[Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-10732/kf5-messagelib
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a59bfcdb by Salvatore Bonaccorso at 2019-12-04T07:58:42Z Update information on CVE-2019-10732/kf5-messagelib - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29282,12 +29282,13 @@ CVE-2019-10733 RESERVED CVE-2019-10732 (In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypt ...) {DLA-1825-1} - - kf5-messagelib (bug #926996) + - kf5-messagelib 4:19.08.3-1 (bug #926996) [buster] - kf5-messagelib (Revisit when fixed upstream) [stretch] - kf5-messagelib (Revisit when fixed upstream) - kdepim [stretch] - kdepim (Revisit when fixed upstream) NOTE: https://bugs.kde.org/show_bug.cgi?id=404698 + NOTE: https://cgit.kde.org/messagelib.git/commit/?id=8f9b85b664be0987014c5d2485e706ab5a198e1b (v19.04.2) CVE-2019-10731 RESERVED CVE-2019-10730 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a59bfcdb63ba116ac785c434f535aaca9b5ad2c5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a59bfcdb63ba116ac785c434f535aaca9b5ad2c5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Fix references to DLA regression updates on website
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a6655a89 by Brian May at 2019-12-04T06:26:00Z Fix references to DLA regression updates on website The first revision on the website doesnt have a postfix. The second revision has a postfix of -2. I was going to do something similar for DSA too, but found regression update advisories are not available on the website for DSAs. - - - - - 80f9e779 by Salvatore Bonaccorso at 2019-12-04T07:42:40Z Merge branch bam/security-tracker-fix_dla_references - - - - - 1 changed file: - bin/tracker_service.py Changes: = bin/tracker_service.py = @@ -1570,16 +1570,20 @@ Debian bug number.'''), % (int(y), int(number))) return None -def url_dla(self, url, dla, re_dla=re.compile(r'^DLA-(\d+)(?:-\d+)?$')): +def url_dla(self, url, dla, re_dla=re.compile(r'^DLA-(\d+)(-\d+)?$')): match = re_dla.match(dla) if match: +(number,revision) = match.groups() +if revision == "-1": +link = "dla-%d" % int(number) +else: +link = dla.lower() # We must determine the year because there is no generic URL. -(number,) = match.groups() for (date,) in self.db.cursor().execute( "SELECT release_date FROM bugs WHERE name = ?", (dla,)): (y, m, d) = date.split('-') -return url.absolute("https://www.debian.org/lts/security/%d/dla-%d; -% (int(y), int(number))) +return url.absolute("https://www.debian.org/lts/security/%d/%s; +% (int(y), link)) return None def url_debian_bug(self, url, debian): View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/5e79d2c2c5f77358b41b6bdbc14b00e6b5cd55a3...80f9e7791d381f6cd4df05828e8036fc9f7e6af8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/5e79d2c2c5f77358b41b6bdbc14b00e6b5cd55a3...80f9e7791d381f6cd4df05828e8036fc9f7e6af8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Revert "Fix references to DLA regression updates on website"
Brian May pushed to branch master at Debian Security Tracker / security-tracker Commits: 5e79d2c2 by Brian May at 2019-12-04T06:21:13Z Revert Fix references to DLA regression updates on website This reverts commit 7177c0e348acbd70b76de7fc36116d02201bc9bf. I accidentally pushed this to the wrong branch. - - - - - 1 changed file: - bin/tracker_service.py Changes: = bin/tracker_service.py = @@ -1570,20 +1570,16 @@ Debian bug number.'''), % (int(y), int(number))) return None -def url_dla(self, url, dla, re_dla=re.compile(r'^DLA-(\d+)(-\d+)?$')): +def url_dla(self, url, dla, re_dla=re.compile(r'^DLA-(\d+)(?:-\d+)?$')): match = re_dla.match(dla) if match: -(number,revision) = match.groups() -if revision == "-1": -link = "dla-%d" % int(number) -else: -link = dla.lower() # We must determine the year because there is no generic URL. +(number,) = match.groups() for (date,) in self.db.cursor().execute( "SELECT release_date FROM bugs WHERE name = ?", (dla,)): (y, m, d) = date.split('-') -return url.absolute("https://www.debian.org/lts/security/%d/%s; -% (int(y), link)) +return url.absolute("https://www.debian.org/lts/security/%d/dla-%d; +% (int(y), int(number))) return None def url_debian_bug(self, url, debian): View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5e79d2c2c5f77358b41b6bdbc14b00e6b5cd55a3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5e79d2c2c5f77358b41b6bdbc14b00e6b5cd55a3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix references to DLA regression updates on website
Brian May pushed to branch master at Debian Security Tracker / security-tracker Commits: 7177c0e3 by Brian May at 2019-12-04T06:12:50Z Fix references to DLA regression updates on website The first revision on the website doesnt have a postfix. The second revision has a postfix of -2. I was going to do something similar for DSA too, but found regression update advisories are not available on the website for DSAs. - - - - - 1 changed file: - bin/tracker_service.py Changes: = bin/tracker_service.py = @@ -1570,16 +1570,20 @@ Debian bug number.'''), % (int(y), int(number))) return None -def url_dla(self, url, dla, re_dla=re.compile(r'^DLA-(\d+)(?:-\d+)?$')): +def url_dla(self, url, dla, re_dla=re.compile(r'^DLA-(\d+)(-\d+)?$')): match = re_dla.match(dla) if match: +(number,revision) = match.groups() +if revision == "-1": +link = "dla-%d" % int(number) +else: +link = dla.lower() # We must determine the year because there is no generic URL. -(number,) = match.groups() for (date,) in self.db.cursor().execute( "SELECT release_date FROM bugs WHERE name = ?", (dla,)): (y, m, d) = date.split('-') -return url.absolute("https://www.debian.org/lts/security/%d/dla-%d; -% (int(y), int(number))) +return url.absolute("https://www.debian.org/lts/security/%d/%s; +% (int(y), link)) return None def url_debian_bug(self, url, debian): View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7177c0e348acbd70b76de7fc36116d02201bc9bf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7177c0e348acbd70b76de7fc36116d02201bc9bf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 197a41d3 by Salvatore Bonaccorso at 2019-12-03T22:34:23Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -560,13 +560,13 @@ CVE-2019-19462 (relay_open in kernel/relay.c in the Linux kernel through 5.4.1 a CVE-2019-19461 RESERVED CVE-2019-19460 (An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product' ...) - TODO: check + NOT-FOR-US: SALTO ProAccess SPACE CVE-2019-19459 (An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker ...) - TODO: check + NOT-FOR-US: SALTO ProAccess SPACE CVE-2019-19458 (SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data E ...) - TODO: check + NOT-FOR-US: SALTO ProAccess SPACE CVE-2019-19457 (SALTO ProAccess SPACE 5.4.3.0 allows XSS. ...) - TODO: check + NOT-FOR-US: SALTO ProAccess SPACE CVE-2019-19456 RESERVED CVE-2019-19455 @@ -39377,9 +39377,9 @@ CVE-2019-7368 CVE-2019-7367 RESERVED CVE-2019-7366 (Buffer overflow vulnerability in Autodesk FBX Software Development Kit ...) - TODO: check + NOT-FOR-US: Autodesk FBX Software Development Kit CVE-2019-7365 (DLL preloading vulnerability in Autodesk Desktop Application versions ...) - TODO: check + NOT-FOR-US: Autodesk Desktop Application CVE-2019-7364 (DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of ...) NOT-FOR-US: Autodesk CVE-2019-7363 (Use-after-free vulnerability in Autodesk Design Review versions 2011, ...) @@ -48387,9 +48387,9 @@ CVE-2019-3668 CVE-2019-3667 RESERVED CVE-2019-3666 (API Abuse/Misuse vulnerability in the web interface in McAfee Web Advi ...) - TODO: check + NOT-FOR-US: McAfee CVE-2019-3665 (Code Injection vulnerability in the web interface in McAfee Web Adviso ...) - TODO: check + NOT-FOR-US: McAfee CVE-2019-3664 RESERVED CVE-2019-3663 (Unprotected Storage of Credentials vulnerability in McAfee Advanced Th ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/197a41d38a13b2aa2a653ec0f5bd10a947f3360c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/197a41d38a13b2aa2a653ec0f5bd10a947f3360c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Demote severity for CVE-2019-19391/luajit
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 744c4410 by Salvatore Bonaccorso at 2019-12-03T22:21:03Z Demote severity for CVE-2019-19391/luajit - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -744,8 +744,10 @@ CVE-2019-19393 CVE-2019-19392 RESERVED CVE-2019-19391 (In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other pro ...) - - luajit (bug #946053) + - luajit (bug #946053; unimportant) NOTE: https://github.com/LuaJIT/LuaJIT/pull/526 + NOTE: Negligible security impact. The debug library is unsafe per se and one is + NOTE: not supposed to release an application with the debug library. CVE-2019-19390 RESERVED CVE-2019-19389 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/744c44106fc0459b246a15d8a342f467d0c5dea0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/744c44106fc0459b246a15d8a342f467d0c5dea0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19543/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 34a25c8f by Salvatore Bonaccorso at 2019-12-03T22:19:47Z Add CVE-2019-19543/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2019-19543 [media: serial_ir: Fix use-after-free in serial_ir_init_module] + - linux 5.2.6-1 + [buster] - linux 4.19.67-1 + NOTE: https://git.kernel.org/linus/56cd26b618855c9af48c8301aa6754ced8dd0beb CVE-2019-19539 RESERVED CVE-2019-19538 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34a25c8fac1714a021dda82add72359b89eb426b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34a25c8fac1714a021dda82add72359b89eb426b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage firefox-esr for jessie
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 345164a2 by Chris Lamb at 2019-12-03T22:16:56Z data/dla-needed.txt: Triage firefox-esr for jessie - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -17,6 +17,8 @@ ansible -- clamav (hle) -- +firefox-esr +-- freeimage (hle) NOTE: 20191028: submitted a patch for CVE-2019-12211, see Debian bug report NOTE: 20191123: upstream appears to have merged a modified version of my patch View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/345164a2182064fad3c02add9a2c07ecb09fb7bd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/345164a2182064fad3c02add9a2c07ecb09fb7bd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fc500eee by Salvatore Bonaccorso at 2019-12-03T22:00:01Z Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -46477,13 +46477,13 @@ CVE-2019-4470 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scr CVE-2019-4469 RESERVED CVE-2019-4468 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4467 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4466 RESERVED CVE-2019-4465 (IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored loc ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4464 RESERVED CVE-2019-4463 @@ -46961,7 +46961,7 @@ CVE-2019-4228 CVE-2019-4227 (IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9 ...) NOT-FOR-US: IBM CVE-2019-4226 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4225 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially ...) NOT-FOR-US: IBM CVE-2019-4224 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQ ...) @@ -47153,7 +47153,7 @@ CVE-2019-4132 (IBM Cloud Automation Manager 3.1.2 could allow a user to be impro CVE-2019-4131 (IBM Application Performance Management (IBM Monitoring 8.1.4) could al ...) NOT-FOR-US: IBM CVE-2019-4130 (IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4129 (IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remot ...) NOT-FOR-US: IBM CVE-2019-4128 @@ -47217,7 +47217,7 @@ CVE-2019-4100 CVE-2019-4099 RESERVED CVE-2019-4098 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4097 RESERVED CVE-2019-4096 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc500eeea6199bbdc56d7d24e150da1ed51348c0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc500eeea6199bbdc56d7d24e150da1ed51348c0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Sync more pending CVEs for buster-pu for src:linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f8e342cc by Salvatore Bonaccorso at 2019-12-03T21:56:21Z Sync more pending CVEs for buster-pu for src:linux Those were unfortunately assigned only after we uploaded 4.19.87-1 so the debian/changelog will not contain those CVEs. - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -88,6 +88,30 @@ CVE-2019-19080 [buster] - linux 4.19.87-1 CVE-2019-19081 [buster] - linux 4.19.87-1 +CVE-2019-19523 + [buster] - linux 4.19.87-1 +CVE-2019-19524 + [buster] - linux 4.19.87-1 +CVE-2019-19525 + [buster] - linux 4.19.87-1 +CVE-2019-19526 + [buster] - linux 4.19.87-1 +CVE-2019-19527 + [buster] - linux 4.19.87-1 +CVE-2019-19528 + [buster] - linux 4.19.87-1 +CVE-2019-19529 + [buster] - linux 4.19.87-1 +CVE-2019-19530 + [buster] - linux 4.19.87-1 +CVE-2019-19532 + [buster] - linux 4.19.87-1 +CVE-2019-19533 + [buster] - linux 4.19.87-1 +CVE-2019-19534 + [buster] - linux 4.19.87-1 +CVE-2019-19537 + [buster] - linux 4.19.87-1 CVE-2019-19060 [buster] - linux 4.19.87-1 CVE-2019-19075 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8e342cc161128daa845bbe82429820a47140e4f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8e342cc161128daa845bbe82429820a47140e4f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19523/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 508323db by Salvatore Bonaccorso at 2019-12-03T21:54:14Z Add CVE-2019-19523/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -50,7 +50,8 @@ CVE-2019-19524 (In the Linux kernel before 5.3.12, there is a use-after-free bug - linux NOTE: https://git.kernel.org/linus/fa3a5a1880c91bb92594ad42dfe9eedad7996b86 CVE-2019-19523 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...) - TODO: check + - linux 5.3.7-1 + NOTE: https://git.kernel.org/linus/44efc269db7929f6275a1fa927ef082e533ecde0 CVE-2019-19522 RESERVED CVE-2019-19521 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/508323db87270dec7b0656fb452daba143e9fd8d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/508323db87270dec7b0656fb452daba143e9fd8d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19524/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 858696ca by Salvatore Bonaccorso at 2019-12-03T21:49:56Z Add CVE-2019-19524/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -47,7 +47,8 @@ CVE-2019-19525 (In the Linux kernel before 5.3.6, there is a use-after-free bug - linux 5.3.7-1 NOTE: https://git.kernel.org/linus/7fd25e6fc035f4b04b75bca6d7e8daa069603a76 CVE-2019-19524 (In the Linux kernel before 5.3.12, there is a use-after-free bug that ...) - TODO: check + - linux + NOTE: https://git.kernel.org/linus/fa3a5a1880c91bb92594ad42dfe9eedad7996b86 CVE-2019-19523 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...) TODO: check CVE-2019-19522 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/858696ca0bc082ea927136b731c46f2746a9bfb5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/858696ca0bc082ea927136b731c46f2746a9bfb5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19525/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c3e19478 by Salvatore Bonaccorso at 2019-12-03T21:45:38Z Add CVE-2019-19525/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -44,7 +44,8 @@ CVE-2019-19526 (In the Linux kernel before 5.3.9, there is a use-after-free bug - linux 5.3.9-1 NOTE: https://git.kernel.org/linus/6af3aa57a0984e061f61308fe181a9a12359fecc CVE-2019-19525 (In the Linux kernel before 5.3.6, there is a use-after-free bug that c ...) - TODO: check + - linux 5.3.7-1 + NOTE: https://git.kernel.org/linus/7fd25e6fc035f4b04b75bca6d7e8daa069603a76 CVE-2019-19524 (In the Linux kernel before 5.3.12, there is a use-after-free bug that ...) TODO: check CVE-2019-19523 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c3e19478e018abd5e3bd6950b8bae4aa97116775 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c3e19478e018abd5e3bd6950b8bae4aa97116775 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2019-19527/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4b409f5f by Salvatore Bonaccorso at 2019-12-03T21:37:28Z Add CVE-2019-19527/linux - - - - - 0edb8171 by Salvatore Bonaccorso at 2019-12-03T21:41:25Z Add CVE-2019-19526/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -37,9 +37,12 @@ CVE-2019-19528 (In the Linux kernel before 5.3.7, there is a use-after-free bug [stretch] - linux (Vulnerable code not yet present in released version) NOTE: https://git.kernel.org/linus/edc4746f253d907d048de680a621e121517f484b CVE-2019-19527 (In the Linux kernel before 5.2.10, there is a use-after-free bug that ...) - TODO: check + - linux 5.2.17-1 + NOTE: https://git.kernel.org/linus/6d4472d7bec39917b54e4e80245784ea5d60ce49 + NOTE: https://git.kernel.org/linus/9c09b214f30e3c11f9b0b03f89442df03643794d CVE-2019-19526 (In the Linux kernel before 5.3.9, there is a use-after-free bug that c ...) - TODO: check + - linux 5.3.9-1 + NOTE: https://git.kernel.org/linus/6af3aa57a0984e061f61308fe181a9a12359fecc CVE-2019-19525 (In the Linux kernel before 5.3.6, there is a use-after-free bug that c ...) TODO: check CVE-2019-19524 (In the Linux kernel before 5.3.12, there is a use-after-free bug that ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/2fa1748ebb2621bc60f4c37753749375f24294de...0edb817154889ef3386eaeabb121863ace4f287e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/2fa1748ebb2621bc60f4c37753749375f24294de...0edb817154889ef3386eaeabb121863ace4f287e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19528/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2fa1748e by Salvatore Bonaccorso at 2019-12-03T21:30:28Z Add CVE-2019-19528/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33,7 +33,9 @@ CVE-2019-19529 (In the Linux kernel before 5.3.11, there is a use-after-free bug - linux NOTE: https://git.kernel.org/linus/4d6636498c41891d0482a914dd570343a838ad79 CVE-2019-19528 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...) - TODO: check + - linux 5.3.7-1 + [stretch] - linux (Vulnerable code not yet present in released version) + NOTE: https://git.kernel.org/linus/edc4746f253d907d048de680a621e121517f484b CVE-2019-19527 (In the Linux kernel before 5.2.10, there is a use-after-free bug that ...) TODO: check CVE-2019-19526 (In the Linux kernel before 5.3.9, there is a use-after-free bug that c ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2fa1748ebb2621bc60f4c37753749375f24294de -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2fa1748ebb2621bc60f4c37753749375f24294de You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19529/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c3cb821d by Salvatore Bonaccorso at 2019-12-03T21:21:17Z Add CVE-2019-19529/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -30,7 +30,8 @@ CVE-2019-19530 (In the Linux kernel before 5.2.10, there is a use-after-free bug - linux 5.2.17-1 NOTE: https://git.kernel.org/linus/c52873e5a1ef72f845526d9f6a50704433f9c625 CVE-2019-19529 (In the Linux kernel before 5.3.11, there is a use-after-free bug that ...) - TODO: check + - linux + NOTE: https://git.kernel.org/linus/4d6636498c41891d0482a914dd570343a838ad79 CVE-2019-19528 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...) TODO: check CVE-2019-19527 (In the Linux kernel before 5.2.10, there is a use-after-free bug that ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c3cb821daf217e9c93422ac67c6dd20ef957c6f2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c3cb821daf217e9c93422ac67c6dd20ef957c6f2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19530/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a2a94d7f by Salvatore Bonaccorso at 2019-12-03T21:14:37Z Add CVE-2019-19530/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27,7 +27,8 @@ CVE-2019-19531 (In the Linux kernel before 5.2.9, there is a use-after-free bug [buster] - linux 4.19.67-1 NOTE: https://git.kernel.org/linus/fc05481b2fcabaaeccf63e32ac1baab54e5b6963 CVE-2019-19530 (In the Linux kernel before 5.2.10, there is a use-after-free bug that ...) - TODO: check + - linux 5.2.17-1 + NOTE: https://git.kernel.org/linus/c52873e5a1ef72f845526d9f6a50704433f9c625 CVE-2019-19529 (In the Linux kernel before 5.3.11, there is a use-after-free bug that ...) TODO: check CVE-2019-19528 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2a94d7f7b5c5922f305c426dc2a1f5c08baed82 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2a94d7f7b5c5922f305c426dc2a1f5c08baed82 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19531/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8cea7c60 by Salvatore Bonaccorso at 2019-12-03T21:09:28Z Add CVE-2019-19531/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23,7 +23,9 @@ CVE-2019-19532 (In the Linux kernel before 5.3.9, there are multiple out-of-boun - linux 5.3.9-1 NOTE: https://git.kernel.org/linus/d9d4b1e46d9543a82c23f6df03f4ad697dab361b CVE-2019-19531 (In the Linux kernel before 5.2.9, there is a use-after-free bug that c ...) - TODO: check + - linux 5.2.9-1 + [buster] - linux 4.19.67-1 + NOTE: https://git.kernel.org/linus/fc05481b2fcabaaeccf63e32ac1baab54e5b6963 CVE-2019-19530 (In the Linux kernel before 5.2.10, there is a use-after-free bug that ...) TODO: check CVE-2019-19529 (In the Linux kernel before 5.3.11, there is a use-after-free bug that ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8cea7c60a9009c36f195f6917e034887d436919f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8cea7c60a9009c36f195f6917e034887d436919f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19532/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 54a888dd by Salvatore Bonaccorso at 2019-12-03T21:03:08Z Add CVE-2019-19532/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20,7 +20,8 @@ CVE-2019-19533 (In the Linux kernel before 5.3.4, there is an info-leak bug that - linux 5.3.7-1 NOTE: https://git.kernel.org/linus/a10feaf8c464c3f9cfdd3a8a7ce17e1c0d498da1 CVE-2019-19532 (In the Linux kernel before 5.3.9, there are multiple out-of-bounds wri ...) - TODO: check + - linux 5.3.9-1 + NOTE: https://git.kernel.org/linus/d9d4b1e46d9543a82c23f6df03f4ad697dab361b CVE-2019-19531 (In the Linux kernel before 5.2.9, there is a use-after-free bug that c ...) TODO: check CVE-2019-19530 (In the Linux kernel before 5.2.10, there is a use-after-free bug that ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/54a888dd4946143b07ad3e1d107e76339dc75223 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/54a888dd4946143b07ad3e1d107e76339dc75223 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19533/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9d282e2e by Salvatore Bonaccorso at 2019-12-03T20:57:04Z Add CVE-2019-19533/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,7 +17,8 @@ CVE-2019-19534 (In the Linux kernel before 5.3.11, there is an info-leak bug tha - linux NOTE: https://git.kernel.org/linus/f7a1337f0d29b98733c8824e165fca3371d7d4fd CVE-2019-19533 (In the Linux kernel before 5.3.4, there is an info-leak bug that can b ...) - TODO: check + - linux 5.3.7-1 + NOTE: https://git.kernel.org/linus/a10feaf8c464c3f9cfdd3a8a7ce17e1c0d498da1 CVE-2019-19532 (In the Linux kernel before 5.3.9, there are multiple out-of-bounds wri ...) TODO: check CVE-2019-19531 (In the Linux kernel before 5.2.9, there is a use-after-free bug that c ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d282e2e141359b1f3dc8b7b93d3877acb595e12 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d282e2e141359b1f3dc8b7b93d3877acb595e12 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19534/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1ecf1e89 by Salvatore Bonaccorso at 2019-12-03T20:51:54Z Add CVE-2019-19534/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14,7 +14,8 @@ CVE-2019-19535 (In the Linux kernel before 5.2.9, there is an info-leak bug that [buster] - linux 4.19.67-1 NOTE: https://git.kernel.org/linus/30a8beeb3042f49d0537b7050fd21b490166a3d9 CVE-2019-19534 (In the Linux kernel before 5.3.11, there is an info-leak bug that can ...) - TODO: check + - linux + NOTE: https://git.kernel.org/linus/f7a1337f0d29b98733c8824e165fca3371d7d4fd CVE-2019-19533 (In the Linux kernel before 5.3.4, there is an info-leak bug that can b ...) TODO: check CVE-2019-19532 (In the Linux kernel before 5.3.9, there are multiple out-of-bounds wri ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ecf1e89ef5a1c0fcbb0f5b5a61b13c22a7602ac -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ecf1e89ef5a1c0fcbb0f5b5a61b13c22a7602ac You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19535/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 50b78558 by Salvatore Bonaccorso at 2019-12-03T20:46:41Z Add CVE-2019-19535/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10,7 +10,9 @@ CVE-2019-19536 (In the Linux kernel before 5.2.9, there is an info-leak bug that [buster] - linux 4.19.67-1 NOTE: https://git.kernel.org/linus/ead16e53c2f0ed946d82d4037c630e2f60f4ab69 CVE-2019-19535 (In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...) - TODO: check + - linux 5.2.9-1 + [buster] - linux 4.19.67-1 + NOTE: https://git.kernel.org/linus/30a8beeb3042f49d0537b7050fd21b490166a3d9 CVE-2019-19534 (In the Linux kernel before 5.3.11, there is an info-leak bug that can ...) TODO: check CVE-2019-19533 (In the Linux kernel before 5.3.4, there is an info-leak bug that can b ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/50b785587170a6ab48b1fe987d0e28e014f9bed1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/50b785587170a6ab48b1fe987d0e28e014f9bed1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19536/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 812b8c9a by Salvatore Bonaccorso at 2019-12-03T20:38:22Z Add CVE-2019-19536/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6,7 +6,9 @@ CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition bug - linux 5.2.17-1 NOTE: https://git.kernel.org/linus/303911cfc5b95d33687d9046133ff184cf5043ff CVE-2019-19536 (In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...) - TODO: check + - linux 5.2.9-1 + [buster] - linux 4.19.67-1 + NOTE: https://git.kernel.org/linus/ead16e53c2f0ed946d82d4037c630e2f60f4ab69 CVE-2019-19535 (In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...) TODO: check CVE-2019-19534 (In the Linux kernel before 5.3.11, there is an info-leak bug that can ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/812b8c9a8fac998c6f61cb26cc0914b2aa0299c6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/812b8c9a8fac998c6f61cb26cc0914b2aa0299c6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage gnome-sushi and gnome-font-viewer for jessie LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 9ae5b53b by Chris Lamb at 2019-12-03T20:30:50Z Triage gnome-sushi and gnome-font-viewer for jessie LTS. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -21,16 +21,6 @@ freeimage (hle) NOTE: 20191028: submitted a patch for CVE-2019-12211, see Debian bug report NOTE: 20191123: upstream appears to have merged a modified version of my patch -- -gnome-font-viewer (Chris Lamb) - NOTE: 20191129: needs to be revisited once there is an upstream patch (sunweaver) - NOTE: 20191201: Created upstream patch, waiting for upstream. (lamby) - NOTE: 20191202: Accepted by upstream (lamby) --- -gnome-sushi (Chris Lamb) - NOTE: 20191129: same issue as in gnome-font-viewer, should be fixed together (sunweaver) - NOTE: 20191201: Created upstream patch, waiting for upstream. (lamby) - NOTE: 20191202: Accepted by upstream (lamby) --- ibus NOTE: 20191020: Fix for regression in KDE apps still not available (apo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ae5b53b2e9c1aa20f0f25f3bdf0394689570508 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ae5b53b2e9c1aa20f0f25f3bdf0394689570508 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19537/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 152ab16a by Salvatore Bonaccorso at 2019-12-03T20:29:43Z Add CVE-2019-19537/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,8 @@ CVE-2019-19539 CVE-2019-19538 RESERVED CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition bug that ...) - TODO: check + - linux 5.2.17-1 + NOTE: https://git.kernel.org/linus/303911cfc5b95d33687d9046133ff184cf5043ff CVE-2019-19536 (In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...) TODO: check CVE-2019-19535 (In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/152ab16a6ebef522f7b92f00eae6a06020ba8efb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/152ab16a6ebef522f7b92f00eae6a06020ba8efb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage CVE-2019-19118 in python-django for jessie LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 29cd29ca by Chris Lamb at 2019-12-03T20:26:44Z Triage CVE-2019-19118 in python-django for jessie LTS. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -1544,6 +1544,7 @@ CVE-2019-19118 (Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended - python-django 2:2.2.8-1 (bug #946011) [buster] - python-django (Vulnerable code introduced later) [stretch] - python-django (Vulnerable code introduced later) + [jessie] - python-django (Vulnerable code introduced later) NOTE: https://www.djangoproject.com/weblog/2019/dec/02/security-releases/ NOTE: Introduced after https://github.com/django/django/commit/825f0beda804e48e9197fcf3b0d909f9f548aa47 (2.1a1) NOTE: https://github.com/django/django/commit/11c5e0609bcc0db93809de2a08e0dc3d70b393e4 (master) = data/dla-needed.txt = @@ -109,8 +109,6 @@ php-horde-trean (Roberto C. Sánchez) NOTE: 20191126: Corresponding with security team regarding CVE assignments. (roberto) NOTE: 20191203: Pinged upstream and MITRE regarding correctness of CVE assignments. (roberto) -- -python-django (Chris Lamb) --- python-oslo.utils NOTE: Affected code seems to be in oslo/utils/strutils.py. (utkarsh2102) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/29cd29caabf22ce380e8330ff1c88dcd0a1be6ff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/29cd29caabf22ce380e8330ff1c88dcd0a1be6ff You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add myself for front desk assignment.
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 7bb3f3d1 by Ola Lundqvist at 2019-12-03T20:11:47Z Add myself for front desk assignment. - - - - - 1 changed file: - org/lts-frontdesk.2020.txt Changes: = org/lts-frontdesk.2020.txt = @@ -14,11 +14,11 @@ Who is in charge ? From 06-01 to 12-01:Chris Lamb From 13-01 to 19-01:Mike Gabriel From 20-01 to 26-01:Thorsten Alteholz -From 27-01 to 02-02: +From 27-01 to 02-02:Ola Lundqvist From 03-02 to 09-02:Chris Lamb From 10-02 to 16-02:Mike Gabriel From 17-02 to 23-02:Thorsten Alteholz -From 24-02 to 01-03: +From 24-02 to 01-03:Ola Lundqvist From 02-03 to 08-03:Chris Lamb From 09-03 to 15-03:Mike Gabriel From 16-03 to 22-03:Thorsten Alteholz View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7bb3f3d1cc7a68dccbadf50ad74937219bc715fe -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7bb3f3d1cc7a68dccbadf50ad74937219bc715fe You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 75696a56 by security tracker role at 2019-12-03T20:10:19Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,47 @@ +CVE-2019-19539 + RESERVED +CVE-2019-19538 + RESERVED +CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition bug that ...) + TODO: check +CVE-2019-19536 (In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...) + TODO: check +CVE-2019-19535 (In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...) + TODO: check +CVE-2019-19534 (In the Linux kernel before 5.3.11, there is an info-leak bug that can ...) + TODO: check +CVE-2019-19533 (In the Linux kernel before 5.3.4, there is an info-leak bug that can b ...) + TODO: check +CVE-2019-19532 (In the Linux kernel before 5.3.9, there are multiple out-of-bounds wri ...) + TODO: check +CVE-2019-19531 (In the Linux kernel before 5.2.9, there is a use-after-free bug that c ...) + TODO: check +CVE-2019-19530 (In the Linux kernel before 5.2.10, there is a use-after-free bug that ...) + TODO: check +CVE-2019-19529 (In the Linux kernel before 5.3.11, there is a use-after-free bug that ...) + TODO: check +CVE-2019-19528 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...) + TODO: check +CVE-2019-19527 (In the Linux kernel before 5.2.10, there is a use-after-free bug that ...) + TODO: check +CVE-2019-19526 (In the Linux kernel before 5.3.9, there is a use-after-free bug that c ...) + TODO: check +CVE-2019-19525 (In the Linux kernel before 5.3.6, there is a use-after-free bug that c ...) + TODO: check +CVE-2019-19524 (In the Linux kernel before 5.3.12, there is a use-after-free bug that ...) + TODO: check +CVE-2019-19523 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...) + TODO: check +CVE-2019-19522 + RESERVED +CVE-2019-19521 + RESERVED +CVE-2019-19520 + RESERVED +CVE-2019-19519 + RESERVED +CVE-2019-19518 + RESERVED CVE-2020-1964 RESERVED CVE-2020-1963 @@ -200,7 +244,7 @@ CVE-2019-19498 RESERVED CVE-2019-19497 RESERVED -CVE-2019-19496 (Alfresco Enterprise 5.2.4 allows stored XSS via an uploaded HTML docum ...) +CVE-2019-19496 (Alfresco Enterprise before 5.2.6 allows stored XSS via an uploaded HTM ...) NOT-FOR-US: Alfresco CVE-2019-19495 RESERVED @@ -491,14 +535,14 @@ CVE-2019-19462 (relay_open in kernel/relay.c in the Linux kernel through 5.4.1 a [jessie] - linux (Vulnerability introduced later) CVE-2019-19461 RESERVED -CVE-2019-19460 - RESERVED -CVE-2019-19459 - RESERVED -CVE-2019-19458 - RESERVED -CVE-2019-19457 - RESERVED +CVE-2019-19460 (An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product' ...) + TODO: check +CVE-2019-19459 (An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker ...) + TODO: check +CVE-2019-19458 (SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data E ...) + TODO: check +CVE-2019-19457 (SALTO ProAccess SPACE 5.4.3.0 allows XSS. ...) + TODO: check CVE-2019-19456 RESERVED CVE-2019-19455 @@ -692,8 +736,8 @@ CVE-2019-19385 (A cross-site scripting (XSS) vulnerability in app/dialplans/dial NOT-FOR-US: FusionPBX CVE-2019-19384 (A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php ...) NOT-FOR-US: FusionPBX -CVE-2019-19383 - RESERVED +CVE-2019-19383 (freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted ...) + TODO: check CVE-2019-19382 RESERVED CVE-2019-19381 @@ -31049,7 +31093,7 @@ CVE-2019-10077 (A carefully crafted InterWiki link could trigger an XSS vulnerab CVE-2019-10076 (A carefully crafted malicious attachment could trigger an XSS vulnerab ...) - jspwiki CVE-2019-10075 - RESERVED + REJECTED CVE-2019-10074 (An RCE is possible by entering Freemarker markup in an Apache OFBiz Fo ...) NOT-FOR-US: Apache OFBiz CVE-2019-10073 (The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" ...) @@ -39305,10 +39349,10 @@ CVE-2019-7368 RESERVED CVE-2019-7367 RESERVED -CVE-2019-7366 - RESERVED -CVE-2019-7365 - RESERVED +CVE-2019-7366 (Buffer overflow vulnerability in Autodesk FBX Software Development Kit ...) + TODO: check +CVE-2019-7365 (DLL preloading vulnerability in Autodesk Desktop Application versions ...) + TODO: check CVE-2019-7364 (DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of ...) NOT-FOR-US: Autodesk CVE-2019-7363 (Use-after-free vulnerability in Autodesk Design Review versions
[Git][security-tracker-team/security-tracker][master] Adjust codename for CVE-2019-19203/libonig
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1141e6fa by Salvatore Bonaccorso at 2019-12-03T19:55:21Z Adjust codename for CVE-2019-19203/libonig b7a2cf7062ee (CVE-2019-19203/libonig: jessie ignored) was meant for the jessie tracking and wheezy is not handled anymore in security-tracker. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1313,7 +1313,7 @@ CVE-2019-19203 (An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In th - libonig (low; bug #945312) [buster] - libonig (Minor issue) [stretch] - libonig (Minor issue) - [wheezy] - libonig (Minor issue, not reproducible, non-trivial backport) + [jessie] - libonig (Minor issue, not reproducible, non-trivial backport) NOTE: https://github.com/kkos/oniguruma/issues/163 NOTE: https://github.com/kkos/oniguruma/commit/aa0188eaedc056dca8374ac03d0177429b495515 (v6.9.4_rc2) NOTE: Only exploitable with attacker-provided pattern View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1141e6fa7e50cbfb636a83e0a95d7e5d413edb1d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1141e6fa7e50cbfb636a83e0a95d7e5d413edb1d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Android NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0f9fe909 by Moritz Muehlenhoff at 2019-12-03T18:56:30Z Android NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29601,10 +29601,12 @@ CVE-2019-10608 RESERVED CVE-2019-10607 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10606 RESERVED CVE-2019-10605 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10604 RESERVED CVE-2019-10603 @@ -29613,18 +29615,21 @@ CVE-2019-10602 RESERVED CVE-2019-10601 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10600 RESERVED CVE-2019-10599 RESERVED CVE-2019-10598 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10597 RESERVED CVE-2019-10596 RESERVED CVE-2019-10595 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10594 RESERVED CVE-2019-10593 @@ -29703,6 +29708,7 @@ CVE-2019-10558 RESERVED CVE-2019-10557 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10556 RESERVED CVE-2019-10555 @@ -29745,8 +29751,10 @@ CVE-2019-10538 (Lack of check of address range received from firmware response a NOT-FOR-US: Snapdragon CVE-2019-10537 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10536 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10535 (Improper validation for loop variable received from firmware can lead ...) NOT-FOR-US: Snapdragon CVE-2019-10534 (Null-pointer dereference can occur while accessing the super index ent ...) @@ -29863,8 +29871,10 @@ CVE-2019-10482 RESERVED CVE-2019-10481 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10480 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10479 (An issue was discovered on Glory RBW-100 devices with firmware ISP-K05 ...) NOT-FOR-US: Glory RBW-100 devices CVE-2019-10478 (An issue was discovered on Glory RBW-100 devices with firmware ISP-K05 ...) @@ -79475,6 +79485,7 @@ CVE-2018-11981 RESERVED CVE-2018-11980 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-11979 RESERVED CVE-2018-11978 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f9fe909d22dcebd65a79d5fed3810c02b78f7d8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f9fe909d22dcebd65a79d5fed3810c02b78f7d8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new firefox issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 47251c03 by Moritz Muehlenhoff at 2019-12-03T18:53:02Z new firefox issues - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -9892,18 +9892,42 @@ CVE-2019-17015 RESERVED CVE-2019-17014 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17014 CVE-2019-17013 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17013 CVE-2019-17012 RESERVED + - firefox + - firefox-esr + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17012 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17012 CVE-2019-17011 RESERVED + - firefox + - firefox-esr + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17011 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17011 CVE-2019-17010 RESERVED + - firefox + - firefox-esr + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17010 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17010 CVE-2019-17009 RESERVED + - firefox (Updater not used in Debian packages) + - firefox-esr (Updater not used in Debian packages) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17009 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17009 CVE-2019-17008 RESERVED + - firefox + - firefox-esr + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17008 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17008 CVE-2019-17007 [nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS] RESERVED {DLA-2015-1} @@ -9917,6 +9941,10 @@ CVE-2019-17006 RESERVED CVE-2019-17005 RESERVED + - firefox + - firefox-esr + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17005 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17005 CVE-2019-17004 RESERVED CVE-2019-17003 @@ -19845,6 +19873,10 @@ CVE-2019-13723 (Use after free in WebBluetooth in Google Chrome prior to 78.0.39 - chromium 78.0.3904.108-1 CVE-2019-13722 RESERVED + - firefox + - firefox-esr + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-13722 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-13722 CVE-2019-13721 (Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowe ...) {DSA-4562-1} - chromium 78.0.3904.87-1 @@ -26164,6 +26196,8 @@ CVE-2019-11757 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11757 CVE-2019-11756 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756 CVE-2019-11755 (A crafted S/MIME message consisting of an inner encryption layer and a ...) {DSA-4571-1 DLA-1997-1} [experimental] - thunderbird 1:68.1.1-1~exp1 = data/dsa-needed.txt = @@ -21,6 +21,8 @@ curl (ghedo) -- evince/oldstable -- +firefox-esr (jmm) +-- freeimage (hle) -- glusterfs/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/47251c03a99b09be8dd03ef36145fcb4dd413a44 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/47251c03a99b09be8dd03ef36145fcb4dd413a44 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add note for python-oslo.utils
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 50daefd4 by Utkarsh Gupta at 2019-12-03T15:04:55Z Add note for python-oslo.utils - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -112,6 +112,7 @@ php-horde-trean (Roberto C. Sánchez) python-django (Chris Lamb) -- python-oslo.utils + NOTE: Affected code seems to be in oslo/utils/strutils.py. (utkarsh2102) -- python-reportlab (Hugo Lefeuvre) NOTE: 20191123: still no upstream fix View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/50daefd4b387014a70cda7601df84664178704ee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/50daefd4b387014a70cda7601df84664178704ee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage python-oslo.utils for Jessie
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: aac80c96 by Utkarsh Gupta at 2019-12-03T15:02:16Z Triage python-oslo.utils for Jessie - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -111,6 +111,8 @@ php-horde-trean (Roberto C. Sánchez) -- python-django (Chris Lamb) -- +python-oslo.utils +-- python-reportlab (Hugo Lefeuvre) NOTE: 20191123: still no upstream fix -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aac80c96b474217e45eaafdf86a65c9992ce29a3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aac80c96b474217e45eaafdf86a65c9992ce29a3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug tracking information for CVE-2019-3866/python-oslo.utils
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6e6805f2 by Salvatore Bonaccorso at 2019-12-03T14:53:17Z Add Debian bug tracking information for CVE-2019-3866/python-oslo.utils - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -47672,7 +47672,7 @@ CVE-2019-3867 RESERVED NOT-FOR-US: OpenShift (web-cosnole issue specific to OpenShift only) CVE-2019-3866 (An information-exposure vulnerability was discovered where openstack-m ...) - - python-oslo.utils (low) + - python-oslo.utils (low; bug #946060) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1768731 NOTE: https://bugs.launchpad.net/tripleo/+bug/1850843 NOTE: https://opendev.org/openstack/oslo.utils/commit/b41268417cecb12d1d5955ee3107067edf050221 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e6805f24da6be394404219bb2d7482ce6770752 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e6805f24da6be394404219bb2d7482ce6770752 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status of OpenJDK 7 in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: b335db7c by Markus Koschany at 2019-12-03T13:42:49Z Update status of OpenJDK 7 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -92,8 +92,8 @@ luajit (Utkarsh Gupta) opendmarc (Thorsten Alteholz) NOTE: 20191124: still testing package, original patch does not seem to be enough -- -openjdk-7 - NOTE: 20191118: Pinged upstream about a new upstream release again four days ago. (apo) +openjdk-7 (Markus Koschany) + NOTE: 20191203: I intend to release OpenJDK 7 in a few days after I have included Roberto's autopkgtests. (apo) -- opensc (Roberto C. Sánchez) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b335db7c347668365edfbb1edf1ddaafc94985ee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b335db7c347668365edfbb1edf1ddaafc94985ee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track CVE fixes for linux upload via buster-pu (4.19.87-1)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2354be29 by Salvatore Bonaccorso at 2019-12-03T13:38:52Z Track CVE fixes for linux upload via buster-pu (4.19.87-1) - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -28,3 +28,67 @@ CVE-2019-13566 [buster] - ros-ros-comm 1.14.3+ds1-5+deb10u1 CVE-2019-14857 [buster] - libapache2-mod-auth-openidc 2.3.10.2-1+deb10u1 +CVE-2019-14814 + [buster] - linux 4.19.87-1 +CVE-2019-14815 + [buster] - linux 4.19.87-1 +CVE-2019-14816 + [buster] - linux 4.19.87-1 +CVE-2019-15030 + [buster] - linux 4.19.87-1 +CVE-2019-15031 + [buster] - linux 4.19.87-1 +CVE-2019-15098 + [buster] - linux 4.19.87-1 +CVE-2019-15504 + [buster] - linux 4.19.87-1 +CVE-2019-15505 + [buster] - linux 4.19.87-1 +CVE-2019-15918 + [buster] - linux 4.19.87-1 +CVE-2019-16714 + [buster] - linux 4.19.87-1 +CVE-2019-16746 + [buster] - linux 4.19.87-1 +CVE-2019-17052 + [buster] - linux 4.19.87-1 +CVE-2019-17053 + [buster] - linux 4.19.87-1 +CVE-2019-17054 + [buster] - linux 4.19.87-1 +CVE-2019-17055 + [buster] - linux 4.19.87-1 +CVE-2019-17056 + [buster] - linux 4.19.87-1 +CVE-2019-17075 + [buster] - linux 4.19.87-1 +CVE-2019-17133 + [buster] - linux 4.19.87-1 +CVE-2019-17666 + [buster] - linux 4.19.87-1 +CVE-2019-18660 + [buster] - linux 4.19.87-1 +CVE-2019-18683 + [buster] - linux 4.19.87-1 +CVE-2019-18806 + [buster] - linux 4.19.87-1 +CVE-2019-18813 + [buster] - linux 4.19.87-1 +CVE-2019-19045 + [buster] - linux 4.19.87-1 +CVE-2019-19048 + [buster] - linux 4.19.87-1 +CVE-2019-19049 + [buster] - linux 4.19.87-1 +CVE-2019-19052 + [buster] - linux 4.19.87-1 +CVE-2019-19065 + [buster] - linux 4.19.87-1 +CVE-2019-19080 + [buster] - linux 4.19.87-1 +CVE-2019-19081 + [buster] - linux 4.19.87-1 +CVE-2019-19060 + [buster] - linux 4.19.87-1 +CVE-2019-19075 + [buster] - linux 4.19.87-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2354be2917ceb9e91b0f61d5ed49d7c55812abf4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2354be2917ceb9e91b0f61d5ed49d7c55812abf4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug tracker reference for CVE-2019-19391/luajit
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7b2c64bb by Salvatore Bonaccorso at 2019-12-03T13:37:02Z Add Debian bug tracker reference for CVE-2019-19391/luajit - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -676,7 +676,7 @@ CVE-2019-19393 CVE-2019-19392 RESERVED CVE-2019-19391 (In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other pro ...) - - luajit + - luajit (bug #946053) NOTE: https://github.com/LuaJIT/LuaJIT/pull/526 CVE-2019-19390 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b2c64bbc8ba12fc36e8a6057a24d7d5d42fb8db -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b2c64bbc8ba12fc36e8a6057a24d7d5d42fb8db You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Expand slightly reasoning on the not-affected status for CVE-2019-19480
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0ac61e28 by Salvatore Bonaccorso at 2019-12-03T13:20:22Z Expand slightly reasoning on the not-affected status for CVE-2019-19480 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -246,6 +246,10 @@ CVE-2019-19480 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x thro NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478 NOTE: Introduced in: https://github.com/OpenSC/OpenSC/commit/630d6adf32cecaab0ee184618f56497bd50400fb NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7 + NOTE: The introducing commit attempted to fix a memory leak issue, and later on + NOTE: further memleak issues were addressed related to those changes. But those + NOTE: fixes are not related "directly" to the CVE assignment for the incorrect + NOTE: free operation in sc_pkcs15_decode_prkdf_entry. CVE-2019-19479 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0. ...) - opensc NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0ac61e280f862217f5d8efd020254270ec8e9378 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0ac61e280f862217f5d8efd020254270ec8e9378 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-19480/opensc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cc59bb26 by Salvatore Bonaccorso at 2019-12-03T13:14:07Z Update information on CVE-2019-19480/opensc - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -242,10 +242,10 @@ CVE-2019-19481 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x thro NOTE: Mark 0.19.0~rc1 based version as fixed which removed the affected code, which NOTE: later was re-introduced upstream in 0.20.0~rc1 again. CVE-2019-19480 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0. ...) - - opensc - [jessie] - opensc (Vulnerable code not present) + - opensc (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478 - NOTE: https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7 + NOTE: Introduced in: https://github.com/OpenSC/OpenSC/commit/630d6adf32cecaab0ee184618f56497bd50400fb + NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7 CVE-2019-19479 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0. ...) - opensc NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc59bb260b40bffe7e1258fcca8636cf58aa138a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc59bb260b40bffe7e1258fcca8636cf58aa138a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add and claim luajit
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: cb4d2ffe by Utkarsh Gupta at 2019-12-03T09:31:06Z Add and claim luajit - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -87,6 +87,8 @@ linux (Ben Hutchings) -- linux-4.9 (Ben Hutchings) -- +luajit (Utkarsh Gupta) +-- opendmarc (Thorsten Alteholz) NOTE: 20191124: still testing package, original patch does not seem to be enough -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb4d2ffe39c4532d30d5a379818874ee3fd8b4a7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb4d2ffe39c4532d30d5a379818874ee3fd8b4a7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new luajit issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 23eefb8c by Moritz Muehlenhoff at 2019-12-03T09:05:31Z new luajit issue NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -81,7 +81,7 @@ CVE-2020-1925 CVE-2019-19517 RESERVED CVE-2019-19516 (Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp ...) - TODO: check + NOT-FOR-US: Intelbras WRN CVE-2019-19515 RESERVED CVE-2019-19514 @@ -179,7 +179,7 @@ CVE-2019-19509 CVE-2019-19508 RESERVED CVE-2019-19507 (In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can ...) - TODO: check + NOT-FOR-US: Json Pattern Validator CVE-2019-19506 RESERVED CVE-2019-19505 @@ -189,7 +189,7 @@ CVE-2019-19504 CVE-2019-19503 RESERVED CVE-2019-19502 (pluginconfig.php in the Image Uploader and Browser plugin before 4.1.9 ...) - TODO: check + NOT-FOR-US: ckeditor plugin CVE-2019-19501 RESERVED CVE-2019-19500 @@ -672,7 +672,8 @@ CVE-2019-19393 CVE-2019-19392 RESERVED CVE-2019-19391 (In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other pro ...) - TODO: check + - luajit + NOTE: https://github.com/LuaJIT/LuaJIT/pull/526 CVE-2019-19390 RESERVED CVE-2019-19389 @@ -970,7 +971,7 @@ CVE-2019-19318 (In the Linux kernel 5.3.11, mounting a crafted btrfs image twice CVE-2019-19317 RESERVED CVE-2019-19316 (When using the Azure backend with a shared access signature (SAS), Ter ...) - TODO: check + NOT-FOR-US: Terraform CVE-2019-19315 RESERVED CVE-2019-19314 [Tokens stored in plaintext] @@ -1206,7 +1207,7 @@ CVE-2019-19246 (Oniguruma through 6.9.3, as used in PHP 7.3.x and other products NOTE: https://bugs.php.net/bug.php?id=78559 NOTE: https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b CVE-2019-19245 (NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication S ...) - TODO: check + NOT-FOR-US: NAPC Xinet Elegant 6 Asset Library CVE-2019-19244 (sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-sel ...) - sqlite3 [jessie] - sqlite3 (Vulnerable code, i.e. window functions, not present) @@ -1789,21 +1790,21 @@ CVE-2019-19023 CVE-2019-19022 (iTerm2 through 3.3.6 has potentially insufficient documentation about ...) NOT-FOR-US: iTerm2 CVE-2019-19021 (An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidd ...) - TODO: check + NOT-FOR-US: TitanHQ WebTitan CVE-2019-19020 (An issue was discovered in TitanHQ WebTitan before 5.18. In the admini ...) - TODO: check + NOT-FOR-US: TitanHQ WebTitan CVE-2019-19019 (An issue was discovered in TitanHQ WebTitan before 5.18. It contains a ...) - TODO: check + NOT-FOR-US: TitanHQ WebTitan CVE-2019-19018 (An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a ...) - TODO: check + NOT-FOR-US: TitanHQ WebTitan CVE-2019-19017 (An issue was discovered in TitanHQ WebTitan before 5.18. The appliance ...) - TODO: check + NOT-FOR-US: TitanHQ WebTitan CVE-2019-19016 (An issue was discovered in TitanHQ WebTitan before 5.18. Some function ...) - TODO: check + NOT-FOR-US: TitanHQ WebTitan CVE-2019-19015 (An issue was discovered in TitanHQ WebTitan before 5.18. The proxy ser ...) - TODO: check + NOT-FOR-US: TitanHQ WebTitan CVE-2019-19014 (An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudo ...) - TODO: check + NOT-FOR-US: TitanHQ WebTitan CVE-2019-19013 (A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an ...) NOT-FOR-US: Pagekit CMS CVE-2019-19012 (An integer overflow in the search_in_range function in regexec.c in On ...) @@ -13602,7 +13603,7 @@ CVE-2019-15691 CVE-2019-15690 RESERVED CVE-2019-15689 (Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky To ...) - TODO: check + NOT-FOR-US: Kaspersky CVE-2019-15688 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...) NOT-FOR-US: Kaspersky CVE-2019-15687 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...) @@ -16357,6 +16358,7 @@ CVE-2019-14838 (A flaw was found in wildfly-core before 7.2.5.GA. The Management - wildfly (bug #752018) CVE-2019-14837 RESERVED + NOT-FOR-US: Keycloak CVE-2019-14836 RESERVED CVE-2019-14835 (A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in ...) @@ -24101,7 +24103,7 @@ CVE-2019-12519 CVE-2017-18376 (An improper authorization check in the User API in TheHive before 2.13 ...) NOT-FOR-US: User API in TheHive Project CVE-2019-12518 (Anviz CrossChex access control
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a69bf0a by security tracker role at 2019-12-03T08:10:19Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,93 @@ +CVE-2020-1964 + RESERVED +CVE-2020-1963 + RESERVED +CVE-2020-1962 + RESERVED +CVE-2020-1961 + RESERVED +CVE-2020-1960 + RESERVED +CVE-2020-1959 + RESERVED +CVE-2020-1958 + RESERVED +CVE-2020-1957 + RESERVED +CVE-2020-1956 + RESERVED +CVE-2020-1955 + RESERVED +CVE-2020-1954 + RESERVED +CVE-2020-1953 + RESERVED +CVE-2020-1952 + RESERVED +CVE-2020-1951 + RESERVED +CVE-2020-1950 + RESERVED +CVE-2020-1949 + RESERVED +CVE-2020-1948 + RESERVED +CVE-2020-1947 + RESERVED +CVE-2020-1946 + RESERVED +CVE-2020-1945 + RESERVED +CVE-2020-1944 + RESERVED +CVE-2020-1943 + RESERVED +CVE-2020-1942 + RESERVED +CVE-2020-1941 + RESERVED +CVE-2020-1940 + RESERVED +CVE-2020-1939 + RESERVED +CVE-2020-1938 + RESERVED +CVE-2020-1937 + RESERVED +CVE-2020-1936 + RESERVED +CVE-2020-1935 + RESERVED +CVE-2020-1934 + RESERVED +CVE-2020-1933 + RESERVED +CVE-2020-1932 + RESERVED +CVE-2020-1931 + RESERVED +CVE-2020-1930 + RESERVED +CVE-2020-1929 + RESERVED +CVE-2020-1928 + RESERVED +CVE-2020-1927 + RESERVED +CVE-2020-1926 + RESERVED +CVE-2020-1925 + RESERVED +CVE-2019-19517 + RESERVED +CVE-2019-19516 (Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp ...) + TODO: check +CVE-2019-19515 + RESERVED +CVE-2019-19514 + RESERVED +CVE-2019-19513 + RESERVED CVE-2020-1924 RESERVED CVE-2020-1923 @@ -879,8 +969,8 @@ CVE-2019-19318 (In the Linux kernel 5.3.11, mounting a crafted btrfs image twice - linux CVE-2019-19317 RESERVED -CVE-2019-19316 - RESERVED +CVE-2019-19316 (When using the Azure backend with a shared access signature (SAS), Ter ...) + TODO: check CVE-2019-19315 RESERVED CVE-2019-19314 [Tokens stored in plaintext] @@ -8933,6 +9023,7 @@ CVE-2019-17404 (Nokia IMPACT 18A: allows full path disclosure ...) CVE-2019-17403 (Nokia IMPACT 18A: An unrestricted File Upload vulnerability was f ...) NOT-FOR-US: Nokia CVE-2019-17402 (Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in ...) + {DLA-2019-1} - exiv2 [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) @@ -13510,8 +13601,8 @@ CVE-2019-15691 RESERVED CVE-2019-15690 RESERVED -CVE-2019-15689 - RESERVED +CVE-2019-15689 (Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky To ...) + TODO: check CVE-2019-15688 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...) NOT-FOR-US: Kaspersky CVE-2019-15687 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a69bf0a7976d640519efe13204df8fc49fb018e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a69bf0a7976d640519efe13204df8fc49fb018e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits