htmldoc - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,6 +29,7 @@ CVE-2019-19631 CVE-2019-19630 (HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() ...) - htmldoc NOTE: https://github.com/michaelrsweet/htmldoc/issues/370 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/8a129c520e90fc967351f3e165f967128a88f09c CVE-2019-19629 RESERVED CVE-2019-19628 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a53904e3270bb14bc2cbe1aab0e2ab933411ef33 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a53904e3270bb14bc2cbe1aab0e2ab933411ef33 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: still ongoing
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: 499c321f by Adrian Bunk at 2019-12-08T19:18:09Z dla: still ongoing - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -61,7 +61,7 @@ libmatio (Adrian Bunk) NOTE: 20190428: is likely vulnerable NOTE: 20190428: some CVE testcases still fail after applying the fix, NOTE: 20190428: older changes seem to also be required for them - NOTE: 20191124: work is ongoing + NOTE: 20191208: work is ongoing -- linux (Ben Hutchings) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/499c321faf1a104e8cdb71cd52db4b4360d5881f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/499c321faf1a104e8cdb71cd52db4b4360d5881f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note otrs2
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 71896759 by Abhijith PA at 2019-12-08T16:25:12Z update note otrs2 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -74,6 +74,7 @@ opensc (Roberto C. Sánchez) -- otrs2 (Abhijith PA) NOTE: otrs2 is in jessie/main so it should be taken care off + NOTE: 2019108: CVE-2019-18180 seems not affected (abhijith) -- php-horde (Roberto C. Sánchez) NOTE: 20191126: Corresponding with security team regarding CVE assignments. (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/71896759f1b749271e784d3bfa91dd0a59588519 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/71896759f1b749271e784d3bfa91dd0a59588519 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2019-19269 and CVE-2019-19270 via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f2c9162 by Salvatore Bonaccorso at 2019-12-08T15:15:04Z Track fixed version for CVE-2019-19269 and CVE-2019-19270 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2492,7 +2492,7 @@ CVE-2019-19271 (An issue was discovered in tls_verify_crl in ProFTPD before 1.3. NOTE: https://github.com/proftpd/proftpd/issues/860 NOTE: Introduced in: https://github.com/proftpd/proftpd/commit/474075d2cb8c8ced7764b1b4b5ad63a49284d61f (v1.3.5c) CVE-2019-19270 (An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. F ...) - - proftpd-dfsg (bug #946346) + - proftpd-dfsg 1.3.6b-2 (bug #946346) [buster] - proftpd-dfsg (Minor issue) [stretch] - proftpd-dfsg (Bug was introduced in 1.3.5c) [jessie] - proftpd-dfsg (Bug was introduced in 1.3.5c) @@ -2502,7 +2502,7 @@ CVE-2019-19270 (An issue was discovered in tls_verify_crl in ProFTPD through 1.3 NOTE: Introduced in: https://github.com/proftpd/proftpd/commit/0e27c53177db6e1ce4196c772c119071678c77a7 (v1.3.5c) CVE-2019-19269 (An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A ...) {DLA-2018-1} - - proftpd-dfsg (bug #946345) + - proftpd-dfsg 1.3.6b-2 (bug #946345) [buster] - proftpd-dfsg (Minor issue) [stretch] - proftpd-dfsg (Minor issue) NOTE: https://github.com/proftpd/proftpd/issues/861 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4f2c9162272f01cdae32808a815f5f3d97a84739 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4f2c9162272f01cdae32808a815f5f3d97a84739 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-12094 and CVE-2019-12095
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 479a4520 by Salvatore Bonaccorso at 2019-12-08T13:33:02Z Update information on CVE-2019-12094 and CVE-2019-12095 In the upstream ticket[1] some issues were mentioned which need to be combined to make the issue exploitable. [1]: https://bugs.horde.org/ticket/14926; Upstream itself agress still that up to date adding bookmarks in Trean is not yet CSRF protected, but is of low priority as the whole attack is not anymore explotiable after the XSS fix in Horde 5.2.21 which *should* match the commit 81a7b5397350 (Fix XSS vuln in the Horde Cloud Block.)[2] Roberto C. Sanchez found. This commit is included in 5.2.21 and matches the upstream comment. [2]: https://github.com/horde/base/commit/81a7b53973506856db67e7f0b0263be29528aa75; Thus marking for CVE-2019-12095 the newly added src:php-horde part as fixed with 5.2.21+debian0-1 which is the first version in Debian unstable containing the fix. MITRE clarifies the CVE assignment as well as follows: The stored XSS should be considered part of the CSRF vulnerability in CVE-2019-12095, with the CSRF being the primary vulnerability. The reflected XSS vectors are all covered by CVE-2019-12094. The update to the two CVE entries should now match the respective understandings for the CVEs. A classification of the issues is explicitly not done with this commit. Thanks: Roberto C. Sánchez robe...@debian.org - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26789,11 +26789,12 @@ CVE-2019-12096 RESERVED CVE-2019-12095 (Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 ...) - php-horde-trean - NOTE: https://bugs.horde.org/ticket/14926 + - php-horde 5.2.21+debian0-1 + NOTE: https://github.com/horde/base/commit/81a7b53973506856db67e7f0b0263be29528aa75 + NOTE: https://bugs.horde.org/ticket/14926 (for the stored XSS) CVE-2019-12094 (Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin ...) - php-horde - NOTE: https://bugs.horde.org/ticket/14926 - NOTE: https://github.com/horde/base/commit/81a7b53973506856db67e7f0b0263be29528aa75 + NOTE: https://bugs.horde.org/ticket/14926 (for the reflected XSS) CVE-2019-12093 RESERVED CVE-2019-12092 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/479a4520d2d365c4a8972df5fc3e869e75f9dfce -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/479a4520d2d365c4a8972df5fc3e869e75f9dfce You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Sponsored phpmyadmin 4:4.2.12-2+deb8u7 to security-master.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: e972adcb by Chris Lamb at 2019-12-08T12:43:01Z data/dla-needed.txt: Sponsored phpmyadmin 4:4.2.12-2+deb8u7 to security-master. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -84,10 +84,6 @@ php-horde-trean (Roberto C. Sánchez) NOTE: 20191126: Corresponding with security team regarding CVE assignments. (roberto) NOTE: 20191203: Pinged upstream and MITRE regarding correctness of CVE assignments. (roberto) -- -phpmyadmin (Utkarsh Gupta) - NOTE: 20191208: Vulnerable code appears to be in libraries/display_git_revision.lib.php. (lamby) - NOTE: 20191208: I've sent a RFS to the list. (utkarsh2102) --- python-oslo.utils (Abhijith PA) NOTE: Affected code seems to be in oslo/utils/strutils.py. (utkarsh2102) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e972adcb4e135a7785b23f391b6b2438355f7395 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e972adcb4e135a7785b23f391b6b2438355f7395 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark phpmyadmin as still pending release.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 75b94fa1 by Chris Lamb at 2019-12-08T12:14:39Z Mark phpmyadmin as still pending release. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -84,8 +84,9 @@ php-horde-trean (Roberto C. Sánchez) NOTE: 20191126: Corresponding with security team regarding CVE assignments. (roberto) NOTE: 20191203: Pinged upstream and MITRE regarding correctness of CVE assignments. (roberto) -- -phpmyadmin +phpmyadmin (Utkarsh Gupta) NOTE: 20191208: Vulnerable code appears to be in libraries/display_git_revision.lib.php. (lamby) + NOTE: 20191208: I've sent a RFS to the list. (utkarsh2102) -- python-oslo.utils (Abhijith PA) NOTE: Affected code seems to be in oslo/utils/strutils.py. (utkarsh2102) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75b94fa163269cdc426a8aa874e1d73ac882768f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75b94fa163269cdc426a8aa874e1d73ac882768f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2019-19624 in opencv for jessie LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 041339f9 by Chris Lamb at 2019-12-08T11:52:16Z Triage CVE-2019-19624 in opencv for jessie LTS. - - - - - 5d62277e by Chris Lamb at 2019-12-08T11:52:20Z data/dla-needed.txt: Triage phpmyadmin for jessie LTS. - - - - - 64c53424 by Chris Lamb at 2019-12-08T11:52:49Z data/dla-needed.txt: Add note for phpmyadmin. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -42,6 +42,7 @@ CVE-2019-19625 (SROS 2 0.8.1 (which provides the tools that generate and distrib CVE-2019-19624 (An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifica ...) - opencv 4.1.2+dfsg-3 [stretch] - opencv (Vulnerable code introduced later) + [jessie] - opencv (Vulnerable code introduced later) NOTE: https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418 NOTE: https://github.com/opencv/opencv/issues/14554 CVE-2019-19623 = data/dla-needed.txt = @@ -84,6 +84,9 @@ php-horde-trean (Roberto C. Sánchez) NOTE: 20191126: Corresponding with security team regarding CVE assignments. (roberto) NOTE: 20191203: Pinged upstream and MITRE regarding correctness of CVE assignments. (roberto) -- +phpmyadmin + NOTE: 20191208: Vulnerable code appears to be in libraries/display_git_revision.lib.php. (lamby) +-- python-oslo.utils (Abhijith PA) NOTE: Affected code seems to be in oslo/utils/strutils.py. (utkarsh2102) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c79049aaac8dc6f60d4ddbd39bde4a335512f761...64c53424bcc0221bac4dc540a99d8bcd7a498eaa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c79049aaac8dc6f60d4ddbd39bde4a335512f761...64c53424bcc0221bac4dc540a99d8bcd7a498eaa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim python-oslo.utils
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: c79049aa by Abhijith PA at 2019-12-08T11:48:25Z data/dla-needed.txt: Claim python-oslo.utils - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -84,7 +84,7 @@ php-horde-trean (Roberto C. Sánchez) NOTE: 20191126: Corresponding with security team regarding CVE assignments. (roberto) NOTE: 20191203: Pinged upstream and MITRE regarding correctness of CVE assignments. (roberto) -- -python-oslo.utils +python-oslo.utils (Abhijith PA) NOTE: Affected code seems to be in oslo/utils/strutils.py. (utkarsh2102) -- python-reportlab (Hugo Lefeuvre) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c79049aaac8dc6f60d4ddbd39bde4a335512f761 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c79049aaac8dc6f60d4ddbd39bde4a335512f761 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] waiting for feedback from slurm maintianer
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 6b606361 by Abhijith PA at 2019-12-08T11:22:19Z waiting for feedback from slurm maintianer - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -102,7 +102,7 @@ ruby-rack-cors (Utkarsh Gupta) NOTE: 20191125: WIP. (utkarsh2102) NOTE: 20191207: Debugging test failures. (utkarsh2102) -- -slurm-llnl (Abhijith PA) +slurm-llnl NOTE: 20190814: Contacted security of slurm-llnl for relevant commits (abhijith) NOTE: 20191022: Big chunk to backport afa7d743f407c60a7c8a4bd98a10be32c82988b5 and NOTE: 20191022: 750cc23edcc6fddfff21d33bdaf4fb7deb28cfda would be a start.(abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b6063612aa6d8487a105c5893fe7e1a4e9fc12f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b6063612aa6d8487a105c5893fe7e1a4e9fc12f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new libsixel issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 219d6fba by Salvatore Bonaccorso at 2019-12-08T08:17:08Z Add new libsixel issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7,13 +7,17 @@ CVE-2019-19640 CVE-2019-19639 RESERVED CVE-2019-19638 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...) - TODO: check + - libsixel + NOTE: https://github.com/saitoha/libsixel/issues/102 CVE-2019-19637 (An issue was discovered in libsixel 1.8.2. There is an integer overflo ...) - TODO: check + - libsixel + NOTE: https://github.com/saitoha/libsixel/issues/105 CVE-2019-19636 (An issue was discovered in libsixel 1.8.2. There is an integer overflo ...) - TODO: check + - libsixel + NOTE: https://github.com/saitoha/libsixel/issues/104 CVE-2019-19635 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...) - TODO: check + - libsixel + NOTE: https://github.com/saitoha/libsixel/issues/103 CVE-2019-19634 RESERVED CVE-2019-19633 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/219d6fbabd6e295b892799c2a40b687a01d109bb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/219d6fbabd6e295b892799c2a40b687a01d109bb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19630/htmldoc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b99e0c8e by Salvatore Bonaccorso at 2019-12-08T08:15:17Z Add CVE-2019-19630/htmldoc - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23,7 +23,8 @@ CVE-2019-19632 CVE-2019-19631 RESERVED CVE-2019-19630 (HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() ...) - TODO: check + - htmldoc + NOTE: https://github.com/michaelrsweet/htmldoc/issues/370 CVE-2019-19629 RESERVED CVE-2019-19628 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b99e0c8ecdf532914ff6d0b1489affa7dadb522a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b99e0c8ecdf532914ff6d0b1489affa7dadb522a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f5a785ed by security tracker role at 2019-12-08T08:10:25Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,29 @@ +CVE-2019-19642 (On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02 ...) + TODO: check +CVE-2019-19641 + RESERVED +CVE-2019-19640 + RESERVED +CVE-2019-19639 + RESERVED +CVE-2019-19638 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...) + TODO: check +CVE-2019-19637 (An issue was discovered in libsixel 1.8.2. There is an integer overflo ...) + TODO: check +CVE-2019-19636 (An issue was discovered in libsixel 1.8.2. There is an integer overflo ...) + TODO: check +CVE-2019-19635 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...) + TODO: check +CVE-2019-19634 + RESERVED +CVE-2019-19633 + RESERVED +CVE-2019-19632 + RESERVED +CVE-2019-19631 + RESERVED +CVE-2019-19630 (HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() ...) + TODO: check CVE-2019-19629 RESERVED CVE-2019-19628 @@ -26,6 +52,7 @@ CVE-2019-19619 (domain/section/markdown/markdown.go in Documize before 3.5.1 mis CVE-2019-19618 RESERVED CVE-2019-19617 (phpMyAdmin before 4.9.2 does not escape certain Git information, relat ...) + {DLA-2024-1} - phpmyadmin 4:4.9.2+dfsg1-1 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9 CVE-2019-19616 (An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia ...) @@ -1845,16 +1872,13 @@ CVE-2019-19451 (When GNOME Dia before 2019-11-27 is launched with a filename arg NOTE: Negligible security impact, hang in end user tool CVE-2019-19450 RESERVED -CVE-2019-19449 - RESERVED +CVE-2019-19449 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...) - linux NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19449 -CVE-2019-19448 - RESERVED +CVE-2019-19448 (In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesy ...) - linux NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448 -CVE-2019-19447 - RESERVED +CVE-2019-19447 (In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, ...) - linux NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447 CVE-2019-19446 @@ -45440,6 +45464,7 @@ CVE-2019-5546 CVE-2019-5545 RESERVED CVE-2019-5544 (OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap ove ...) + {DLA-2025-1} - openslp-dfsg NOTE: https://www.openwall.com/lists/oss-security/2019/12/06/1 CVE-2019-5543 @@ -104977,7 +105002,7 @@ CVE-2017-17835 (In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowe CVE-2017-17834 REJECTED CVE-2017-17833 (OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-relat ...) - {DLA-1364-1} + {DLA-2025-1 DLA-1364-1} - openslp-dfsg (low) NOTE: https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/ CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a cross-sit ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5a785ed013d485e6551e85da704e5dc76fc6998 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5a785ed013d485e6551e85da704e5dc76fc6998 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits