[Git][security-tracker-team/security-tracker][master] Add upstream commit reference for 1.9.x branch for CVE-2018-1002100/kubernetes
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 59dbabd0 by Salvatore Bonaccorso at 2019-05-19T15:23:14Z Add upstream commit reference for 1.9.x branch for CVE-2018-1002100/kubernetes - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -57160,6 +57160,7 @@ CVE-2018-1000171 CVE-2018-1002100 (In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to versio ...) - kubernetes NOTE: https://github.com/kubernetes/kubernetes/issues/61297 + NOTE: https://github.com/kubernetes/kubernetes/commit/f180c969ccd47b9d00dbaf5cbd5b37eb8b49ae08 (1.9.x) CVE-2018-1000170 (A cross-site scripting vulnerability exists in Jenkins 2.115 and older ...) - jenkins CVE-2018-1000169 (An exposure of sensitive information vulnerability exists in Jenkins 2 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/59dbabd040978c746c81874ed50dd60a54397561 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/59dbabd040978c746c81874ed50dd60a54397561 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2018-1002101/kubernetes
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
314a5e2c by Salvatore Bonaccorso at 2019-05-19T15:31:36Z
Update status for CVE-2018-1002101/kubernetes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -52635,7 +52635,7 @@ CVE-2018-11709 (wpforo_get_request_uri in
wpf-includes/functions.php in the wpFo
CVE-2018-11708
RESERVED
CVE-2018-1002101 (In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and
1.11.0-1.11.1, ...)
- - kubernetes
+ - kubernetes (Vulnerable code introduced later; Windows
specific)
NOTE: https://github.com/kubernetes/kubernetes/issues/65750
CVE-2016-1000343 (In the Bouncy Castle JCE Provider version 1.55 and earlier
the DSA key ...)
{DLA-1418-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/314a5e2c6e445bbbd48e71304595c0e31585cfbe
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/314a5e2c6e445bbbd48e71304595c0e31585cfbe
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2018-1002100/kubernetes
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: abe5b5d0 by Salvatore Bonaccorso at 2019-05-19T15:33:07Z Add Debian bug reference for CVE-2018-1002100/kubernetes - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -57158,7 +57158,7 @@ CVE-2018-10097 (XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email CVE-2018-1000171 REJECTED CVE-2018-1002100 (In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to versio ...) - - kubernetes + - kubernetes (bug #929225) NOTE: https://github.com/kubernetes/kubernetes/issues/61297 NOTE: https://github.com/kubernetes/kubernetes/commit/f180c969ccd47b9d00dbaf5cbd5b37eb8b49ae08 (1.9.x) CVE-2018-1000170 (A cross-site scripting vulnerability exists in Jenkins 2.115 and older ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/abe5b5d0a5647647f75470185379518652def479 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/abe5b5d0a5647647f75470185379518652def479 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2018-18443/openexr
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ed0b370f by Salvatore Bonaccorso at 2019-05-19T15:54:42Z Update status for CVE-2018-18443/openexr The issue as in CVE-2018-18443 is actually not a heap-based buffer overflow but rather a minor memory leak. Mark the issue as unimportant mentioning in the note the reason for severity unimportant. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -34823,11 +34823,9 @@ CVE-2018-18444 (makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of - openexr (unimportant) NOTE: Issue in exrmultiview which is not installed in the binary package. CVE-2018-18443 (OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/Ilm ...) - - openexr (low) - [buster] - openexr (Minor issue) - [stretch] - openexr (Minor issue) - [jessie] - openexr (Minor issue) + - openexr (unimportant) NOTE: https://github.com/openexr/openexr/issues/350 + NOTE: Memory leak with overall negligible security impact CVE-2018-18442 (D-Link DCS-825L devices with firmware 1.08 do not employ a suitable me ...) NOT-FOR-US: D-Link CVE-2018-18441 (D-Link DCS series Wi-Fi cameras expose sensitive information regarding ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed0b370f94a8287f4a3d4aeec11743d9e23b3be4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed0b370f94a8287f4a3d4aeec11743d9e23b3be4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-11766/dhcpcd5 as no-dsa for stretch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2937055a by Salvatore Bonaccorso at 2019-05-19T19:59:08Z Mark CVE-2019-11766/dhcpcd5 as no-dsa for stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -862,6 +862,7 @@ CVE-2019-11767 (Server side request forgery (SSRF) in phpBB before 3.2.6 allows NOTE: https://www.phpbb.com/community/viewtopic.php?f=14&t=2509941 CVE-2019-11766 (dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over ...) - dhcpcd5 7.1.0-2 (bug #928440) + [stretch] - dhcpcd5 (Minor issue) [jessie] - dhcpcd5 (Vulnerable code not present; D6_OPTION_PD_EXCLUDE support added later) NOTE: https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8 NOTE: https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=896ef4a54b0578985e5e1360b141593f1d62837b View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2937055ab87a0131a0241563371d3e37a542a42d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2937055ab87a0131a0241563371d3e37a542a42d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-1007{6,7,8}/jspwiki
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d84ff549 by Salvatore Bonaccorso at 2019-05-19T20:04:28Z
Add CVE-2019-1007{6,7,8}/jspwiki
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -4976,10 +4976,13 @@ CVE-2019-10079
RESERVED
CVE-2019-10078
RESERVED
+ - jspwiki
CVE-2019-10077
RESERVED
+ - jspwiki
CVE-2019-10076
RESERVED
+ - jspwiki
CVE-2019-10075
RESERVED
CVE-2019-10074
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d84ff549c74bcf9d72ebd6532cdc0077f9e58e6e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d84ff549c74bcf9d72ebd6532cdc0077f9e58e6e
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dc6cd07a by security tracker role at 2019-05-19T20:10:35Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,21 @@
+CVE-2019-12184 (There is XSS in browser/components/MarkdownPreview.js in
BoostIO Boost ...)
+ TODO: check
+CVE-2019-12183
+ RESERVED
+CVE-2019-12182
+ RESERVED
+CVE-2019-12181
+ RESERVED
+CVE-2019-12180
+ RESERVED
+CVE-2019-12179
+ RESERVED
+CVE-2019-12178
+ RESERVED
+CVE-2019-12177
+ RESERVED
+CVE-2019-12176
+ RESERVED
CVE-2019-12175
RESERVED
CVE-2019-12174
@@ -1325,6 +1343,7 @@ CVE-2019-11577 (dhcpcd before 7.2.1 contains a buffer
overflow in dhcp6_findna i
[jessie] - dhcpcd5 (Vulnerable code not present)
NOTE:
https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6
CVE-2019-11579 (dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow
with DHO ...)
+ {DLA-1793-1}
- dhcpcd5 7.1.0-2 (low; bug #928104)
[stretch] - dhcpcd5 (Minor issue)
NOTE:
https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8
@@ -20667,7 +20686,7 @@ CVE-2019-3840 (A NULL pointer dereference flaw was
discovered in libvirt before
NOTE:
https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html
NOTE:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=7cfd1fbb1332ae5df678b9f41a62156cb2e88c73
CVE-2019-3839 (It was found that in ghostscript some privileged operators
remained ac ...)
- {DSA-4442-1}
+ {DSA-4442-1 DLA-1792-1}
- ghostscript 9.27~dfsg-1
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9
NOTE: To prevent pdf2dsc regression additionally:
@@ -22589,6 +22608,7 @@ CVE-2018-20363 (LibRaw::raw2image in libraw_cxx.cpp in
LibRaw 0.19.1 has a NULL
NOTE: Additionally needed:
https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root
cause
CVE-2018-20362 (A NULL pointer dereference was discovered in ifilter_bank of
libfaad/f ...)
+ {DLA-1791-1}
- faad2 2.8.8-2 (low)
[stretch] - faad2 (Minor issue)
NOTE: https://github.com/knik0/faad2/issues/26
@@ -23199,12 +23219,14 @@ CVE-2018-20199 (A NULL pointer dereference was
discovered in ifilter_bank of lib
[stretch] - faad2 (Minor issue)
NOTE: https://github.com/knik0/faad2/issues/24
CVE-2018-20198 (A NULL pointer dereference was discovered in ifilter_bank of
libfaad/f ...)
+ {DLA-1791-1}
- faad2 2.8.8-2 (low)
[stretch] - faad2 (Minor issue)
NOTE: https://github.com/knik0/faad2/issues/23
NOTE: same underlying issue as CVE-2018-20362, same fix:
NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
CVE-2018-20197 (There is a stack-based buffer underflow in the third instance
of the c ...)
+ {DLA-1791-1}
- faad2 2.8.8-2
NOTE: https://github.com/knik0/faad2/issues/20
NOTE: very similar to CVE-2018-20194, same fix:
@@ -23218,6 +23240,7 @@ CVE-2018-20195 (A NULL pointer dereference was
discovered in ic_predict of libfa
[stretch] - faad2 (Minor issue)
NOTE: https://github.com/knik0/faad2/issues/25
CVE-2018-20194 (There is a stack-based buffer underflow in the third instance
of the c ...)
+ {DLA-1791-1}
- faad2 2.8.8-2
NOTE: https://github.com/knik0/faad2/issues/21
NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc6cd07afb75335719c506dfa9bf2cc480713562
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc6cd07afb75335719c506dfa9bf2cc480713562
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4dc64674 by Salvatore Bonaccorso at 2019-05-19T20:34:33Z Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2019-12184 (There is XSS in browser/components/MarkdownPreview.js in BoostIO Boost ...) - TODO: check + NOT-FOR-US: Boostnote CVE-2019-12183 RESERVED CVE-2019-12182 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4dc64674c8a66d0f36524220a529cfb527985996 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4dc64674c8a66d0f36524220a529cfb527985996 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2019-11833/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 48e8aec9 by Salvatore Bonaccorso at 2019-05-19T20:47:20Z Reference upstream commit for CVE-2019-11833/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -735,6 +735,7 @@ CVE-2019-11834 (cJSON before 1.7.11 allows out-of-bounds access, related to \x00 NOTE: https://github.com/DaveGamble/cJSON/issues/337 CVE-2019-11833 (fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out ...) - linux + NOTE: Fixed by: https://git.kernel.org/linus/592acbf16821288ecdc4192c47e3774a4c48bb64 CVE-2019-11832 (TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execut ...) NOT-FOR-US: Typo3 CVE-2019-11831 (The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/48e8aec9c724c1a7a39e2d2c8d921be74411dfe6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/48e8aec9c724c1a7a39e2d2c8d921be74411dfe6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track poposed update for mariadb-10.1 via stretch-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7a689170 by Salvatore Bonaccorso at 2019-05-20T07:33:07Z Track poposed update for mariadb-10.1 via stretch-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -75,3 +75,7 @@ CVE-2018-1320 [stretch] - libthrift-java 0.9.1-2.1~deb9u1 CVE-2019-11675 [stretch] - groonga 6.1.5-1+deb9u1 +CVE-2019-2627 + [stretch] - mariadb-10.1 10.1.40-0+deb9u1 +CVE-2019-2614 + [stretch] - mariadb-10.1 10.1.40-0+deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a689170774ed0d8578e0f6d84c3429e3f03c85e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a689170774ed0d8578e0f6d84c3429e3f03c85e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c15e48ea by security tracker role at 2019-05-20T08:10:14Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,41 @@
+CVE-2019-12203
+ RESERVED
+CVE-2019-12202
+ RESERVED
+CVE-2019-12201
+ RESERVED
+CVE-2019-12200
+ RESERVED
+CVE-2019-12199
+ RESERVED
+CVE-2019-12198 (In GoHttp through 2017-07-25, there is a stack-based buffer
over-read ...)
+ TODO: check
+CVE-2019-12197
+ RESERVED
+CVE-2019-12196
+ RESERVED
+CVE-2019-12195
+ RESERVED
+CVE-2019-12194
+ RESERVED
+CVE-2019-12193
+ RESERVED
+CVE-2019-12192
+ RESERVED
+CVE-2019-12191
+ RESERVED
+CVE-2019-12190
+ RESERVED
+CVE-2019-12189
+ RESERVED
+CVE-2019-12188
+ RESERVED
+CVE-2019-12187
+ RESERVED
+CVE-2019-12186
+ RESERVED
+CVE-2019-12185 (eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the
/app/con ...)
+ TODO: check
CVE-2019-12184 (There is XSS in browser/components/MarkdownPreview.js in
BoostIO Boost ...)
NOT-FOR-US: Boostnote
CVE-2019-12183
@@ -20887,6 +20925,7 @@ CVE-2019-3797 (This affects Spring Data JPA in versions
up to and including 2.1.
CVE-2019-3796
RESERVED
CVE-2019-3795 (Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to
5.0.12, ...)
+ {DLA-1794-1}
- libspring-security-2.0-java
NOTE:
https://github.com/spring-projects/spring-security/commit/6f02f690ac65ccf99d8df47ac3d730a68f87c569
CVE-2019-3794
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c15e48ea1212b386e9be9e13621913eeb53847c1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c15e48ea1212b386e9be9e13621913eeb53847c1
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove some no-dsa tagged entries which got an update in DLA-1796-1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 09f9a290 by Salvatore Bonaccorso at 2019-05-20T12:03:31Z Remove some no-dsa tagged entries which got an update in DLA-1796-1 One got an update in the same DLA but was previously marked as not-affected. Assuming that triage was wrong and the inclusion of the fix is correct, drop the previous entry as well in the same run. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10204,7 +10204,6 @@ CVE-2019-8323 [Escape sequence injection vulnerability in API response handling] - ruby2.1 - rubygems - jruby (bug #925987) - [jessie] - jruby (Vulnerable code introduced later) NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/ NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b @@ -64805,7 +64804,6 @@ CVE-2018-178 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 - ruby1.9.1 - rubygems - jruby 9.1.17.0-1 (bug #895778) - [jessie] - jruby (See DSA-4219-1) NOTE: https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ CVE-2018-177 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...) @@ -64816,7 +64814,6 @@ CVE-2018-177 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 - ruby1.9.1 - rubygems - jruby 9.1.17.0-1 (bug #895778) - [jessie] - jruby (See DSA-4219-1) NOTE: https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964 NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ CVE-2018-176 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...) @@ -64827,7 +64824,6 @@ CVE-2018-176 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 - ruby1.9.1 - rubygems - jruby 9.1.17.0-1 (bug #895778) - [jessie] - jruby (See DSA-4219-1) NOTE: https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693 NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ CVE-2018-175 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...) @@ -64838,7 +64834,6 @@ CVE-2018-175 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 - ruby1.9.1 - rubygems - jruby 9.1.17.0-1 (bug #895778) - [jessie] - jruby (See DSA-4219-1) NOTE: https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83 NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ CVE-2018-174 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...) @@ -64851,7 +64846,6 @@ CVE-2018-174 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 - rubygems [wheezy] - rubygems (Minor issue) - jruby 9.1.17.0-1 (bug #895778) - [jessie] - jruby (See DSA-4219-1) NOTE: https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ CVE-2018-173 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/09f9a290dd3d8ad2e7894ef01f253643f579ff94 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/09f9a290dd3d8ad2e7894ef01f253643f579ff94 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c6d8cd22 by Salvatore Bonaccorso at 2019-05-20T12:26:10Z Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,7 +9,7 @@ CVE-2019-12200 CVE-2019-12199 RESERVED CVE-2019-12198 (In GoHttp through 2017-07-25, there is a stack-based buffer over-read ...) - TODO: check + NOT-FOR-US: GoHttp CVE-2019-12197 RESERVED CVE-2019-12196 @@ -35,7 +35,7 @@ CVE-2019-12187 CVE-2019-12186 RESERVED CVE-2019-12185 (eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/con ...) - TODO: check + NOT-FOR-US: eLabFTW CVE-2019-12184 (There is XSS in browser/components/MarkdownPreview.js in BoostIO Boost ...) NOT-FOR-US: Boostnote CVE-2019-12183 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c6d8cd22b3b04d140f6c8280e6c37be50005a032 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c6d8cd22b3b04d140f6c8280e6c37be50005a032 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2018-20839/systemd as no-dsa for stretch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 842186ac by Salvatore Bonaccorso at 2019-05-20T12:52:12Z Mark CVE-2018-20839/systemd as no-dsa for stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -108,6 +108,7 @@ CVE-2019-12150 RESERVED CVE-2018-20839 (systemd 242 changes the VT1 mode upon a logout, which allows attackers ...) - systemd 241-4 (bug #929116) + [stretch] - systemd (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993 NOTE: https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f NOTE: https://github.com/systemd/systemd/pull/12378 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/842186aca574cb0ccb2827757876c6480b3bb3f0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/842186aca574cb0ccb2827757876c6480b3bb3f0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix for CVE-2018-19105/librecad proposed for stretch-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 47acd3fa by Salvatore Bonaccorso at 2019-05-20T16:24:05Z Fix for CVE-2018-19105/librecad proposed for stretch-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -79,3 +79,5 @@ CVE-2019-2627 [stretch] - mariadb-10.1 10.1.40-0+deb9u1 CVE-2019-2614 [stretch] - mariadb-10.1 10.1.40-0+deb9u1 +CVE-2018-19105 + [stretch] - librecad 2.1.2-1+deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/47acd3fa87f468c8ce11b5c778b036b2c54581ae -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/47acd3fa87f468c8ce11b5c778b036b2c54581ae You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix typo in note related to mc-clear passthrough for qemu + libvirt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9f94de95 by Salvatore Bonaccorso at 2019-05-20T19:41:09Z
Fix typo in note related to mc-clear passthrough for qemu + libvirt
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -2554,7 +2554,7 @@ CVE-2019-11091 [MDSUM Microarchitectural Data Sampling
Uncacheable Memory]
NOTE: https://xenbits.xen.org/xsa/advisory-297.html
NOTE: libvirt support for md-clear CPUID bit:
NOTE:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
- NOTE: qemu and libvirt need updates to passthrough md-clear, see
#929067 for qemu adnd #929154 for libvirt
+ NOTE: qemu and libvirt need updates to passthrough md-clear, see
#929067 for qemu and #929154 for libvirt
CVE-2019-11090
RESERVED
CVE-2019-11089
@@ -51476,7 +51476,7 @@ CVE-2018-12130 [MFBDS Microarchitectural Fill Buffer
Data Sampling]
NOTE: https://xenbits.xen.org/xsa/advisory-297.html
NOTE: libvirt support for md-clear CPUID bit:
NOTE:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
- NOTE: qemu and libvirt need updates to passthrough md-clear, see
#929067 for qemu adnd #929154 for libvirt
+ NOTE: qemu and libvirt need updates to passthrough md-clear, see
#929067 for qemu and #929154 for libvirt
CVE-2018-12129
RESERVED
CVE-2018-12128
@@ -51492,7 +51492,7 @@ CVE-2018-12127 [MLPDS Microarchitectural Load Port
Data Sampling]
NOTE: https://xenbits.xen.org/xsa/advisory-297.html
NOTE: libvirt support for md-clear CPUID bit:
NOTE:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
- NOTE: qemu and libvirt need updates to passthrough md-clear, see
#929067 for qemu adnd #929154 for libvirt
+ NOTE: qemu and libvirt need updates to passthrough md-clear, see
#929067 for qemu and #929154 for libvirt
CVE-2018-12126 [MSBDS Microarchitectural Store Buffer Data Sampling]
RESERVED
{DSA-4447-1 DSA--1 DLA-1789-1 DLA-1787-1}
@@ -51504,7 +51504,7 @@ CVE-2018-12126 [MSBDS Microarchitectural Store Buffer
Data Sampling]
NOTE: https://xenbits.xen.org/xsa/advisory-297.html
NOTE: libvirt support for md-clear CPUID bit:
NOTE:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
- NOTE: qemu and libvirt need updates to passthrough md-clear, see
#929067 for qemu adnd #929154 for libvirt
+ NOTE: qemu and libvirt need updates to passthrough md-clear, see
#929067 for qemu and #929154 for libvirt
CVE-2018-12125
RESERVED
CVE-2018-12124
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9f94de9528a67ee9024c57e310d6da1b345024a1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9f94de9528a67ee9024c57e310d6da1b345024a1
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-0201/zookeeper
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: de86434c by Salvatore Bonaccorso at 2019-05-20T20:00:31Z Add CVE-2019-0201/zookeeper - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -32501,8 +32501,10 @@ CVE-2019-0203 RESERVED CVE-2019-0202 RESERVED -CVE-2019-0201 +CVE-2019-0201 [Information disclosure vulnerability] RESERVED + - zookeeper + NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-1392 CVE-2019-0200 (A Denial of Service vulnerability was found in Apache Qpid Broker-J ve ...) - qpid-java (bug #840131) CVE-2019-0199 (The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de86434cbfbee264315ffd7d52ac71cc418da58f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de86434cbfbee264315ffd7d52ac71cc418da58f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
690a5d4e by security tracker role at 2019-05-20T20:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,73 @@
+CVE-2019-12238
+ RESERVED
+CVE-2019-12237
+ RESERVED
+CVE-2019-12236
+ RESERVED
+CVE-2019-12235
+ RESERVED
+CVE-2019-12234
+ RESERVED
+CVE-2019-12233
+ RESERVED
+CVE-2019-12232
+ RESERVED
+CVE-2019-12231
+ RESERVED
+CVE-2019-12230
+ RESERVED
+CVE-2019-12229
+ RESERVED
+CVE-2019-12228
+ RESERVED
+CVE-2019-12227
+ RESERVED
+CVE-2019-12226
+ RESERVED
+CVE-2019-12225
+ RESERVED
+CVE-2019-12224
+ RESERVED
+CVE-2019-12223
+ RESERVED
+CVE-2019-1 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
+ TODO: check
+CVE-2019-12221 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
+ TODO: check
+CVE-2019-12220 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
+ TODO: check
+CVE-2019-12219 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
+ TODO: check
+CVE-2019-12218 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
+ TODO: check
+CVE-2019-12217 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
+ TODO: check
+CVE-2019-12216 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
+ TODO: check
+CVE-2019-12215 (** DISPUTED ** A full path disclosure vulnerability was
discovered in ...)
+ TODO: check
+CVE-2019-12214 (In FreeImage 3.18.0, an out-of-bounds access occurs because of
mishand ...)
+ TODO: check
+CVE-2019-12213 (When FreeImage 3.18.0 reads a special TIFF file, the
TIFFReadDirectory ...)
+ TODO: check
+CVE-2019-12212 (When FreeImage 3.18.0 reads a special JXR file, the
StreamCalcIFDSize ...)
+ TODO: check
+CVE-2019-12211 (When FreeImage 3.18.0 reads a tiff file, it will be handed to
the Load ...)
+ TODO: check
+CVE-2019-12210
+ RESERVED
+CVE-2019-12209
+ RESERVED
+CVE-2019-12208 (njs through 0.3.1, used in NGINX, has a heap-based buffer
overflow in ...)
+ TODO: check
+CVE-2019-12207 (njs through 0.3.1, used in NGINX, has a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2019-12206 (njs through 0.3.1, used in NGINX, has a heap-based buffer
overflow in ...)
+ TODO: check
+CVE-2019-12205
+ RESERVED
+CVE-2019-12204
+ RESERVED
CVE-2019-12203
RESERVED
CVE-2019-12202
@@ -779,7 +849,7 @@ CVE-2019-11833 (fs/ext4/extents.c in the Linux kernel
through 5.1.2 does not zer
CVE-2019-11832 (TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote
code execut ...)
NOT-FOR-US: Typo3
CVE-2019-11831 (The PharStreamWrapper (aka phar-stream-wrapper) package 2.x
before 2.1 ...)
- {DSA-4445-1}
+ {DSA-4445-1 DLA-1797-1}
- drupal7 (bug #928688)
NOTE: https://www.drupal.org/SA-CORE-2019-007
CVE-2019-11830 (PharMetaDataInterceptor in the PharStreamWrapper (aka
phar-stream-wrap ...)
@@ -828,8 +898,8 @@ CVE-2019-11810 (An issue was discovered in the Linux kernel
before 5.0.7. A NULL
- linux 4.19.37-1
[stretch] - linux 4.9.168-1
NOTE: Fixed by:
https://git.kernel.org/linus/bcf3b67d16a4c8ffae0aa79de5853435e683945c
-CVE-2019-11809
- RESERVED
+CVE-2019-11809 (An issue was discovered in Joomla! before 3.9.6. The debug
views of co ...)
+ TODO: check
CVE-2018-20836 (An issue was discovered in the Linux kernel before 4.20. There
is a ra ...)
- linux
NOTE: Fixed by:
https://git.kernel.org/linus/b90cd6f2b905905fb42671009dc0e27c310a16ae
@@ -1548,10 +1618,12 @@ CVE-2019-11508 (In Pulse Secure Pulse Connect Secure
(PCS) before 8.1R15.1, 8.2
CVE-2019-11507 (In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before
8.3R7.1 and 9. ...)
NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2019-11506 (In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403
Q8, the ...)
+ {DLA-1795-1}
- graphicsmagick 1.4~hg15968-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/57ac0ae85e2a
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/604/
CVE-2019-11505 (In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403
Q8, ther ...)
+ {DLA-1795-1}
- graphicsmagick 1.4~hg15968-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/85f5bdcd246a
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/605/
@@ -1640,11 +1712,13 @@ CVE-2019-11476
CVE-2019-11475
RESERVED
CVE-2019-11474 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to
cause a deni ...)
+ {DLA-1795-1}
- graphicsmagick 1.4~hg15976-1
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-0201/zookeeper
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 15899e23 by Salvatore Bonaccorso at 2019-05-20T20:11:00Z Add Debian bug reference for CVE-2019-0201/zookeeper - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -32577,7 +32577,7 @@ CVE-2019-0202 RESERVED CVE-2019-0201 [Information disclosure vulnerability] RESERVED - - zookeeper + - zookeeper (bug #929283) NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-1392 CVE-2019-0200 (A Denial of Service vulnerability was found in Apache Qpid Broker-J ve ...) - qpid-java (bug #840131) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/15899e23aaaf65c551947dab1dffa1fd6ab1d8df -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/15899e23aaaf65c551947dab1dffa1fd6ab1d8df You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2019-12215/matomo
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0918b884 by Salvatore Bonaccorso at 2019-05-20T20:15:01Z
Add CVE-2019-12215/matomo
- - - - -
83f7157e by Salvatore Bonaccorso at 2019-05-20T20:16:20Z
Update two references for piwik to matomo
Apparently the upstream project was renamed (again) as Matomo. Make all
ITP bug references to #448532 conform to one planned source package
name.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -45,7 +45,7 @@ CVE-2019-12217 (An issue was discovered in libSDL2.a in
Simple DirectMedia Layer
CVE-2019-12216 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
TODO: check
CVE-2019-12215 (** DISPUTED ** A full path disclosure vulnerability was
discovered in ...)
- TODO: check
+ - matomo (bug #448532)
CVE-2019-12214 (In FreeImage 3.18.0, an out-of-bounds access occurs because of
mishand ...)
TODO: check
CVE-2019-12213 (When FreeImage 3.18.0 reads a special TIFF file, the
TIFFReadDirectory ...)
@@ -170715,9 +170715,9 @@ CVE-2015-7818 (The administration-panel web service
in IBM System Networking Swi
CVE-2015-7817 (Race condition in the administration-panel web service in IBM
System N ...)
NOT-FOR-US: IBM
CVE-2015-7816 (The DisplayTopKeywords function in
plugins/Referrers/Controller.php in ...)
- - piwik (bug #448532)
+ - matomo (bug #448532)
CVE-2015-7815 (Directory traversal vulnerability in
core/ViewDataTable/Factory.php in ...)
- - piwik (bug #448532)
+ - matomo (bug #448532)
CVE-2015-7814 (Race condition in the relinquish_memory function in
arch/arm/domain.c ...)
{DSA-3414-1}
- xen 4.6.0-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/15899e23aaaf65c551947dab1dffa1fd6ab1d8df...83f7157e5c34cdd63683854c0792cc716d5dd2e6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/15899e23aaaf65c551947dab1dffa1fd6ab1d8df...83f7157e5c34cdd63683854c0792cc716d5dd2e6
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-1221{1,2,3,4}/freeimage
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5947e5ab by Salvatore Bonaccorso at 2019-05-20T20:25:06Z
Add CVE-2019-1221{1,2,3,4}/freeimage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -47,13 +47,17 @@ CVE-2019-12216 (An issue was discovered in libSDL2.a in
Simple DirectMedia Layer
CVE-2019-12215 (** DISPUTED ** A full path disclosure vulnerability was
discovered in ...)
- matomo (bug #448532)
CVE-2019-12214 (In FreeImage 3.18.0, an out-of-bounds access occurs because of
mishand ...)
- TODO: check
+ - freeimage
+ NOTE:
https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
CVE-2019-12213 (When FreeImage 3.18.0 reads a special TIFF file, the
TIFFReadDirectory ...)
- TODO: check
+ - freeimage
+ NOTE:
https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
CVE-2019-12212 (When FreeImage 3.18.0 reads a special JXR file, the
StreamCalcIFDSize ...)
- TODO: check
+ - freeimage
+ NOTE:
https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
CVE-2019-12211 (When FreeImage 3.18.0 reads a tiff file, it will be handed to
the Load ...)
- TODO: check
+ - freeimage
+ NOTE:
https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
CVE-2019-12210
RESERVED
CVE-2019-12209
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5947e5ab6ada93aa134f413ef88ed33ad2061cbc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5947e5ab6ada93aa134f413ef88ed33ad2061cbc
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process three NFUs for njs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fba4db74 by Salvatore Bonaccorso at 2019-05-20T20:27:21Z Process three NFUs for njs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -63,11 +63,11 @@ CVE-2019-12210 CVE-2019-12209 RESERVED CVE-2019-12208 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in ...) - TODO: check + NOT-FOR-US: njs CVE-2019-12207 (njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in ...) - TODO: check + NOT-FOR-US: njs CVE-2019-12206 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in ...) - TODO: check + NOT-FOR-US: njs CVE-2019-12205 RESERVED CVE-2019-12204 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fba4db745a4649d166bf9122c7c5eca6c5add86b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fba4db745a4649d166bf9122c7c5eca6c5add86b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 132a1a68 by Salvatore Bonaccorso at 2019-05-20T20:34:10Z Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -903,7 +903,7 @@ CVE-2019-11810 (An issue was discovered in the Linux kernel before 5.0.7. A NULL [stretch] - linux 4.9.168-1 NOTE: Fixed by: https://git.kernel.org/linus/bcf3b67d16a4c8ffae0aa79de5853435e683945c CVE-2019-11809 (An issue was discovered in Joomla! before 3.9.6. The debug views of co ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2018-20836 (An issue was discovered in the Linux kernel before 4.20. There is a ra ...) - linux NOTE: Fixed by: https://git.kernel.org/linus/b90cd6f2b905905fb42671009dc0e27c310a16ae @@ -10193,7 +10193,7 @@ CVE-2019-8354 (An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_d CVE-2019-8353 RESERVED CVE-2019-8352 (By default, BMC PATROL Agent through 11.3.01 uses a static encryption ...) - TODO: check + NOT-FOR-US: BMC PATROL Agent CVE-2019-8351 (Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certif ...) NOT-FOR-US: Heimdal Thor Agent CVE-2019-8350 (The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed i ...) @@ -19756,7 +19756,7 @@ CVE-2019-4295 CVE-2019-4294 RESERVED CVE-2019-4293 (IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attac ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4292 RESERVED CVE-2019-4291 @@ -20226,7 +20226,7 @@ CVE-2019-4060 CVE-2019-4059 (IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently pro ...) NOT-FOR-US: IBM CVE-2019-4058 (IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to ma ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4057 RESERVED CVE-2019-4056 @@ -20320,7 +20320,7 @@ CVE-2019-4013 (IBM BigFix Platform 9.5 could allow any authenticated user to upl CVE-2019-4012 (IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is ...) NOT-FOR-US: IBM CVE-2019-4011 (IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4010 RESERVED CVE-2019-4009 @@ -29980,7 +29980,7 @@ CVE-2019-1010 CVE-2019-1009 RESERVED CVE-2019-1008 (A security feature bypass vulnerability exists in Dynamics On Premise, ...) - TODO: check + NOT-FOR-US: Microsoft Dynamics On-Premise CVE-2019-1007 RESERVED CVE-2019-1006 @@ -51204,7 +51204,7 @@ CVE-2018-12272 (xowl/request.php in Ximdex 4.0 has XSS via the content parameter CVE-2018-12271 (** DISPUTED ** An issue was discovered in the com.getdropbox.Dropbox a ...) NOT-FOR-US: com.getdropbox.Dropbox app for IOS CVE-2018-12270 (In Valve Steam 1528829181 BETA, it is possible to perform a homograph ...) - TODO: check + NOT-FOR-US: Valve Steam CVE-2018-12269 RESERVED CVE-2018-12268 (acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metac ...) @@ -80351,7 +80351,7 @@ CVE-2018-2007 (IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected c CVE-2018-2006 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...) NOT-FOR-US: IBM CVE-2018-2005 (IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive informati ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-2004 (IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2018-2003 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/132a1a688deaaa55a74479f0e77f772fe4d79ea8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/132a1a688deaaa55a74479f0e77f772fe4d79ea8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Revert CVE-2018-12270 back to check
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0134df9d by Salvatore Bonaccorso at 2019-05-20T21:00:17Z Revert CVE-2018-12270 back to check Marking it as NFU as per "Valve Steam" was defintively prematurely, there is for instance src:steam in the archive which might be impacted by the issue. The CVE description and references are unfortunately not enlightening regarding if src;steam might be affected. Cf. https://github.com/VixusFoxy/CVE/wiki/CVE-2018-12270 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -51272,7 +51272,7 @@ CVE-2018-12272 (xowl/request.php in Ximdex 4.0 has XSS via the content parameter CVE-2018-12271 (** DISPUTED ** An issue was discovered in the com.getdropbox.Dropbox a ...) NOT-FOR-US: com.getdropbox.Dropbox app for IOS CVE-2018-12270 (In Valve Steam 1528829181 BETA, it is possible to perform a homograph ...) - NOT-FOR-US: Valve Steam + TODO: check CVE-2018-12269 RESERVED CVE-2018-12268 (acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metac ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0134df9d68d2c5618361d488590fe2737327fd6d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0134df9d68d2c5618361d488590fe2737327fd6d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add initial tracking of some new SDL issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 92b2bf8d by Salvatore Bonaccorso at 2019-05-20T21:18:08Z Add initial tracking of some new SDL issues Please make sure first that the tracking is correct, the bug reports are at the stage of just beeing dropped in in upstream's bugzilla and neither yet acknowledged by upstream. The source package name tracking might not be 100% correct a this stage and might need to be adjusted when details become clear. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31,19 +31,40 @@ CVE-2019-12224 CVE-2019-12223 RESERVED CVE-2019-1 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) - TODO: check + - libsdl2 + - libsdl1.2 + NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4621 + TODO: check details and correct vulnerability location CVE-2019-12221 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) - TODO: check + - libsdl2 + - libsdl1.2 + NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4628 + TODO: check details and correct vulnerability location CVE-2019-12220 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) - TODO: check + - libsdl2 + - libsdl1.2 + NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4627 + TODO: check details and correct vulnerability location CVE-2019-12219 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) - TODO: check + - libsdl2 + - libsdl1.2 + NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4625 + TODO: check details and correct vulnerability location CVE-2019-12218 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) - TODO: check + - libsdl2-image + - sdl-image1.2 + NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4620 + TODO: check details and correct vulnerability location CVE-2019-12217 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) - TODO: check + - libsdl2 + - libsdl1.2 + NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4626 + TODO: check details and correct vulnerability location CVE-2019-12216 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) - TODO: check + - libsdl2-image + - sdl-image1.2 + NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4619 + TODO: check details and correct vulnerability location CVE-2019-12215 (** DISPUTED ** A full path disclosure vulnerability was discovered in ...) - matomo (bug #448532) CVE-2019-12214 (In FreeImage 3.18.0, an out-of-bounds access occurs because of mishand ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92b2bf8d6e2d194cc3e39a45c9c27d38378c5d03 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92b2bf8d6e2d194cc3e39a45c9c27d38378c5d03 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e21fd778 by security tracker role at 2019-05-21T08:10:20Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,19 @@ +CVE-2019-12246 + RESERVED +CVE-2019-12245 + RESERVED +CVE-2019-12244 + RESERVED +CVE-2019-12243 + RESERVED +CVE-2019-12242 + RESERVED +CVE-2019-12241 (The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserializat ...) + TODO: check +CVE-2019-12240 (The Virim plugin 0.4 for WordPress allows Insecure Deserialization via ...) + TODO: check +CVE-2019-12239 (The WP Booking System plugin 1.5.1 for WordPress has no CSRF protectio ...) + TODO: check CVE-2019-12238 RESERVED CVE-2019-12237 @@ -905,8 +921,8 @@ CVE-2019-11818 (Alkacon OpenCMS v10.5.4 and before is affected by stored cross s NOT-FOR-US: Alkacon OpenCMS CVE-2019-11817 RESERVED -CVE-2019-11816 - RESERVED +CVE-2019-11816 (Incorrect access control in the WebUI in OPNsense before version 19.1. ...) + TODO: check CVE-2019-11814 (An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.1 ...) NOT-FOR-US: MISP CVE-2019-11813 (An issue was discovered in app/View/Elements/Events/View/value_field.c ...) @@ -5134,14 +5150,11 @@ CVE-2019-10080 RESERVED CVE-2019-10079 RESERVED -CVE-2019-10078 - RESERVED +CVE-2019-10078 (A carefully crafted plugin link invocation could trigger an XSS vulner ...) - jspwiki -CVE-2019-10077 - RESERVED +CVE-2019-10077 (A carefully crafted InterWiki link could trigger an XSS vulnerability ...) - jspwiki -CVE-2019-10076 - RESERVED +CVE-2019-10076 (A carefully crafted malicious attachment could trigger an XSS vulnerab ...) - jspwiki CVE-2019-10075 RESERVED @@ -28402,7 +28415,7 @@ CVE-2018-19827 (In LibSass 3.5.5, a use-after-free vulnerability exists in the S - libsass [stretch] - libsass (Minor issue) NOTE: https://github.com/sass/libsass/issues/2782 -CVE-2018-19826 (In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an ...) +CVE-2018-19826 (** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprin ...) - libsass [stretch] - libsass (Minor issue) NOTE: https://github.com/sass/libsass/issues/2781 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e21fd778dd372eb52b3753ccaef71844aa45ab62 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e21fd778dd372eb52b3753ccaef71844aa45ab62 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-10132/libvirt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e5cce126 by Salvatore Bonaccorso at 2019-05-21T19:45:15Z Add CVE-2019-10132/libvirt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4996,8 +4996,10 @@ CVE-2019-10134 RESERVED CVE-2019-10133 RESERVED -CVE-2019-10132 +CVE-2019-10132 [Insecure permissions for systemd socket for virtlockd/virtlogd] RESERVED + - libvirt + NOTE: https://security.libvirt.org/2019/0003.html CVE-2019-10131 (An off-by-one read vulnerability was discovered in ImageMagick before ...) [experimental] - imagemagick 8:6.9.10.2+dfsg-1 - imagemagick 8:6.9.10.2+dfsg-2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e5cce1263c6605ee3cb2d5b7a84b7f87d8a47f41 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e5cce1263c6605ee3cb2d5b7a84b7f87d8a47f41 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-10141/ironic-inspector
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1ac0a7f7 by Salvatore Bonaccorso at 2019-05-21T19:46:55Z Add Debian bug reference for CVE-2019-10141/ironic-inspector - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4977,7 +4977,7 @@ CVE-2019-10142 RESERVED CVE-2019-10141 RESERVED - - ironic-inspector + - ironic-inspector (bug #929332) NOTE: https://review.opendev.org/#/c/660234/ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1711722 CVE-2019-10140 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ac0a7f7fc9f159855343b9b9022e0dd236f3f57 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ac0a7f7fc9f159855343b9b9022e0dd236f3f57 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-10132/libvirt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3183fd22 by Salvatore Bonaccorso at 2019-05-21T20:02:36Z Add Debian bug reference for CVE-2019-10132/libvirt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4998,7 +4998,7 @@ CVE-2019-10133 RESERVED CVE-2019-10132 [Insecure permissions for systemd socket for virtlockd/virtlogd] RESERVED - - libvirt + - libvirt (bug #929334) NOTE: https://security.libvirt.org/2019/0003.html CVE-2019-10131 (An off-by-one read vulnerability was discovered in ImageMagick before ...) [experimental] - imagemagick 8:6.9.10.2+dfsg-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3183fd223af7456756815712e323d210c4d74bfd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3183fd223af7456756815712e323d210c4d74bfd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
05e7b420 by security tracker role at 2019-05-21T20:10:26Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,41 @@
+CVE-2019-12265
+ RESERVED
+CVE-2019-12264
+ RESERVED
+CVE-2019-12263
+ RESERVED
+CVE-2019-12262
+ RESERVED
+CVE-2019-12261
+ RESERVED
+CVE-2019-12260
+ RESERVED
+CVE-2019-12259
+ RESERVED
+CVE-2019-12258
+ RESERVED
+CVE-2019-12257
+ RESERVED
+CVE-2019-12256
+ RESERVED
+CVE-2019-12255
+ RESERVED
+CVE-2019-12254
+ RESERVED
+CVE-2019-12253 (my little forum before 2.4.20 allows CSRF to delete posts, as
demonstr ...)
+ TODO: check
+CVE-2019-12252 (In Zoho ManageEngine ServiceDesk Plus through 10.5, users with
the low ...)
+ TODO: check
+CVE-2019-12251 (sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via
the index. ...)
+ TODO: check
+CVE-2019-12250 (IdentityServer IdentityServer4 through 2.4 has stored XSS via
the http ...)
+ TODO: check
+CVE-2019-12249
+ RESERVED
+CVE-2019-12248
+ RESERVED
+CVE-2019-12247
+ RESERVED
CVE-2019-12246
RESERVED
CVE-2019-12245
@@ -135,10 +173,10 @@ CVE-2019-12192
RESERVED
CVE-2019-12191
RESERVED
-CVE-2019-12190
- RESERVED
-CVE-2019-12189
- RESERVED
+CVE-2019-12190 (XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web
Panel t ...)
+ TODO: check
+CVE-2019-12189 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus
9.3. The ...)
+ TODO: check
CVE-2019-12188
RESERVED
CVE-2019-12187
@@ -364,6 +402,7 @@ CVE-2019-12088
CVE-2019-12087 (** DISPUTED ** Samsung S9+, S10, and XCover 4 P(9.0) devices
can becom ...)
NOT-FOR-US: Samsung devices
CVE-2019-12086 (A Polymorphic Typing issue was discovered in FasterXML
jackson-databin ...)
+ {DLA-1798-1}
- jackson-databind 2.9.8-2 (bug #929177)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2326
CVE-2019-12085
@@ -4550,11 +4589,9 @@ CVE-2019-10322
RESERVED
CVE-2019-10321
RESERVED
-CVE-2019-10320
- RESERVED
+CVE-2019-10320 (Jenkins Credentials Plugin 2.1.18 and earlier allowed users
with permi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10319
- RESERVED
+CVE-2019-10319 (A missing permission check in Jenkins PAM Authentication
Plugin 1.5 an ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10318 (Jenkins Azure AD Plugin 0.3.3 and earlier stored the client
secret une ...)
NOT-FOR-US: Jenkins Azure AD Plugin
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/05e7b420d30cfee69eaf2040ac8054108df76f2b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/05e7b420d30cfee69eaf2040ac8054108df76f2b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8f7209e4 by Salvatore Bonaccorso at 2019-05-21T20:28:11Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23,11 +23,11 @@ CVE-2019-12255 CVE-2019-12254 RESERVED CVE-2019-12253 (my little forum before 2.4.20 allows CSRF to delete posts, as demonstr ...) - TODO: check + NOT-FOR-US: my little forum CVE-2019-12252 (In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the low ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus CVE-2019-12251 (sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index. ...) - TODO: check + NOT-FOR-US: UCMS CVE-2019-12250 (IdentityServer IdentityServer4 through 2.4 has stored XSS via the http ...) TODO: check CVE-2019-12249 @@ -174,9 +174,9 @@ CVE-2019-12192 CVE-2019-12191 RESERVED CVE-2019-12190 (XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel t ...) - TODO: check + NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-12189 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. The ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus CVE-2019-12188 RESERVED CVE-2019-12187 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f7209e4fee1be864a91b9e098a8e6aa8cfbd50f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f7209e4fee1be864a91b9e098a8e6aa8cfbd50f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2019-10132/libvirt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a10e048 by Salvatore Bonaccorso at 2019-05-21T20:29:22Z Update status for CVE-2019-10132/libvirt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5036,6 +5036,8 @@ CVE-2019-10133 CVE-2019-10132 [Insecure permissions for systemd socket for virtlockd/virtlogd] RESERVED - libvirt (bug #929334) + [stretch] - libvirt (Vulnerable code introduced in 4.1.0-rc1) + [jessie] - libvirt (Vulnerable code introduced in 4.1.0-rc1) NOTE: https://security.libvirt.org/2019/0003.html CVE-2019-10131 (An off-by-one read vulnerability was discovered in ImageMagick before ...) [experimental] - imagemagick 8:6.9.10.2+dfsg-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a10e048b1d565e087150d97126d613244bbd645 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a10e048b1d565e087150d97126d613244bbd645 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2019-5421/ruby-devise
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c30eceea by Salvatore Bonaccorso at 2019-05-21T21:25:41Z Add fixed version via unstable for CVE-2019-5421/ruby-devise - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17604,7 +17604,7 @@ CVE-2019-5423 (Path traversal vulnerability in http-live-simulator npm package v CVE-2019-5422 (XSS in buttle npm package version 0.2.0 causes execution of attacker-p ...) NOT-FOR-US: buttle node module CVE-2019-5421 (Plataformatec Devise version 4.5.0 and earlier, using the lockable mod ...) - - ruby-devise (bug #926348) + - ruby-devise 4.5.0-3 (bug #926348) [stretch] - ruby-devise (Minor issue) NOTE: https://github.com/plataformatec/devise/issues/4981 NOTE: https://github.com/plataformatec/devise/pull/4996 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c30eceea10acfba8546d9d8c82414d8bd3dc0b5e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c30eceea10acfba8546d9d8c82414d8bd3dc0b5e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new firefox issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
79b3b518 by Salvatore Bonaccorso at 2019-05-21T21:58:01Z
Add new firefox issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1205,35 +1205,57 @@ CVE-2019-11702
RESERVED
CVE-2019-11701
RESERVED
+ - firefox
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11701
CVE-2019-11700
RESERVED
+ - firefox (Windows-specific)
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11700
CVE-2019-11699
RESERVED
+ - firefox
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11699
CVE-2019-11698
RESERVED
+ - firefox
- firefox-esr
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11698
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11698
CVE-2019-11697
RESERVED
+ - firefox
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11697
CVE-2019-11696
RESERVED
+ - firefox
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11696
CVE-2019-11695
RESERVED
+ - firefox
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11695
CVE-2019-11694
RESERVED
+ - firefox (Windows-specific)
- firefox-esr (Windows-specific)
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11694
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11694
CVE-2019-11693
RESERVED
+ - firefox
- firefox-esr
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11693
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11693
CVE-2019-11692
RESERVED
+ - firefox
- firefox-esr
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11692
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11692
CVE-2019-11691
RESERVED
+ - firefox
- firefox-esr
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11691
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11691
CVE-2019-11690 (gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through
v2019.04 la ...)
- u-boot 2019.01+dfsg-6 (low; bug #928557)
@@ -6528,32 +6550,48 @@ CVE-2019-9822
RESERVED
CVE-2019-9821
RESERVED
+ - firefox
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9821
CVE-2019-9820
RESERVED
+ - firefox
- firefox-esr
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9820
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9820
CVE-2019-9819
RESERVED
+ - firefox
- firefox-esr
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9819
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9819
CVE-2019-9818
RESERVED
+ - firefox (Windows-specific)
- firefox-esr (Windows-specific)
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9818
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9818
CVE-2019-9817
RESERVED
+ - firefox
- firefox-esr
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9817
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9817
CVE-2019-9816
RESERVED
+ - firefox
- firefox-esr
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9816
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9816
CVE-2019-9815
RESERVED
+ - firefox (MacOS-specific)
- firefox-esr (MacOS-specific)
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9815
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9815
CVE-2019-9814
RESERVED
+ - firefox
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9814
CVE-2019-9813 (Incorrect handling of __proto__ mutations may lead to type
confusion i ...)
{DSA-4417-1 DLA-1727-1}
- firefox 66.0.1-1
@@ -6603,7 +6641,9 @@ CVE-2019-9801 (Firefox will accept any registered Program
ID as an external prot
NOTE
[Git][security-tracker-team/security-tracker][master] Fixes for mfsa2019-14/firefox-esr adressed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bcb5eacc by Salvatore Bonaccorso at 2019-05-22T07:31:11Z
Fixes for mfsa2019-14/firefox-esr adressed in unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1218,7 +1218,7 @@ CVE-2019-11699
CVE-2019-11698
RESERVED
- firefox
- - firefox-esr
+ - firefox-esr 60.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11698
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11698
CVE-2019-11697
@@ -1242,19 +1242,19 @@ CVE-2019-11694
CVE-2019-11693
RESERVED
- firefox
- - firefox-esr
+ - firefox-esr 60.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11693
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11693
CVE-2019-11692
RESERVED
- firefox
- - firefox-esr
+ - firefox-esr 60.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11692
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11692
CVE-2019-11691
RESERVED
- firefox
- - firefox-esr
+ - firefox-esr 60.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11691
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11691
CVE-2019-11690 (gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through
v2019.04 la ...)
@@ -6555,13 +6555,13 @@ CVE-2019-9821
CVE-2019-9820
RESERVED
- firefox
- - firefox-esr
+ - firefox-esr 60.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9820
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9820
CVE-2019-9819
RESERVED
- firefox
- - firefox-esr
+ - firefox-esr 60.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9819
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9819
CVE-2019-9818
@@ -6573,13 +6573,13 @@ CVE-2019-9818
CVE-2019-9817
RESERVED
- firefox
- - firefox-esr
+ - firefox-esr 60.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9817
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9817
CVE-2019-9816
RESERVED
- firefox
- - firefox-esr
+ - firefox-esr 60.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9816
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9816
CVE-2019-9815
@@ -6642,7 +6642,7 @@ CVE-2019-9801 (Firefox will accept any registered Program
ID as an external prot
CVE-2019-9800
RESERVED
- firefox
- - firefox-esr
+ - firefox-esr 60.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9800
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9800
CVE-2019-9799 (Insufficient bounds checking of data during inter-process
communicatio ...)
@@ -6653,7 +6653,7 @@ CVE-2019-9798 (On Android systems, Firefox can load a
library from APITRACE_LIB,
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9798
CVE-2019-9797 (Cross-origin images can be read in violation of the same-origin
policy ...)
- firefox 66.0-1
- - firefox-esr
+ - firefox-esr 60.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9797
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9797
CVE-2019-9796 (A use-after-free vulnerability can occur when the SMIL
animation contr ...)
@@ -12949,7 +12949,7 @@ CVE-2019-7317 (png_image_free in png.c in libpng 1.6.36
has a use-after-free bec
{DSA-4435-1}
- libpng1.6 1.6.36-4 (bug #921355)
- firefox
- - firefox-esr
+ - firefox-esr 60.7.0esr-1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
NOTE: https://github.com/glennrp/libpng/issues/275
NOTE:
https://github.com/glennrp/libpng/commit/9c0d5c77bf5bf2d7c1e11f388de40a70e0191550
@@ -16670,7 +16670,7 @@ CVE-2019-5798
RESERVED
{DSA-4421-1}
- chromium 73.0.3683.75-1
- - firefox-esr
+ - firefox-esr 60.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-5798
CVE-2019-5797
RESERVED
@@ -34965,8 +34965,10 @@ CVE-2018-18512 (A use-after-free vulnerability can
occur while
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-5436/curl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5b1b79c8 by Salvatore Bonaccorso at 2019-05-22T07:36:40Z Add CVE-2019-5436/curl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17636,8 +17636,12 @@ CVE-2019-5438 (Path traversal using symlink in npm harp module versions <= 0. TODO: check CVE-2019-5437 (Information exposure through the directory listing in npm's harp modul ...) TODO: check -CVE-2019-5436 +CVE-2019-5436 [TFTP receive buffer overflow] RESERVED + - curl + NOTE: https://curl.haxx.se/docs/CVE-2019-5436.html + NOTE: Introduced by: https://github.com/curl/curl/commit/0516ce7786e95 + NOTE: Fixed by: https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275 CVE-2019-5435 RESERVED CVE-2019-5434 (An attacker could send a specifically crafted payload to the XML-RPC i ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b1b79c829286fc4da81cef9c6f4307a69e0f3a3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b1b79c829286fc4da81cef9c6f4307a69e0f3a3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-5435/curl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9aef66ae by Salvatore Bonaccorso at 2019-05-22T07:41:15Z Add CVE-2019-5435/curl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17642,8 +17642,12 @@ CVE-2019-5436 [TFTP receive buffer overflow] NOTE: https://curl.haxx.se/docs/CVE-2019-5436.html NOTE: Introduced by: https://github.com/curl/curl/commit/0516ce7786e95 NOTE: Fixed by: https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275 -CVE-2019-5435 +CVE-2019-5435 [Integer overflows in curl_url_set] RESERVED + - curl + NOTE: https://curl.haxx.se/docs/CVE-2019-5435.html + NOTE: Introduced by: https://github.com/curl/curl/commit/fb30ac5a2d63773c52 + NOTE: Fixed by: https://github.com/curl/curl/commit/5fc28510a4664f4 CVE-2019-5434 (An attacker could send a specifically crafted payload to the XML-RPC i ...) NOT-FOR-US: Revive Adserver CVE-2019-5433 (A user having access to the UI of a Revive Adserver instance could be ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9aef66aefaee891faa7321f86c8132c5b62eda62 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9aef66aefaee891faa7321f86c8132c5b62eda62 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-5436/curl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0eee76f0 by Salvatore Bonaccorso at 2019-05-22T07:44:36Z Add Debian bug reference for CVE-2019-5436/curl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17638,7 +17638,7 @@ CVE-2019-5437 (Information exposure through the directory listing in npm's harp TODO: check CVE-2019-5436 [TFTP receive buffer overflow] RESERVED - - curl + - curl (bug #929351) NOTE: https://curl.haxx.se/docs/CVE-2019-5436.html NOTE: Introduced by: https://github.com/curl/curl/commit/0516ce7786e95 NOTE: Fixed by: https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0eee76f0a2ff716d19cf7d0caf69dc5577ac84c0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0eee76f0a2ff716d19cf7d0caf69dc5577ac84c0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-5435/curl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3ac6e5b7 by Salvatore Bonaccorso at 2019-05-22T07:46:19Z Add Debian bug reference for CVE-2019-5435/curl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17644,7 +17644,7 @@ CVE-2019-5436 [TFTP receive buffer overflow] NOTE: Fixed by: https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275 CVE-2019-5435 [Integer overflows in curl_url_set] RESERVED - - curl + - curl (bug #929352) NOTE: https://curl.haxx.se/docs/CVE-2019-5435.html NOTE: Introduced by: https://github.com/curl/curl/commit/fb30ac5a2d63773c52 NOTE: Fixed by: https://github.com/curl/curl/commit/5fc28510a4664f4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ac6e5b7c89c664d6d991ae4f8ff6a22c3b81e52 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ac6e5b7c89c664d6d991ae4f8ff6a22c3b81e52 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-12155/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3f93f274 by Salvatore Bonaccorso at 2019-05-22T07:57:15Z Add CVE-2019-12155/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -243,8 +243,12 @@ CVE-2019-12157 RESERVED CVE-2019-12156 RESERVED -CVE-2019-12155 +CVE-2019-12155 [qxl: null pointer dereference while releasing spice resources] RESERVED + - qemu + - qemu-kvm + NOTE: https://www.openwall.com/lists/oss-security/2019/05/22/1 + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99 CVE-2019-12154 RESERVED CVE-2019-12153 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f93f2747ea03a9022be2aec5f6ce1254a50b064 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f93f2747ea03a9022be2aec5f6ce1254a50b064 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ad3b2b34 by security tracker role at 2019-05-22T08:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,21 @@
+CVE-2019-12274
+ RESERVED
+CVE-2019-12273
+ RESERVED
+CVE-2019-12272
+ RESERVED
+CVE-2019-12271
+ RESERVED
+CVE-2019-12270 (OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4
configur ...)
+ TODO: check
+CVE-2019-12269 (Enigmail before 2.0.11 allows PGP signature spoofing: for an
inline PG ...)
+ TODO: check
+CVE-2019-12268
+ RESERVED
+CVE-2019-12267
+ RESERVED
+CVE-2019-12266
+ RESERVED
CVE-2019-12265
RESERVED
CVE-2019-12264
@@ -5264,8 +5282,7 @@ CVE-2019-10069
RESERVED
CVE-2019-10068 (An issue was discovered in Kentico before 12.0.15. Due to a
failure to ...)
NOT-FOR-US: Kentico
-CVE-2019-10067 [OSA-2019-05]
- RESERVED
+CVE-2019-10067 (An issue was discovered in Open Ticket Request System (OTRS)
7.x throu ...)
- otrs2 6.0.18-1
[buster] - otrs2 6.0.16-2
[stretch] - otrs2 (Non-free not supported)
@@ -5273,8 +5290,7 @@ CVE-2019-10067 [OSA-2019-05]
NOTE: OTRS 6:
https://github.com/OTRS/otrs/commit/8a489236336ddc82e745c27abb32dfa1ceefb0f4
NOTE: OTRS 5:
https://github.com/OTRS/otrs/commit/67158d8b08309859572c795982ecc7c52484ab0e
NOTE:
https://community.otrs.com/security-advisory-2019-05-security-update-for-otrs-framework/
-CVE-2019-10066 [OSA-2019-06]
- RESERVED
+CVE-2019-10066 (An issue was discovered in Open Ticket Request System (OTRS)
7.x throu ...)
- otrs2 6.0.18-1
[buster] - otrs2 6.0.16-2
[stretch] - otrs2 (Vulnerable code introduced later)
@@ -5714,8 +5730,7 @@ CVE-2019-9894 (A remotely triggerable memory overwrite in
RSA key exchange in Pu
- putty 0.70-6
NOTE:
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-rsa-kex-integer-overflow.html
NOTE:
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=d82854999516046122501b2e145099740ed0284f
-CVE-2019-9892 [OSA-2019-04]
- RESERVED
+CVE-2019-9892 (An issue was discovered in Open Ticket Request System (OTRS)
5.x throu ...)
{DLA-1774-1}
- otrs2 6.0.18-1
[buster] - otrs2 6.0.16-2
@@ -14845,8 +14860,8 @@ CVE-2019-6515 (An issue was discovered in WSO2 API
Manager 2.6.0. Uploaded docum
NOT-FOR-US: WSO2
CVE-2019-6514 (An issue was discovered in WSO2 Dashboard Server 2.0.0. It is
possible ...)
NOT-FOR-US: WSO2
-CVE-2019-6513
- RESERVED
+CVE-2019-6513 (An issue was discovered in WSO2 API Manager 2.6.0. It is
possible for ...)
+ TODO: check
CVE-2019-6512 (An issue was discovered in WSO2 API Manager 2.6.0. It is
possible to f ...)
NOT-FOR-US: WSO2
CVE-2019-6511
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad3b2b34989386f9a9461ae86e9b18f0b984b73a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad3b2b34989386f9a9461ae86e9b18f0b984b73a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-12155/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 75eb9fa4 by Salvatore Bonaccorso at 2019-05-22T08:12:59Z Add Debian bug reference for CVE-2019-12155/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -263,7 +263,7 @@ CVE-2019-12156 RESERVED CVE-2019-12155 [qxl: null pointer dereference while releasing spice resources] RESERVED - - qemu + - qemu (bug #929353) - qemu-kvm NOTE: https://www.openwall.com/lists/oss-security/2019/05/22/1 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75eb9fa4c98a1529e6189aa2815309a6034ca734 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75eb9fa4c98a1529e6189aa2815309a6034ca734 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-12269/enigmail
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 999620c2 by Salvatore Bonaccorso at 2019-05-22T08:17:09Z Add CVE-2019-12269/enigmail - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,7 +9,8 @@ CVE-2019-12271 CVE-2019-12270 (OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configur ...) TODO: check CVE-2019-12269 (Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PG ...) - TODO: check + - enigmail + NOTE: https://sourceforge.net/p/enigmail/bugs/983/ CVE-2019-12268 RESERVED CVE-2019-12267 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/999620c2e5609eed4f2223abdc2d59eb252c18bb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/999620c2e5609eed4f2223abdc2d59eb252c18bb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-12269/enigmail
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a90ebbae by Salvatore Bonaccorso at 2019-05-22T12:32:05Z Add Debian bug reference for CVE-2019-12269/enigmail - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,7 +9,7 @@ CVE-2019-12271 CVE-2019-12270 (OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configur ...) TODO: check CVE-2019-12269 (Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PG ...) - - enigmail + - enigmail (bug #929363) NOTE: https://sourceforge.net/p/enigmail/bugs/983/ CVE-2019-12268 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a90ebbae72a68a2b63d6be93f001284885f50ff2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a90ebbae72a68a2b63d6be93f001284885f50ff2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-12247/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b3b2def6 by Salvatore Bonaccorso at 2019-05-22T12:37:06Z Add CVE-2019-12247/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -53,8 +53,11 @@ CVE-2019-12249 RESERVED CVE-2019-12248 RESERVED -CVE-2019-12247 +CVE-2019-12247 [qemu-guest-agent: integer overflow while running guest-exec command] RESERVED + - qemu + - qemu-kvm + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html CVE-2019-12246 RESERVED CVE-2019-12245 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3b2def6ba22b86f862c09b6b02fee1205dcb55a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3b2def6ba22b86f862c09b6b02fee1205dcb55a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-12247/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9e7035e9 by Salvatore Bonaccorso at 2019-05-22T12:48:00Z Add Debian bug reference for CVE-2019-12247/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -55,7 +55,7 @@ CVE-2019-12248 RESERVED CVE-2019-12247 [qemu-guest-agent: integer overflow while running guest-exec command] RESERVED - - qemu + - qemu (bug #929365) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html CVE-2019-12246 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9e7035e9af66d7e551714dccdc9f3871ba6ed6ec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9e7035e9af66d7e551714dccdc9f3871ba6ed6ec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2019-5435/curl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6105 by Salvatore Bonaccorso at 2019-05-22T13:09:49Z Update information for CVE-2019-5435/curl curl_url_set function introduced in later versions, in 7.62.0 only. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17698,6 +17698,8 @@ CVE-2019-5436 [TFTP receive buffer overflow] CVE-2019-5435 [Integer overflows in curl_url_set] RESERVED - curl (bug #929352) + [stretch] - curl (Vulnerable code introduced later) + [jessie] - curl (Vulnerable code introduced later) NOTE: https://curl.haxx.se/docs/CVE-2019-5435.html NOTE: Introduced by: https://github.com/curl/curl/commit/fb30ac5a2d63773c52 NOTE: Fixed by: https://github.com/curl/curl/commit/5fc28510a4664f4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6105f423ace84ac9ad9e220db875a1ba0d24 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6105f423ace84ac9ad9e220db875a1ba0d24 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8e1632e0 by security tracker role at 2019-05-22T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,31 @@
+CVE-2019-12287
+ RESERVED
+CVE-2019-12286
+ RESERVED
+CVE-2019-12285
+ RESERVED
+CVE-2019-12284
+ RESERVED
+CVE-2019-12283
+ RESERVED
+CVE-2019-12282
+ RESERVED
+CVE-2019-12281
+ RESERVED
+CVE-2019-12280
+ RESERVED
+CVE-2019-12279 (Nagios XI 5.6.1 allows SQL injection via the username
parameter to log ...)
+ TODO: check
+CVE-2019-12278
+ RESERVED
+CVE-2019-12277 (Blogifier 2.3 before 2019-05-11 does not properly restrict
APIs, as de ...)
+ TODO: check
+CVE-2019-12276
+ RESERVED
+CVE-2019-12275
+ RESERVED
+CVE-2016-10750 (In Hazelcast before 3.11, the cluster join procedure is
vulnerable to ...)
+ TODO: check
CVE-2019-12274
RESERVED
CVE-2019-12273
@@ -53,8 +81,7 @@ CVE-2019-12249
RESERVED
CVE-2019-12248
RESERVED
-CVE-2019-12247 [qemu-guest-agent: integer overflow while running guest-exec
command]
- RESERVED
+CVE-2019-12247 (QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c
files d ...)
- qemu (bug #929365)
- qemu-kvm
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html
@@ -241,8 +268,8 @@ CVE-2019-12169
RESERVED
CVE-2019-12168 (Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow
remote code ...)
NOT-FOR-US: Four-Faith Wireless Mobile Router F3x24 devices
-CVE-2019-12167
- RESERVED
+CVE-2019-12167 (httpGetSet/httpGet.htm on Emerson Network Power Liebert
Challenger 5.1 ...)
+ TODO: check
CVE-2019-12166
RESERVED
CVE-2019-12165
@@ -391,8 +418,8 @@ CVE-2019-12104
RESERVED
CVE-2019-12103
RESERVED
-CVE-2019-12102
- RESERVED
+CVE-2019-12102 (Kentico 11 through 12 lets attackers upload and explore files
without ...)
+ TODO: check
CVE-2019-12101 (coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles
certain ...)
NOT-FOR-US: LibNyoci
CVE-2019-12100
@@ -512,8 +539,8 @@ CVE-2019-12047 (Gridea v0.8.0 has an XSS vulnerability
through which the Nodejs
NOT-FOR-US: Gridea
CVE-2019-12045
RESERVED
-CVE-2019-12044
- RESERVED
+CVE-2019-12044 (A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x
before 10. ...)
+ TODO: check
CVE-2019-12043 (In remarkable 1.7.1, lib/parser_inline.js mishandles URL
filtering, wh ...)
NOT-FOR-US: remarkable
CVE-2019-12042
@@ -820,8 +847,7 @@ CVE-2019-11892
RESERVED
CVE-2019-11891
RESERVED
-CVE-2019-12046 [lemonldap-ng tokens allows anonymous session when stored in
session DB]
- RESERVED
+CVE-2019-12046 (LemonLDAP::NG -2.0.3 has Incorrect Access Control. ...)
{DSA-4446-1 DLA-1790-1}
- lemonldap-ng 2.0.2+ds-7+deb10u1 (bug #928944)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1742
@@ -850,8 +876,8 @@ CVE-2019-11882
RESERVED
CVE-2019-11881
RESERVED
-CVE-2019-11880
- RESERVED
+CVE-2019-11880 (CommSy through 8.6.5 has SQL Injection via the cid parameter.
This is ...)
+ TODO: check
CVE-2019-11879 (** DISPUTED ** The WEBrick gem 1.4.2 for Ruby allows directory
travers ...)
TODO: check
CVE-2019-11878 (An issue was discovered on XiongMai Besder IP20H1
V4.02.R12.00035520.1 ...)
@@ -928,8 +954,8 @@ CVE-2019-11844 (An HTML Injection vulnerability has been
discovered on the RICOH
NOT-FOR-US: RICOH
CVE-2019-11843
RESERVED
-CVE-2019-11841
- RESERVED
+CVE-2019-11841 (A message-forgery issue was discovered in
crypto/openpgp/clearsign/cle ...)
+ TODO: check
CVE-2019-11840 (An issue was discovered in supplementary Go cryptography
libraries, ak ...)
TODO: check
CVE-2019-11839 (njs through 0.3.1, used in NGINX, has a heap-based buffer
overflow in ...)
@@ -1243,6 +1269,7 @@ CVE-2019-11699
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11699
CVE-2019-11698
RESERVED
+ {DSA-4448-1}
- firefox
- firefox-esr 60.7.0esr-1
- thunderbird
@@ -1271,6 +1298,7 @@ CVE-2019-11694
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11694
CVE-2019-11693
RESERVED
+ {DSA-4448-1}
- firefox
- firefox-esr 60.7.0esr-1
- thunderbird
@@ -1279,6 +1307,7 @@ CVE-2019-11693
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11693
CVE-2019-11692
RESERVED
+ {DSA-4448-1}
- firefox
- firefox-esr 60.7.0esr-1
- thunderbird
@@ -1287,6 +1316,7 @@ CVE-2019-11692
NOTE:
https://www.mozilla.org/en-US/security
[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 43648f71 by Salvatore Bonaccorso at 2019-05-22T20:23:34Z Process several NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11593,7 +11593,7 @@ CVE-2019-7843 CVE-2019-7842 (Adobe Media Encoder version 13.0.2 has a use-after-free vulnerability. ...) TODO: check CVE-2019-7841 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7840 RESERVED CVE-2019-7839 @@ -11603,163 +11603,163 @@ CVE-2019-7838 CVE-2019-7837 (Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and ear ...) NOT-FOR-US: Adobe CVE-2019-7836 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7835 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7834 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7833 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7832 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7831 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7830 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7829 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7828 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7827 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7826 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7825 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7824 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7823 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7822 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7821 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7820 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7819 RESERVED CVE-2019-7818 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7817 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7816 RESERVED CVE-2019-7815 RESERVED CVE-2019-7814 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7813 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7812 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7811 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7810 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7809 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7808 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7807 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7806 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7805 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7804 (Adobe Acrobat and Reader
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9d234294 by Salvatore Bonaccorso at 2019-05-22T20:36:44Z Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15,11 +15,11 @@ CVE-2019-12281 CVE-2019-12280 RESERVED CVE-2019-12279 (Nagios XI 5.6.1 allows SQL injection via the username parameter to log ...) - TODO: check + NOT-FOR-US: Nagios XI CVE-2019-12278 RESERVED CVE-2019-12277 (Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as de ...) - TODO: check + NOT-FOR-US: Blogifier CVE-2019-12276 RESERVED CVE-2019-12275 @@ -35,7 +35,7 @@ CVE-2019-12272 CVE-2019-12271 RESERVED CVE-2019-12270 (OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configur ...) - TODO: check + NOT-FOR-US: OpenText Brava! CVE-2019-12269 (Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PG ...) - enigmail (bug #929363) NOTE: https://sourceforge.net/p/enigmail/bugs/983/ @@ -269,7 +269,7 @@ CVE-2019-12169 CVE-2019-12168 (Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code ...) NOT-FOR-US: Four-Faith Wireless Mobile Router F3x24 devices CVE-2019-12167 (httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1 ...) - TODO: check + NOT-FOR-US: Emerson Network Power Liebert Challenger CVE-2019-12166 RESERVED CVE-2019-12165 @@ -419,7 +419,7 @@ CVE-2019-12104 CVE-2019-12103 RESERVED CVE-2019-12102 (Kentico 11 through 12 lets attackers upload and explore files without ...) - TODO: check + NOT-FOR-US: Kentico CVE-2019-12101 (coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles certain ...) NOT-FOR-US: LibNyoci CVE-2019-12100 @@ -540,7 +540,7 @@ CVE-2019-12047 (Gridea v0.8.0 has an XSS vulnerability through which the Nodejs CVE-2019-12045 RESERVED CVE-2019-12044 (A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10. ...) - TODO: check + NOT-FOR-US: Citrix NetScaler Gateway CVE-2019-12043 (In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, wh ...) NOT-FOR-US: remarkable CVE-2019-12042 @@ -877,7 +877,7 @@ CVE-2019-11882 CVE-2019-11881 RESERVED CVE-2019-11880 (CommSy through 8.6.5 has SQL Injection via the cid parameter. This is ...) - TODO: check + NOT-FOR-US: CommSy CVE-2019-11879 (** DISPUTED ** The WEBrick gem 1.4.2 for Ruby allows directory travers ...) TODO: check CVE-2019-11878 (An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.1 ...) @@ -1460,7 +1460,7 @@ CVE-2019-11636 (Zcash 2.x allows an inexpensive approach to "fill all transactio CVE-2019-11635 RESERVED CVE-2019-11634 (Citrix Workspace App before 1904 for Windows has Incorrect Access Cont ...) - TODO: check + NOT-FOR-US: Citrix Workspace App CVE-2019-11633 (HoneyPress through 2016-09-27 can be fingerprinted by attackers becaus ...) NOT-FOR-US: HoneyPress CVE-2019-11632 (In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019. ...) @@ -1734,7 +1734,7 @@ CVE-2019-11538 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3. CVE-2019-11537 (In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/ ...) NOT-FOR-US: osTicket CVE-2019-11536 (Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3 ...) - TODO: check + NOT-FOR-US: Kalki Kalkitech CVE-2019-11535 RESERVED CVE-2019-11534 @@ -2512,7 +2512,7 @@ CVE-2019-11233 CVE-2019-11232 RESERVED CVE-2019-11231 (An issue was discovered in GetSimple CMS through 3.3.15. insufficient ...) - TODO: check + NOT-FOR-US: GetSimple CMS CVE-2019-11230 RESERVED CVE-2019-11229 (models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 m ...) @@ -10271,9 +10271,9 @@ CVE-2019-8445 CVE-2019-8444 RESERVED CVE-2019-8443 (The ViewUpgrades resource in Jira before version 7.13.4, from version ...) - TODO: check + NOT-FOR-US: Atlassian Jira CVE-2019-8442 (The CachingResourceDownloadRewriteRule class in Jira before version 7. ...) - TODO: check + NOT-FOR-US: Atlassian Jira CVE-2019-8441 RESERVED CVE-2019-8440 (An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulner ...) @@ -11587,11 +11587,11 @@ CVE-2019-7846 CVE-2019-7845 RESERVED CVE-2019-7844 (Adobe Media Encoder version 13.0.2 has an out-of-bounds read vulnerabi ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7843 RESERVED CVE-2019-7842 (Adobe Media Encoder version 13.0.2 has a use-after-free vulnerability. ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7841 (Adobe Acrobat and Reader ver
[Git][security-tracker-team/security-tracker][master] Add CVE-2016-10750/hazalcast (itp'ed)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a959abe6 by Salvatore Bonaccorso at 2019-05-22T20:37:46Z Add CVE-2016-10750/hazalcast (itp'ed) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25,7 +25,7 @@ CVE-2019-12276 CVE-2019-12275 RESERVED CVE-2016-10750 (In Hazelcast before 3.11, the cluster join procedure is vulnerable to ...) - TODO: check + - hazelcast (bug #745640) CVE-2019-12274 RESERVED CVE-2019-12273 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a959abe681c77e516c44d39f09f5b1a74c1250cf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a959abe681c77e516c44d39f09f5b1a74c1250cf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-10142/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0128a457 by Salvatore Bonaccorso at 2019-05-22T21:09:25Z Add CVE-2019-10142/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5118,8 +5118,11 @@ CVE-2019-10144 RESERVED CVE-2019-10143 RESERVED -CVE-2019-10142 +CVE-2019-10142 [drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl] RESERVED + - linux (unimportant) + NOTE: Fixed by: https://git.kernel.org/linus/6a024330650e24556b8a18cc654ad00cfecf6c6c + NOTE: CONFIG_FSL_HV_MANAGER not enabled in kernel builds in Debian. CVE-2019-10141 RESERVED - ironic-inspector 8.0.0-3 (bug #929332) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0128a457281d32a84d0b50ed5c780b4ca29b4fbe -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0128a457281d32a84d0b50ed5c780b4ca29b4fbe You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for wpa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 01fb53c5 by Salvatore Bonaccorso at 2019-05-22T21:34:50Z Update status for wpa - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -61,7 +61,7 @@ thunderbird (jmm) wordpress -- wpa - Maintainer prepared an update, needs review and ack + Maintainer prepared an update -- xen -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/01fb53c5e12d34a3a9aca766aba09f5b861604ad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/01fb53c5e12d34a3a9aca766aba09f5b861604ad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fix for firefox via experimental
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bf00fd56 by Salvatore Bonaccorso at 2019-05-23T08:05:52Z
Track fix for firefox via experimental
The upload went to experimental actually given cbindgen is not available
in unstable, so we won't see updates to unstable probably for firefox
until buster release.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1277,6 +1277,7 @@ CVE-2019-11702
RESERVED
CVE-2019-11701
RESERVED
+ [experimental] - firefox 67.0-1
- firefox
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11701
CVE-2019-11700
@@ -1285,11 +1286,13 @@ CVE-2019-11700
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11700
CVE-2019-11699
RESERVED
+ [experimental] - firefox 67.0-1
- firefox
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11699
CVE-2019-11698
RESERVED
{DSA-4448-1}
+ [experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
- thunderbird
@@ -1298,14 +1301,17 @@ CVE-2019-11698
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11698
CVE-2019-11697
RESERVED
+ [experimental] - firefox 67.0-1
- firefox
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11697
CVE-2019-11696
RESERVED
+ [experimental] - firefox 67.0-1
- firefox
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11696
CVE-2019-11695
RESERVED
+ [experimental] - firefox 67.0-1
- firefox
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11695
CVE-2019-11694
@@ -1319,6 +1325,7 @@ CVE-2019-11694
CVE-2019-11693
RESERVED
{DSA-4448-1}
+ [experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
- thunderbird
@@ -1328,6 +1335,7 @@ CVE-2019-11693
CVE-2019-11692
RESERVED
{DSA-4448-1}
+ [experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
- thunderbird
@@ -1337,6 +1345,7 @@ CVE-2019-11692
CVE-2019-11691
RESERVED
{DSA-4448-1}
+ [experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
- thunderbird
@@ -6648,11 +6657,13 @@ CVE-2019-9822
RESERVED
CVE-2019-9821
RESERVED
+ [experimental] - firefox 67.0-1
- firefox
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9821
CVE-2019-9820
RESERVED
{DSA-4448-1}
+ [experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
- thunderbird
@@ -6662,6 +6673,7 @@ CVE-2019-9820
CVE-2019-9819
RESERVED
{DSA-4448-1}
+ [experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
- thunderbird
@@ -6679,6 +6691,7 @@ CVE-2019-9818
CVE-2019-9817
RESERVED
{DSA-4448-1}
+ [experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
- thunderbird
@@ -6688,6 +6701,7 @@ CVE-2019-9817
CVE-2019-9816
RESERVED
{DSA-4448-1}
+ [experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
- thunderbird
@@ -6704,6 +6718,7 @@ CVE-2019-9815
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9815
CVE-2019-9814
RESERVED
+ [experimental] - firefox 67.0-1
- firefox
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9814
CVE-2019-9813 (Incorrect handling of __proto__ mutations may lead to type
confusion i ...)
@@ -6756,6 +6771,7 @@ CVE-2019-9801 (Firefox will accept any registered Program
ID as an external prot
CVE-2019-9800
RESERVED
{DSA-4448-1}
+ [experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
- thunderbird
@@ -13069,6 +13085,7 @@ CVE-2019-7318
CVE-2019-7317 (png_image_free in png.c in libpng 1.6.36 has a use-after-free
because ...)
{DSA-4448-1 DSA-4435-1}
- libpng1.6 1.6.36-4 (bug #921355)
+ [experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
- thunderbird
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf00fd56eba86d61c705aa2814e9e276f010ff88
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf00fd56eba86d61c705aa2814e9e276f010ff88
You're receiving this email because of your account on salsa.
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0f6dc995 by security tracker role at 2019-05-23T08:10:15Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,17 @@
+CVE-2019-12294
+ RESERVED
+CVE-2019-12293 (In Poppler through 0.76.1, there is a heap-based buffer
over-read in J ...)
+ TODO: check
+CVE-2019-12292
+ RESERVED
+CVE-2019-12291
+ RESERVED
+CVE-2019-12290
+ RESERVED
+CVE-2019-12289
+ RESERVED
+CVE-2019-12288
+ RESERVED
CVE-2019-12287
RESERVED
CVE-2019-12286
@@ -1594,6 +1608,7 @@ CVE-2019-11627 (gpg-key2ps in signing-party 1.1.x and 2.x
before 2.10-1 contains
[stretch] - signing-party (Will be fixed via point release)
NOTE:
https://salsa.debian.org/signing-party-team/signing-party/commit/cd69b6c0426a6160ef3de03fce9c7f112166d5a8
CVE-2019-11599 (The coredump implementation in the Linux kernel before 5.0.10
does not ...)
+ {DLA-1799-1}
- linux 4.19.37-1
NOTE: https://marc.info/?l=linux-mm&m=155355419911404&w=2
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
@@ -1891,6 +1906,7 @@ CVE-2019-11487 (The Linux kernel before 5.1-rc5 allows
page->_refcount refere
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1752
NOTE: https://lwn.net/Articles/786044/
CVE-2019-11486 (The Siemens R3964 line discipline driver in
drivers/tty/n_r3964.c in t ...)
+ {DLA-1799-1}
- linux 4.19.37-1
NOTE:
https://git.kernel.org/linus/c7084edc3f6d67750f50d4183134c4fb5712a5c8
NOTE: Upstream commits marks driver as BROKEN and can be considered
fixed starting
@@ -2299,6 +2315,7 @@ CVE-2019-11339 (The studio profile decoder in
libavcodec/mpeg4videodec.c in FFmp
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a
CVE-2019-11338 (libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of
duplicate ...)
+ {DSA-4449-1}
- ffmpeg 7:4.1.3-1
- libav
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e
@@ -2640,6 +2657,7 @@ CVE-2019-11191 (The Linux kernel through 5.0.7, when
CONFIG_IA32_AOUT is enabled
- linux (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/4
CVE-2019-11190 (The Linux kernel before 4.8 allows local users to bypass ASLR
on setui ...)
+ {DLA-1799-1}
- linux 4.8.5-1
NOTE:
https://git.kernel.org/linus/9f834ec18defc369d73ccf9e87a2790bfa05bf46 (4.8-rc5)
NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/4
@@ -2839,7 +2857,7 @@ CVE-2019-11092
RESERVED
CVE-2019-11091 [MDSUM Microarchitectural Data Sampling Uncacheable Memory]
RESERVED
- {DSA-4447-1 DSA--1 DLA-1789-1 DLA-1787-1}
+ {DSA-4447-1 DSA--1 DLA-1799-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen (bug #929129)
@@ -7053,6 +7071,7 @@ CVE-2019-9720
CVE-2019-9719
RESERVED
CVE-2019-9718 (In FFmpeg 4.1, a denial of service in the subtitle decoder
allows atta ...)
+ {DSA-4449-1}
- ffmpeg 7:4.1.3-1 (low; bug #92)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982
- libav
@@ -7641,6 +7660,7 @@ CVE-2019-9504
RESERVED
CVE-2019-9503 [brcmfmac: add subtype check for event handling in data path]
RESERVED
+ {DLA-1799-1}
- linux
NOTE:
https://git.kernel.org/linus/a4176ec356c73a46c07c181c6d04039fafa34a9f (5.1-rc1)
CVE-2019-9502
@@ -14265,38 +14285,38 @@ CVE-2019-6823
RESERVED
CVE-2019-6822
RESERVED
-CVE-2019-6821
- RESERVED
-CVE-2019-6820
- RESERVED
-CVE-2019-6819
- RESERVED
+CVE-2019-6821 (CWE-330: Use of Insufficiently Random Values vulnerability,
which coul ...)
+ TODO: check
+CVE-2019-6820 (A CWE-306: Missing Authentication for Critical Function
vulnerability ...)
+ TODO: check
+CVE-2019-6819 (A CWE-754: Improper Check for Unusual or Exceptional Conditions
vulner ...)
+ TODO: check
CVE-2019-6818
RESERVED
CVE-2019-6817
RESERVED
-CVE-2019-6816
- RESERVED
-CVE-2019-6815
- RESERVED
-CVE-2019-6814
- RESERVED
+CVE-2019-6816 (In Modicon Quantum all firmware versions, a CWE-94: Code
Injection vul ...)
+ TODO: check
+CVE-2019-6815 (In Modicon Quantum all firmware versions, CWE-264: Permissions,
Privil ...)
+ TODO: check
+CVE-2019-6814 (An Improper Access Control: CWE-284 vulnerability exists in the
NET55X ...)
+ TODO: check
CVE-2019-6813
RESERVED
-CVE-2019-6812
- RESERVED
+CVE-2
[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 24f14056 by Salvatore Bonaccorso at 2019-05-23T08:20:35Z Process several NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14286,25 +14286,25 @@ CVE-2019-6823 CVE-2019-6822 RESERVED CVE-2019-6821 (CWE-330: Use of Insufficiently Random Values vulnerability, which coul ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2019-6820 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2019-6819 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2019-6818 RESERVED CVE-2019-6817 RESERVED CVE-2019-6816 (In Modicon Quantum all firmware versions, a CWE-94: Code Injection vul ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2019-6815 (In Modicon Quantum all firmware versions, CWE-264: Permissions, Privil ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2019-6814 (An Improper Access Control: CWE-284 vulnerability exists in the NET55X ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2019-6813 RESERVED CVE-2019-6812 (A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2019-6811 RESERVED CVE-2019-6810 @@ -14312,11 +14312,11 @@ CVE-2019-6810 CVE-2019-6809 RESERVED CVE-2019-6808 (A CWE-284: Improper Access Control vulnerability exists in all version ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2019-6807 (A CWE-248: Uncaught Exception vulnerability exists in all versions of ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2019-6806 (A CWE-200: Information Exposure vulnerability exists in all versions o ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2019-6805 (SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi ...) NOT-FOR-US: S-CMS CVE-2019-6804 (An XSS issue was discovered on the Job Edit page in Rundeck Community ...) @@ -44967,7 +44967,7 @@ CVE-2018-14731 (An issue was discovered in HMRServer.js in Parcel parcel-bundler CVE-2018-14730 (An issue was discovered in Browserify-HMR. Attackers are able to steal ...) NOT-FOR-US: Browserify-HMR CVE-2018-14729 (The database backup feature in upload/source/admincp/admincp_db.php in ...) - TODO: check + NOT-FOR-US: Discuz! CVE-2018-14728 (upload.php in Responsive FileManager 9.13.1 allows SSRF via the url pa ...) NOT-FOR-US: Responsive FileManager CVE-2018-14727 @@ -63372,41 +63372,41 @@ CVE-2018-7858 (Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx V [wheezy] - qemu-kvm (Vulnerable code not present) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html CVE-2018-7857 (A CWE-248: Uncaught Exception vulnerability exists in all versions of ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2018-7856 (A CWE-248: Uncaught Exception vulnerability exists in all versions of ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2018-7855 (A CWE-248 Uncaught Exception vulnerability exists in all versions of t ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2018-7854 (A CWE-248 Uncaught Exception vulnerability exists in all versions of t ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2018-7853 (A CWE-248: Uncaught Exception vulnerability exists in all versions of ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2018-7852 (A CWE-248: Uncaught Exception vulnerability exists in all versions of ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2018-7851 (CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmw ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2018-7850 (A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnera ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2018-7849 (A CWE-248: Uncaught Exception vulnerability exists in all versions of ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2018-7848 (A CWE-200: Information Exposure vulnerability exists in all versions o ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2018-7847 (A CWE-284: Improper Access Control vulnerability exists in all version ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2018-7846 (A CWE-501: Trust Boundary Violation vulnerability on connection to the ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2018-7845 (A CWE-125: Out-of-bounds
[Git][security-tracker-team/security-tracker][master] Add CVE-2017-5984/libav
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 72572f25 by Salvatore Bonaccorso at 2019-05-23T08:23:02Z Add CVE-2017-5984/libav - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -121214,7 +121214,10 @@ CVE-2017-5985 (lxc-user-nic in Linux Containers (LXC) allows local users with a NOTE: stable-2.0: https://github.com/lxc/lxc/commit/d512bd5efb0e407eba350c4e649c464a65b712a3 NOTE: stable-1.0: https://github.com/lxc/lxc/commit/c905f00ad78b78a5e9c0d67504b86e00dfe085ec CVE-2017-5984 (In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a h ...) - TODO: check + - libav + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1019 + NOTE: https://patches.libav.org/patch/62534/ + TODO: check if affects src:ffmpeg CVE-2017-5983 (The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3. ...) NOT-FOR-US: JIRA Workflow Designer Plugin CVE-2017-5982 (Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/72572f2581b270c8acfe7102148d022d8738f63a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/72572f2581b270c8acfe7102148d022d8738f63a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-12293/poppler
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c5a42f3e by Salvatore Bonaccorso at 2019-05-23T08:29:11Z Add CVE-2019-12293/poppler - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,6 +1,8 @@ CVE-2019-12294 RESERVED CVE-2019-12293 (In Poppler through 0.76.1, there is a heap-based buffer over-read in J ...) + - poppler + NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/768 TODO: check CVE-2019-12292 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5a42f3eaaa64002f3d80c68fea49f3995224b87 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5a42f3eaaa64002f3d80c68fea49f3995224b87 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add reference to upstream commit for CVE-2019-12293/poppler
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3fd9b70b by Salvatore Bonaccorso at 2019-05-23T08:33:19Z Add reference to upstream commit for CVE-2019-12293/poppler - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,7 @@ CVE-2019-12294 CVE-2019-12293 (In Poppler through 0.76.1, there is a heap-based buffer over-read in J ...) - poppler NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/768 - TODO: check + NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/89a5367d49b2556a2635dbb6d48d6a6b182a2c6c CVE-2019-12292 RESERVED CVE-2019-12291 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3fd9b70b4828edcef28a35428e9954594af01369 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3fd9b70b4828edcef28a35428e9954594af01369 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-12293/poppler
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b4792ee8 by Salvatore Bonaccorso at 2019-05-23T08:54:57Z Add Debian bug reference for CVE-2019-12293/poppler - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2019-12294 RESERVED CVE-2019-12293 (In Poppler through 0.76.1, there is a heap-based buffer over-read in J ...) - - poppler + - poppler (bug #929423) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/768 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/89a5367d49b2556a2635dbb6d48d6a6b182a2c6c CVE-2019-12292 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4792ee8f21382b75c884b685fa2259ed6dce264 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4792ee8f21382b75c884b685fa2259ed6dce264 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-12295/wireshark
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 93fa by Salvatore Bonaccorso at 2019-05-23T14:38:37Z Add CVE-2019-12295/wireshark - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,8 @@ +CVE-2019-12295 [dissection engine crash] + - wireshark + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820 + NOTE: https://www.wireshark.org/security/wnpa-sec-2019-19.html CVE-2019-12294 RESERVED CVE-2019-12293 (In Poppler through 0.76.1, there is a heap-based buffer over-read in J ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/93fad78ef451c26879a220033b631c96e89e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/93fad78ef451c26879a220033b631c96e89e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2018-20509
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1f6ca385 by Salvatore Bonaccorso at 2019-05-23T16:28:45Z Add fixed version for CVE-2018-20509 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22685,7 +22685,7 @@ CVE-2018-20510 (The print_binder_transaction_ilocked function in drivers/android - linux 4.16.5-1 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8ca86f1639ec5890d400fff9211aca22d0a392eb CVE-2018-20509 (The print_binder_ref_olocked function in drivers/android/binder.c in t ...) - - linux + - linux 4.14.2-1 NOTE: https://security.netapp.com/advisory/ntap-20190517-0002/ CVE-2018-20508 (CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This ...) NOT-FOR-US: CrashFix View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f6ca385a2ffd520874d7b6b061ad847190ac2cf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f6ca385a2ffd520874d7b6b061ad847190ac2cf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-12295/wireshark
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 71a470d8 by Salvatore Bonaccorso at 2019-05-23T18:02:43Z Add Debian bug reference for CVE-2019-12295/wireshark - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2019-12295 [dissection engine crash] - - wireshark + - wireshark (bug #929446) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820 NOTE: https://www.wireshark.org/security/wnpa-sec-2019-19.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/71a470d8dc75df0d5a38a182ca7bb4757031f01b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/71a470d8dc75df0d5a38a182ca7bb4757031f01b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] thunderbird issues fixed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7d464583 by Salvatore Bonaccorso at 2019-05-23T19:35:19Z
thunderbird issues fixed in unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1317,7 +1317,7 @@ CVE-2019-11698
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
- - thunderbird
+ - thunderbird 1:60.7.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11698
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11698
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11698
@@ -1350,7 +1350,7 @@ CVE-2019-11693
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
- - thunderbird
+ - thunderbird 1:60.7.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11693
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11693
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11693
@@ -1360,7 +1360,7 @@ CVE-2019-11692
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
- - thunderbird
+ - thunderbird 1:60.7.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11692
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11692
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11692
@@ -1370,7 +1370,7 @@ CVE-2019-11691
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
- - thunderbird
+ - thunderbird 1:60.7.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11691
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11691
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11691
@@ -6691,7 +6691,7 @@ CVE-2019-9820
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
- - thunderbird
+ - thunderbird 1:60.7.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9820
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9820
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9820
@@ -6701,7 +6701,7 @@ CVE-2019-9819
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
- - thunderbird
+ - thunderbird 1:60.7.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9819
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9819
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9819
@@ -6719,7 +6719,7 @@ CVE-2019-9817
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
- - thunderbird
+ - thunderbird 1:60.7.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9817
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9817
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9817
@@ -6729,7 +6729,7 @@ CVE-2019-9816
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
- - thunderbird
+ - thunderbird 1:60.7.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9816
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9816
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9816
@@ -6799,7 +6799,7 @@ CVE-2019-9800
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
- - thunderbird
+ - thunderbird 1:60.7.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9800
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9800
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9800
@@ -6813,7 +6813,7 @@ CVE-2019-9797 (Cross-origin images can be read in
violation of the same-origin p
{DSA-4448-1}
- firefox 66.0-1
- firefox-esr 60.7.0esr-1
- - thunderbird
+ - thunderbird 1:60.7.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9797
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9797
NOTE:
https://www.mozilla.org/en-US/security
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8373080c by security tracker role at 2019-05-23T20:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,4 +1,30 @@
-CVE-2019-12295 [dissection engine crash]
+CVE-2019-12308
+ RESERVED
+CVE-2019-12307
+ RESERVED
+CVE-2019-12306
+ RESERVED
+CVE-2019-12305
+ RESERVED
+CVE-2019-12304
+ RESERVED
+CVE-2019-12303
+ RESERVED
+CVE-2019-12302
+ RESERVED
+CVE-2019-12301 (The Percona Server 5.6.44-85.0-1 packages for Debian and
Ubuntu suffer ...)
+ TODO: check
+CVE-2019-12300 (Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a
user-submitted au ...)
+ TODO: check
+CVE-2019-12299
+ RESERVED
+CVE-2019-12298 (Leanify 0.4.3 allows remote attackers to trigger an
out-of-bounds writ ...)
+ TODO: check
+CVE-2019-12297 (An issue was discovered in scopd on Motorola routers CX2 1.01
and M2 1 ...)
+ TODO: check
+CVE-2019-12296
+ RESERVED
+CVE-2019-12295 (In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to
2.4.14, the ...)
- wireshark (bug #929446)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820
@@ -15,10 +41,10 @@ CVE-2019-12291
RESERVED
CVE-2019-12290
RESERVED
-CVE-2019-12289
- RESERVED
-CVE-2019-12288
- RESERVED
+CVE-2019-12289 (An issue was discovered in upgrade_firmware.cgi on VStarcam
100T (C782 ...)
+ TODO: check
+CVE-2019-12288 (An issue was discovered in upgrade_htmls.cgi on VStarcam 100T
(C7824WI ...)
+ TODO: check
CVE-2019-12287
RESERVED
CVE-2019-12286
@@ -51,8 +77,8 @@ CVE-2019-12274
RESERVED
CVE-2019-12273
RESERVED
-CVE-2019-12272
- RESERVED
+CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints
admin/status/realtime/band ...)
+ TODO: check
CVE-2019-12271
RESERVED
CVE-2019-12270 (OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4
configur ...)
@@ -585,8 +611,8 @@ CVE-2019-12044 (A Buffer Overflow exists in Citrix
NetScaler Gateway 10.5.x befo
NOT-FOR-US: Citrix NetScaler Gateway
CVE-2019-12043 (In remarkable 1.7.1, lib/parser_inline.js mishandles URL
filtering, wh ...)
NOT-FOR-US: remarkable
-CVE-2019-12042
- RESERVED
+CVE-2019-12042 (Insecure permissions of the section object
Global\PandaDevicesAgentSha ...)
+ TODO: check
CVE-2019-12041 (lib/common/html_re.js in remarkable 1.7.1 allows Regular
Expression De ...)
NOT-FOR-US: remarkable
CVE-2019-12040
@@ -932,8 +958,8 @@ CVE-2019-11875
RESERVED
CVE-2019-11874
RESERVED
-CVE-2019-11873
- RESERVED
+CVE-2019-11873 (wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in
tls13.c when ...)
+ TODO: check
CVE-2019-11872
RESERVED
CVE-2019-11871 (The Custom Field Suite plugin before 2.5.15 for WordPress has
XSS for ...)
@@ -1313,7 +1339,7 @@ CVE-2019-11699
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11699
CVE-2019-11698
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
@@ -1346,7 +1372,7 @@ CVE-2019-11694
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11694
CVE-2019-11693
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
@@ -1356,7 +1382,7 @@ CVE-2019-11693
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11693
CVE-2019-11692
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
@@ -1366,7 +1392,7 @@ CVE-2019-11692
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11692
CVE-2019-11691
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
@@ -3192,8 +3218,8 @@ CVE-2019-10979
RESERVED
CVE-2019-10978
RESERVED
-CVE-2019-10977
- RESERVED
+CVE-2019-10977 (In Mitsubishi Electric MELSEC-Q series Ethernet module
QJ71E71-100 ser ...)
+ TODO: check
CVE-2019-10976
RESERVED
CVE-2019-10975
@@ -3514,8 +3540,8 @@ CVE-2019-10869 (Path Traversal and Unrestricted File
Upload exists in the Ninja
NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2019-10867 (An issue was discovered in Pimcore before 5.7.1. An attacker
with clas ...)
NOT-FOR-US: Pimcore
-CVE-2019-10866
- RESERVED
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 22a93a32 by Salvatore Bonaccorso at 2019-05-24T06:49:17Z Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13618,89 +13618,89 @@ CVE-2019-7140 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 201 CVE-2019-7139 (An unauthenticated user can execute arbitrary code through an SQL inje ...) NOT-FOR-US: Magento CVE-2019-7138 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7137 (Adobe Bridge CC versions 9.0.2 have a memory corruption vulnerability. ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7136 (Adobe Bridge CC versions 9.0.2 have an use after free vulnerability. S ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7135 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7134 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7133 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7132 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds write vulnerabili ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7131 RESERVED CVE-2019-7130 (Adobe Bridge CC versions 9.0.2 have a heap overflow vulnerability. Suc ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7129 RESERVED CVE-2019-7128 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7127 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7126 RESERVED CVE-2019-7125 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7124 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7123 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7122 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7121 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7120 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7119 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7118 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7117 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7116 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7115 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7114 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7113 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7112 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7111 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7110 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7109 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7108 (Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and ear ...) NOT-FOR-US: Adobe Flash Player CVE-2019-7107 (Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink proc ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7106 (Adobe XD versions 16.0 and earlier have a path traversal vulnerability ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7105 (Adobe XD versions 16.0 and earlier have a path traversal vulnerability ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7104 (Adobe Shockwave Player versions 12.3.4.204 and
[Git][security-tracker-team/security-tracker][master] Add fixed version for advancecomp issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3ab92d0c by Salvatore Bonaccorso at 2019-05-24T06:50:41Z Add fixed version for advancecomp issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10505,7 +10505,7 @@ CVE-2019-8385 CVE-2019-8384 RESERVED CVE-2019-8383 (An issue was discovered in AdvanceCOMP through 2.1. An invalid memory ...) - - advancecomp (bug #928730) + - advancecomp 2.1-2.1 (bug #928730) [stretch] - advancecomp (Minor issue) [jessie] - advancecomp (Minor issue) NOTE: https://sourceforge.net/p/advancemame/bugs/272/ @@ -10519,7 +10519,7 @@ CVE-2019-8381 (An issue was discovered in Tcpreplay 4.3.1. An invalid memory acc CVE-2019-8380 (An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereferenc ...) NOT-FOR-US: Bento4 CVE-2019-8379 (An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer der ...) - - advancecomp (bug #928729) + - advancecomp 2.1-2.1 (bug #928729) [stretch] - advancecomp (Minor issue) [jessie] - advancecomp (Minor issue) NOTE: https://sourceforge.net/p/advancemame/bugs/271/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ab92d0c2edc924f28556f48eb20cfc96e2e374d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ab92d0c2edc924f28556f48eb20cfc96e2e374d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-10143/freefradius
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c574ebce by Salvatore Bonaccorso at 2019-05-24T06:54:08Z Add CVE-2019-10143/freefradius - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5199,8 +5199,10 @@ CVE-2019-10145 RESERVED CVE-2019-10144 RESERVED -CVE-2019-10143 +CVE-2019-10143 [privilege escalation due to insecure logration] RESERVED + - freeradius + NOTE: https://github.com/FreeRADIUS/freeradius-server/pull/2666 CVE-2019-10142 [drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl] RESERVED - linux (unimportant) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c574ebcebbaeb2447bc448a2e8c60ac2c79b100b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c574ebcebbaeb2447bc448a2e8c60ac2c79b100b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cae35133 by Salvatore Bonaccorso at 2019-05-24T07:05:54Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21,7 +21,7 @@ CVE-2019-12299 CVE-2019-12298 (Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds writ ...) TODO: check CVE-2019-12297 (An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1 ...) - TODO: check + NOT-FOR-US: Motorola CVE-2019-12296 RESERVED CVE-2019-12295 (In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the ...) @@ -42,9 +42,9 @@ CVE-2019-12291 CVE-2019-12290 RESERVED CVE-2019-12289 (An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C782 ...) - TODO: check + NOT-FOR-US: VStarcam CVE-2019-12288 (An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WI ...) - TODO: check + NOT-FOR-US: VStarcam CVE-2019-12287 RESERVED CVE-2019-12286 @@ -78,7 +78,7 @@ CVE-2019-12274 CVE-2019-12273 RESERVED CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/band ...) - TODO: check + NOT-FOR-US: OpenWrt LuCI CVE-2019-12271 RESERVED CVE-2019-12270 (OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configur ...) @@ -3219,7 +3219,7 @@ CVE-2019-10979 CVE-2019-10978 RESERVED CVE-2019-10977 (In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 ser ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2019-10976 RESERVED CVE-2019-10975 @@ -3541,7 +3541,7 @@ CVE-2019-10869 (Path Traversal and Unrestricted File Upload exists in the Ninja CVE-2019-10867 (An issue was discovered in Pimcore before 5.7.1. An attacker with clas ...) NOT-FOR-US: Pimcore CVE-2019-10866 (In the Form Maker plugin before 1.13.3 for WordPress, it's possible to ...) - TODO: check + NOT-FOR-US: Form Maker plugin for WordPress CVE-2019-10865 RESERVED CVE-2019-10864 (The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowin ...) @@ -3565,19 +3565,19 @@ CVE-2019-10856 (In Jupyter Notebook before 5.7.8, an open redirect can occur via NOTE: https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4 NOTE: https://github.com/jupyter/notebook/commit/979e0bd15e794ceb00cc63737fcd5fd9addc4a99 CVE-2019-10855 (Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 ...) - TODO: check + NOT-FOR-US: Computrols CBAS CVE-2019-10854 (Computrols CBAS 18.0.0 allows Authenticated Command Injection. ...) - TODO: check + NOT-FOR-US: Computrols CBAS CVE-2019-10853 (Computrols CBAS 18.0.0 allows Authentication Bypass. ...) - TODO: check + NOT-FOR-US: Computrols CBAS CVE-2019-10852 (Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via th ...) - TODO: check + NOT-FOR-US: Computrols CBAS CVE-2019-10851 (Computrols CBAS 18.0.0 has hard-coded encryption keys. ...) - TODO: check + NOT-FOR-US: Computrols CBAS CVE-2019-10850 (Computrols CBAS 18.0.0 has Default Credentials. ...) - TODO: check + NOT-FOR-US: Computrols CBAS CVE-2019-10849 (Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / ...) - TODO: check + NOT-FOR-US: Computrols CBAS CVE-2019-10848 RESERVED CVE-2019-10847 @@ -5684,7 +5684,7 @@ CVE-2019-9951 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultr CVE-2019-9950 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My ...) NOT-FOR-US: Western Digital CVE-2019-9949 (Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100 ...) - TODO: check + NOT-FOR-US: Western Digital CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file: scheme, w ...) - python2.7 2.7.16-2 NOTE: https://bugs.python.org/issue35907 @@ -65633,9 +65633,9 @@ CVE-2018-7204 (inc/logger.php in the Giribaz File Manager plugin before 5.0.2 fo CVE-2018-7203 (Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 throu ...) NOT-FOR-US: Twonky Server CVE-2018-7202 (An issue was discovered in ProjectSend before r1053. XSS exists in the ...) - TODO: check + NOT-FOR-US: ProjectSend CVE-2018-7201 (CSV Injection was discovered in ProjectSend before r1053, affecting vi ...) - TODO: check + NOT-FOR-US: ProjectSend CVE-2018-7200 RESERVED CVE-2018-7199 @@ -85471,9 +85471,9 @@ CVE-2017-17063 CVE-2017-17062 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, ...) NOT-FOR-US: Open-Xchange CVE-2017-17061 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross ...) -
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-10143/freeradius
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4de580bc by Salvatore Bonaccorso at 2019-05-24T07:06:43Z Add Debian bug reference for CVE-2019-10143/freeradius - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5201,7 +5201,7 @@ CVE-2019-10144 RESERVED CVE-2019-10143 [privilege escalation due to insecure logration] RESERVED - - freeradius + - freeradius (bug #929466) NOTE: https://github.com/FreeRADIUS/freeradius-server/pull/2666 CVE-2019-10142 [drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl] RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4de580bce91dfc4e9b2e0aca8cb9182f90efc066 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4de580bce91dfc4e9b2e0aca8cb9182f90efc066 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2016-8901/b2evolution
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9b890d60 by Salvatore Bonaccorso at 2019-05-24T07:08:15Z Add CVE-2016-8901/b2evolution - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -139674,7 +139674,7 @@ CVE-2016-8903 (SQL injection vulnerability in the "Site Browser > Templates p CVE-2016-8902 (SQL injection vulnerability in the categoriesServlet servlet in dotCMS ...) NOT-FOR-US: dotCMS CVE-2016-8901 (b2evolution 6.7.6 suffer from an Object Injection vulnerability in /ht ...) - TODO: check + - b2evolution CVE-2016-8900 RESERVED CVE-2016-8899 (Exponent CMS version 2.3.9 suffers from a Object Injection vulnerabili ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b890d60ee0bac17a3a4ad5635cb547a7e84c7dc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b890d60ee0bac17a3a4ad5635cb547a7e84c7dc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-11873/wolfssl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 98421ab1 by Salvatore Bonaccorso at 2019-05-24T07:07:49Z Add CVE-2019-11873/wolfssl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -959,7 +959,7 @@ CVE-2019-11875 CVE-2019-11874 RESERVED CVE-2019-11873 (wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when ...) - TODO: check + - wolfssl CVE-2019-11872 RESERVED CVE-2019-11871 (The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/98421ab1bbf373a8a250ce99cce21aba5f491a03 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/98421ab1bbf373a8a250ce99cce21aba5f491a03 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2017-15652/ghostscript
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: abd2b58e by Salvatore Bonaccorso at 2019-05-24T07:15:21Z Add CVE-2017-15652/ghostscript - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -91442,7 +91442,11 @@ CVE-2017-15654 (Highly predictable session tokens in the HTTPd server in all cur CVE-2017-15653 (Improper administrator IP validation after his login in the HTTPd serv ...) NOT-FOR-US: HTTPd server in Asus asuswrt CVE-2017-15652 (Artifex Ghostscript 9.22 is affected by: Obtain Information. The impac ...) - TODO: check + - ghostscript 9.25~dfsg-1 + [stretch] - ghostscript 9.25~dfsg-0+deb9u1 + [jessie] - ghostscript 9.26a~dfsg-0+deb8u1 + NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2fc463d0e + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698676 CVE-2017-15651 (PRTG Network Monitor 17.3.33.2830 allows remote authenticated administ ...) NOT-FOR-US: PRTG Network Monitor CVE-2017-15649 (net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/abd2b58e47cfa48cbd5be82df6bc8647c08e9f49 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/abd2b58e47cfa48cbd5be82df6bc8647c08e9f49 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add tag information for CVE-2017-15652/ghostscript
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f469bd4 by Salvatore Bonaccorso at 2019-05-24T07:16:47Z Add tag information for CVE-2017-15652/ghostscript - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -91445,7 +91445,7 @@ CVE-2017-15652 (Artifex Ghostscript 9.22 is affected by: Obtain Information. The - ghostscript 9.25~dfsg-1 [stretch] - ghostscript 9.25~dfsg-0+deb9u1 [jessie] - ghostscript 9.26a~dfsg-0+deb8u1 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2fc463d0e + NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2fc463d0e (ghostpdl-9.23rc1) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698676 CVE-2017-15651 (PRTG Network Monitor 17.3.33.2830 allows remote authenticated administ ...) NOT-FOR-US: PRTG Network Monitor View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9f469bd418dada6bad6007f1ea4826d8b6d97a00 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9f469bd418dada6bad6007f1ea4826d8b6d97a00 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-11873
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 478c0956 by Salvatore Bonaccorso at 2019-05-24T07:42:39Z Add Debian bug reference for CVE-2019-11873 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -960,7 +960,7 @@ CVE-2019-11875 CVE-2019-11874 RESERVED CVE-2019-11873 (wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when ...) - - wolfssl + - wolfssl (bug #929468) CVE-2019-11872 RESERVED CVE-2019-11871 (The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/478c095699051ab936e6dc061db2b58ccdadddad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/478c095699051ab936e6dc061db2b58ccdadddad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-12269/enigmail
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b6ff63ee by Salvatore Bonaccorso at 2019-05-24T07:50:27Z Add fixed version for CVE-2019-12269/enigmail - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -84,7 +84,7 @@ CVE-2019-12271 CVE-2019-12270 (OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configur ...) NOT-FOR-US: OpenText Brava! CVE-2019-12269 (Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PG ...) - - enigmail (bug #929363) + - enigmail 2:2.0.11+ds1-1 (bug #929363) [jessie] - enigmail (see https://lists.debian.org/debian-lts-announce/2019/02/msg2.html) NOTE: https://sourceforge.net/p/enigmail/bugs/983/ CVE-2019-12268 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b6ff63ee5c9ae10cd5104dabf974011c060fb7a1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b6ff63ee5c9ae10cd5104dabf974011c060fb7a1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d0dd2b79 by security tracker role at 2019-05-24T08:10:29Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,9 @@
+CVE-2019-12311
+ RESERVED
+CVE-2019-12310
+ RESERVED
+CVE-2019-12309 (dotCMS before 5.1.0 has a path traversal vulnerability
exploitable by ...)
+ TODO: check
CVE-2019-12308
RESERVED
CVE-2019-12307
@@ -3584,8 +3590,8 @@ CVE-2019-10848
RESERVED
CVE-2019-10847
RESERVED
-CVE-2019-10846
- RESERVED
+CVE-2019-10846 (Computrols CBAS 18.0.0 allows Unauthenticated Reflected
Cross-Site Scr ...)
+ TODO: check
CVE-2019-10845 (An issue was discovered in Uniqkey Password Manager 1.14. When
enterin ...)
NOT-FOR-US: Uniqkey Password Manager
CVE-2019-10844 (nbla/logger.cpp in libnnabla.a in Sony Neural Network
Libraries (aka n ...)
@@ -16840,30 +16846,23 @@ CVE-2019-5806
CVE-2019-5805
RESERVED
- chromium 74.0.3729.108-1
-CVE-2019-5804
- RESERVED
+CVE-2019-5804 (Incorrect command line processing in Chrome in Google Chrome
prior to ...)
- chromium (Windows-specific)
-CVE-2019-5803
- RESERVED
+CVE-2019-5803 (Insufficient policy enforcement in Content Security Policy in
Google C ...)
{DSA-4421-1}
- chromium 73.0.3683.75-1
-CVE-2019-5802
- RESERVED
+CVE-2019-5802 (Incorrect handling of download origins in Navigation in Google
Chrome ...)
{DSA-4421-1}
- chromium 73.0.3683.75-1
-CVE-2019-5801
- RESERVED
+CVE-2019-5801 (Incorrect eliding of URLs in Omnibox in Google Chrome on iOS
prior to ...)
- chromium (iOS specific)
-CVE-2019-5800
- RESERVED
+CVE-2019-5800 (Insufficient policy enforcement in Blink in Google Chrome prior
to 73. ...)
{DSA-4421-1}
- chromium 73.0.3683.75-1
-CVE-2019-5799
- RESERVED
+CVE-2019-5799 (Incorrect inheritance of a new document's policy in Content
Security P ...)
{DSA-4421-1}
- chromium 73.0.3683.75-1
-CVE-2019-5798
- RESERVED
+CVE-2019-5798 (Lack of correct bounds checking in Skia in Google Chrome prior
to 73.0 ...)
{DSA-4448-1 DSA-4421-1 DLA-1800-1}
- chromium 73.0.3683.75-1
- firefox-esr 60.7.0esr-1
@@ -16874,44 +16873,34 @@ CVE-2019-5797
RESERVED
{DSA-4421-1}
- chromium 73.0.3683.75-1
-CVE-2019-5796
- RESERVED
+CVE-2019-5796 (Data race in extensions guest view in Google Chrome prior to
73.0.3683 ...)
{DSA-4421-1}
- chromium 73.0.3683.75-1
-CVE-2019-5795
- RESERVED
+CVE-2019-5795 (Integer overflow in PDFium in Google Chrome prior to
73.0.3683.75 allo ...)
{DSA-4421-1}
- chromium 73.0.3683.75-1
-CVE-2019-5794
- RESERVED
+CVE-2019-5794 (Incorrect handling of cancelled requests in Navigation in
Google Chrom ...)
{DSA-4421-1}
- chromium 73.0.3683.75-1
-CVE-2019-5793
- RESERVED
+CVE-2019-5793 (Insufficient policy enforcement in extensions in Google Chrome
prior t ...)
{DSA-4421-1}
- chromium 73.0.3683.75-1
-CVE-2019-5792
- RESERVED
+CVE-2019-5792 (Integer overflow in PDFium in Google Chrome prior to
73.0.3683.75 allo ...)
{DSA-4421-1}
- chromium 73.0.3683.75-1
-CVE-2019-5791
- RESERVED
+CVE-2019-5791 (Inappropriate optimization in V8 in Google Chrome prior to
73.0.3683.7 ...)
{DSA-4421-1}
- chromium 73.0.3683.75-1
-CVE-2019-5790
- RESERVED
+CVE-2019-5790 (An integer overflow leading to an incorrect capacity of a
buffer in Ja ...)
{DSA-4421-1}
- chromium 73.0.3683.75-1
-CVE-2019-5789
- RESERVED
+CVE-2019-5789 (An integer overflow that leads to a use-after-free in WebMIDI
in Googl ...)
{DSA-4421-1}
- chromium 73.0.3683.75-1
-CVE-2019-5788
- RESERVED
+CVE-2019-5788 (An integer overflow that leads to a use-after-free in Blink
Storage in ...)
{DSA-4421-1}
- chromium 73.0.3683.75-1
-CVE-2019-5787
- RESERVED
+CVE-2019-5787 (Use-after-garbage-collection in Blink in Google Chrome prior to
73.0.3 ...)
{DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5786
@@ -29349,8 +29338,8 @@ CVE-2018-19616 (An issue was discovered in Rockwell
Automation Allen-Bradley Pow
NOT-FOR-US: Rockwell Automation Allen-Bradley PowerMonitor 1000
CVE-2018-19615 (Rockwell Automation Allen-Bradley PowerMonitor 1000 all
versions. A re ...)
NOT-FOR-US: Rockwell Automation Allen-Bradley PowerMonitor 1000
-CVE-2018-19614
- RESERVED
+CVE-2018-19614 (XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo
DR-250 Pre ...)
+ TODO: check
CVE-2018-19613
RESERVED
CVE-2018-19612
@@ -33023,6 +33012,7 @@ CVE-2019-0203
CVE-2019-0202
RESERVED
CVE-2019-0201 (An iss
[Git][security-tracker-team/security-tracker][master] Remove one ignored status for buster for poppler
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: adbe661a by Salvatore Bonaccorso at 2019-05-24T12:41:34Z Remove one ignored status for buster for poppler poppler got an unblock thus the issue is going to be adressed in testing/buster. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3527,7 +3527,6 @@ CVE-2019-10874 (Cross Site Request Forgery (CSRF) in the bolt/upload File Upload NOT-FOR-US: Bolt CMS CVE-2019-10873 (An issue was discovered in Poppler 0.74.0. There is a NULL pointer der ...) - poppler 0.71.0-4 (low; bug #926532) - [buster] - poppler (Minor issue) [stretch] - poppler (Minor issue) [jessie] - poppler (vulnerable code is not present) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/748 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/adbe661a710359ca37b2934d9c69fc2cc8e4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/adbe661a710359ca37b2934d9c69fc2cc8e4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1f007459 by Salvatore Bonaccorso at 2019-05-24T12:47:57Z Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,7 @@ CVE-2019-12311 CVE-2019-12310 RESERVED CVE-2019-12309 (dotCMS before 5.1.0 has a path traversal vulnerability exploitable by ...) - TODO: check + NOT-FOR-US: dotCMS CVE-2019-12308 RESERVED CVE-2019-12307 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f0074590ecb0b41ca6663d0d52b21e37abe79af -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f0074590ecb0b41ca6663d0d52b21e37abe79af You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f334f8e4 by Salvatore Bonaccorso at 2019-05-24T14:34:47Z Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33059,6 +33059,7 @@ CVE-2019-0189 RESERVED CVE-2019-0188 RESERVED + NOT-FOR-US: Apache Camel CVE-2019-0187 (Unauthenticated RCE is possible when JMeter is used in distributed mod ...) - jakarta-jmeter [stretch] - jakarta-jmeter (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f334f8e4e8bf0f32cbfc07c8bb2189456581dab1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f334f8e4e8bf0f32cbfc07c8bb2189456581dab1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c98a3831 by Salvatore Bonaccorso at 2019-05-24T15:30:53Z Process some NFUs - - - - - c1f0cd0c by Salvatore Bonaccorso at 2019-05-24T15:34:24Z Add CVE-2016-7151/capstone - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25,7 +25,7 @@ CVE-2019-12300 (Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submit CVE-2019-12299 RESERVED CVE-2019-12298 (Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds writ ...) - TODO: check + NOT-FOR-US: Leanify CVE-2019-12297 (An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1 ...) NOT-FOR-US: Motorola CVE-2019-12296 @@ -619,7 +619,7 @@ CVE-2019-12044 (A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x befo CVE-2019-12043 (In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, wh ...) NOT-FOR-US: remarkable CVE-2019-12042 (Insecure permissions of the section object Global\PandaDevicesAgentSha ...) - TODO: check + NOT-FOR-US: Panda products CVE-2019-12041 (lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression De ...) NOT-FOR-US: remarkable CVE-2019-12040 @@ -3590,7 +3590,7 @@ CVE-2019-10848 CVE-2019-10847 RESERVED CVE-2019-10846 (Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scr ...) - TODO: check + NOT-FOR-US: Computrols CBAS CVE-2019-10845 (An issue was discovered in Uniqkey Password Manager 1.14. When enterin ...) NOT-FOR-US: Uniqkey Password Manager CVE-2019-10844 (nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka n ...) @@ -29338,7 +29338,7 @@ CVE-2018-19616 (An issue was discovered in Rockwell Automation Allen-Bradley Pow CVE-2018-19615 (Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A re ...) NOT-FOR-US: Rockwell Automation Allen-Bradley PowerMonitor 1000 CVE-2018-19614 (XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre ...) - TODO: check + NOT-FOR-US: Westermo routers CVE-2018-19613 RESERVED CVE-2018-19612 @@ -121734,7 +121734,7 @@ CVE-2017-5873 (Unquoted Windows search path vulnerability in the guest service i CVE-2017-5872 (The TCP/IP networking module in Unisys ClearPath MCP systems with TCP- ...) NOT-FOR-US: Unisys ClearPath CVE-2017-5871 (Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: ...) - TODO: check + NOT-FOR-US: Odoo CVE-2017-5870 (Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.1 ...) NOT-FOR-US: ViMbAdmin CVE-2017-5869 (Directory traversal vulnerability in the file import feature in Nuxeo ...) @@ -145137,7 +145137,9 @@ CVE-2016-7153 (The HTTP/2 protocol does not consider the role of the TCP congest CVE-2016-7152 (The HTTPS protocol does not consider the role of the TCP congestion wi ...) NOTE: CVE assigned for the HTTP/2 protocol issue CVE-2016-7151 (Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a re ...) - TODO: check + - capstone + NOTE: https://github.com/aquynh/capstone/commit/87a25bb543c8e4c09b48d4b4a6c7db31ce58df06 (4.0-alpha4) + NOTE: https://github.com/aquynh/capstone/pull/725 CVE-2016-7150 (Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earl ...) NOT-FOR-US: b2evolution CVE-2016-7149 (Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earl ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f334f8e4e8bf0f32cbfc07c8bb2189456581dab1...c1f0cd0ccc54ba6ab14de55ad06a1473b5145ea1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f334f8e4e8bf0f32cbfc07c8bb2189456581dab1...c1f0cd0ccc54ba6ab14de55ad06a1473b5145ea1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
15819380 by security tracker role at 2019-05-24T20:10:25Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,43 @@
+CVE-2019-12321
+ RESERVED
+CVE-2019-12320
+ RESERVED
+CVE-2019-12319
+ RESERVED
+CVE-2019-12318
+ RESERVED
+CVE-2019-12317
+ RESERVED
+CVE-2019-12316
+ RESERVED
+CVE-2019-12315 (Samsung SCX-824 printers allow a reflected
Cross-Site-Scripting (XSS) ...)
+ TODO: check
+CVE-2019-12314 (Deltek Maconomy 2.2.5 is prone to local file inclusion via
absolute pa ...)
+ TODO: check
+CVE-2019-12313 (XSS exists in Shave before 2.5.3 because output encoding is
mishandled ...)
+ TODO: check
+CVE-2019-12312 (In Libreswan before 3.28, an assertion failure can lead to a
pluto IKE ...)
+ TODO: check
+CVE-2017-18375 (Ampache 3.8.3 allows PHP Object Instantiation via
democratic.ajax.php ...)
+ TODO: check
+CVE-2016-10759 (The Xinha plugin in Precurio 2.1 allows Directory Traversal,
with resu ...)
+ TODO: check
+CVE-2016-10758 (PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by
a .php f ...)
+ TODO: check
+CVE-2016-10757 (In Redaxo 5.2.0, the cron management of the admin panel
suffers from C ...)
+ TODO: check
+CVE-2016-10756 (Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File
Upload becaus ...)
+ TODO: check
+CVE-2016-10755 (AbanteCart 1.2.8 allows SQL Injection via the source_language
paramete ...)
+ TODO: check
+CVE-2016-10754 (modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL
injection ...)
+ TODO: check
+CVE-2016-10753 (e107 2.1.2 allows PHP Object Injection with resultant SQL
injection, b ...)
+ TODO: check
+CVE-2016-10752 (serendipity_moveMediaDirectory in Serendipity 2.0.3 allows
remote atta ...)
+ TODO: check
+CVE-2016-10751 (osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal
via the ...)
+ TODO: check
CVE-2019-12311
RESERVED
CVE-2019-12310
@@ -286,8 +326,8 @@ CVE-2019-12197
RESERVED
CVE-2019-12196
RESERVED
-CVE-2019-12195
- RESERVED
+CVE-2019-12195 (TP-Link TL-WR840N v5 0005 devices allow XSS via the
network name. ...)
+ TODO: check
CVE-2019-12194
RESERVED
CVE-2019-12193
@@ -366,8 +406,7 @@ CVE-2019-12157
RESERVED
CVE-2019-12156
RESERVED
-CVE-2019-12155 [qxl: null pointer dereference while releasing spice resources]
- RESERVED
+CVE-2019-12155 (interface_release_resource in hw/display/qxl.c in QEMU 4.0.0
has a NUL ...)
- qemu (bug #929353)
- qemu-kvm
NOTE: https://www.openwall.com/lists/oss-security/2019/05/22/1
@@ -380,8 +419,8 @@ CVE-2019-12152
RESERVED
CVE-2019-12151
RESERVED
-CVE-2019-12150
- RESERVED
+CVE-2019-12150 (Karamasoft UltimateEditor 1 does not ensure that an uploaded
file is a ...)
+ TODO: check
CVE-2018-20839 (systemd 242 changes the VT1 mode upon a logout, which allows
attackers ...)
- systemd 241-4 (bug #929116)
[stretch] - systemd (Minor issue)
@@ -959,10 +998,10 @@ CVE-2019-11878 (An issue was discovered on XiongMai
Besder IP20H1 V4.02.R12.0003
NOT-FOR-US: XiongMai Besder IP20H1 cameras
CVE-2019-11877
RESERVED
-CVE-2019-11876
- RESERVED
-CVE-2019-11875
- RESERVED
+CVE-2019-11876 (In PrestaShop 1.7.5.2, the shop_country parameter in the
install/index ...)
+ TODO: check
+CVE-2019-11875 (In AutomateAppCore.dll in Blue Prism Robotic Process
Automation 6.4.0. ...)
+ TODO: check
CVE-2019-11874
RESERVED
CVE-2019-11873 (wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in
tls13.c when ...)
@@ -1603,8 +1642,8 @@ CVE-2019-11606 (doorGets 7.0 has a sensitive information
disclosure vulnerabilit
NOT-FOR-US: doorGets
CVE-2019-11605
RESERVED
-CVE-2019-11604
- RESERVED
+CVE-2019-11604 (An issue was discovered in Quest KACE Systems Management
Appliance bef ...)
+ TODO: check
CVE-2019-11603
RESERVED
CVE-2019-11602
@@ -2331,6 +2370,7 @@ CVE-2019-11347
CVE-2018-20817 (SV_SteamAuthClient in various Activision Infinity Ward Call of
Duty ga ...)
NOT-FOR-US: Activision
CVE-2019-11555 (The EAP-pwd implementation in hostapd (EAP server) before 2.8
and wpa_ ...)
+ {DSA-4450-1}
- wpa 2:2.7+git20190128+0c1e29f-5 (bug #927463)
NOTE:
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt
NOTE: Patches: https://w1.fi/security/2019-5/
@@ -3407,6 +3447,7 @@ CVE-2019-10904 (Roundup 1.6 allows XSS via the URI
because frontends/roundup.cgi
NOTE: https://issues.roundup-tracker.org/issue2551035
NOTE:
https://bitbucket.org/python/roundup/commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b35b316f by Salvatore Bonaccorso at 2019-05-24T20:41:17Z Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,7 +13,7 @@ CVE-2019-12316 CVE-2019-12315 (Samsung SCX-824 printers allow a reflected Cross-Site-Scripting (XSS) ...) TODO: check CVE-2019-12314 (Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute pa ...) - TODO: check + NOT-FOR-US: Deltek Maconomy CVE-2019-12313 (XSS exists in Shave before 2.5.3 because output encoding is mishandled ...) TODO: check CVE-2019-12312 (In Libreswan before 3.28, an assertion failure can lead to a pluto IKE ...) @@ -23,7 +23,7 @@ CVE-2017-18375 (Ampache 3.8.3 allows PHP Object Instantiation via democratic.aja CVE-2016-10759 (The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resu ...) TODO: check CVE-2016-10758 (PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php f ...) - TODO: check + NOT-FOR-US: PHPKIT CVE-2016-10757 (In Redaxo 5.2.0, the cron management of the admin panel suffers from C ...) TODO: check CVE-2016-10756 (Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload becaus ...) @@ -31,9 +31,9 @@ CVE-2016-10756 (Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload CVE-2016-10755 (AbanteCart 1.2.8 allows SQL Injection via the source_language paramete ...) TODO: check CVE-2016-10754 (modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection ...) - TODO: check + NOT-FOR-US: Vtiger CRM CVE-2016-10753 (e107 2.1.2 allows PHP Object Injection with resultant SQL injection, b ...) - TODO: check + NOT-FOR-US: e107 CVE-2016-10752 (serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote atta ...) TODO: check CVE-2016-10751 (osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b35b316f5ac05d05f2394c29e976b143b520f215 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b35b316f5ac05d05f2394c29e976b143b520f215 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2017-18375/ampache
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8654763f by Salvatore Bonaccorso at 2019-05-24T20:44:08Z Add CVE-2017-18375/ampache - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19,7 +19,7 @@ CVE-2019-12313 (XSS exists in Shave before 2.5.3 because output encoding is mish CVE-2019-12312 (In Libreswan before 3.28, an assertion failure can lead to a pluto IKE ...) TODO: check CVE-2017-18375 (Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php ...) - TODO: check + - ampache CVE-2016-10759 (The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resu ...) TODO: check CVE-2016-10758 (PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php f ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8654763f239bc362995ffeed92105cb96a419ae1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8654763f239bc362995ffeed92105cb96a419ae1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2016-10752/serendipity
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7aeaa7c8 by Salvatore Bonaccorso at 2019-05-24T20:44:44Z Add CVE-2016-10752/serendipity - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35,7 +35,7 @@ CVE-2016-10754 (modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL inj CVE-2016-10753 (e107 2.1.2 allows PHP Object Injection with resultant SQL injection, b ...) NOT-FOR-US: e107 CVE-2016-10752 (serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote atta ...) - TODO: check + - serendipity CVE-2016-10751 (osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the ...) TODO: check CVE-2019-12311 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7aeaa7c8cd7b6618a7e55763cef5da0659fb7ddb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7aeaa7c8cd7b6618a7e55763cef5da0659fb7ddb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-12312/libreswan
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9e7e49cf by Salvatore Bonaccorso at 2019-05-24T20:59:44Z Add CVE-2019-12312/libreswan - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,7 +17,9 @@ CVE-2019-12314 (Deltek Maconomy 2.2.5 is prone to local file inclusion via absol CVE-2019-12313 (XSS exists in Shave before 2.5.3 because output encoding is mishandled ...) TODO: check CVE-2019-12312 (In Libreswan before 3.28, an assertion failure can lead to a pluto IKE ...) - TODO: check + - libreswan + NOTE: https://github.com/libreswan/libreswan/issues/246 + NOTE: https://github.com/libreswan/libreswan/commit/7142d2c37d58cf024595a7549f0fb0d3946682f8 CVE-2017-18375 (Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php ...) - ampache CVE-2016-10759 (The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resu ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9e7e49cfdbcdbcb64d3234de686a47eac8712c53 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9e7e49cfdbcdbcb64d3234de686a47eac8712c53 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Unmark CVE-2018-20839/systemd
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 224d75ff by Salvatore Bonaccorso at 2019-05-25T07:40:29Z Unmark CVE-2018-20839/systemd - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -424,12 +424,13 @@ CVE-2019-12151 CVE-2019-12150 (Karamasoft UltimateEditor 1 does not ensure that an uploaded file is a ...) TODO: check CVE-2018-20839 (systemd 242 changes the VT1 mode upon a logout, which allows attackers ...) - - systemd 241-4 (bug #929116) + - systemd (bug #929116) [stretch] - systemd (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993 NOTE: https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f NOTE: https://github.com/systemd/systemd/pull/12378 - NOTE: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929229 (regression) + NOTE: The fix introduced a regression, cf. https://bugs.debian.org/929229 + NOTE: Issue was originally fixed for unstable in 241-4 but was reverted in 241-5 CVE-2019-12149 RESERVED CVE-2019-12148 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/224d75ff32b62e31b930bf20fbe9ac96088c10e7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/224d75ff32b62e31b930bf20fbe9ac96088c10e7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
21fb7d50 by security tracker role at 2019-05-25T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -571,7 +571,7 @@ CVE-2019-12088
CVE-2019-12087 (** DISPUTED ** Samsung S9+, S10, and XCover 4 P(9.0) devices
can becom ...)
NOT-FOR-US: Samsung devices
CVE-2019-12086 (A Polymorphic Typing issue was discovered in FasterXML
jackson-databin ...)
- {DLA-1798-1}
+ {DSA-4452-1 DLA-1798-1}
- jackson-databind 2.9.8-2 (bug #929177)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2326
NOTE:
https://github.com/FasterXML/jackson-databind/commit/dda513bd7251b4f32b7b60b1c13740e3b5a43024
@@ -1388,7 +1388,7 @@ CVE-2019-11699
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11699
CVE-2019-11698
RESERVED
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
@@ -1421,7 +1421,7 @@ CVE-2019-11694
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11694
CVE-2019-11693
RESERVED
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
@@ -1431,7 +1431,7 @@ CVE-2019-11693
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11693
CVE-2019-11692
RESERVED
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
@@ -1441,7 +1441,7 @@ CVE-2019-11692
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11692
CVE-2019-11691
RESERVED
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
@@ -6771,7 +6771,7 @@ CVE-2019-9821
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9821
CVE-2019-9820
RESERVED
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
@@ -6781,7 +6781,7 @@ CVE-2019-9820
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9820
CVE-2019-9819
RESERVED
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
@@ -6799,7 +6799,7 @@ CVE-2019-9818
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9818
CVE-2019-9817
RESERVED
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
@@ -6809,7 +6809,7 @@ CVE-2019-9817
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9817
CVE-2019-9816
RESERVED
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
@@ -6879,7 +6879,7 @@ CVE-2019-9801 (Firefox will accept any registered Program
ID as an external prot
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9801
CVE-2019-9800
RESERVED
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox
- firefox-esr 60.7.0esr-1
@@ -6894,7 +6894,7 @@ CVE-2019-9798 (On Android systems, Firefox can load a
library from APITRACE_LIB,
- firefox (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9798
CVE-2019-9797 (Cross-origin images can be read in violation of the same-origin
policy ...)
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
- firefox 66.0-1
- firefox-esr 60.7.0esr-1
- thunderbird 1:60.7.0-1
@@ -13194,7 +13194,7 @@ CVE-2019-7319
CVE-2019-7318
RESERVED
CVE-2019-7317 (png_image_free in png.c in libpng 1.6.36 has a use-after-free
because ...)
- {DSA-4448-1 DSA-4435-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DSA-4435-1 DLA-1800-1}
- libpng1.6 1.6.36-4 (bug #921355)
[experimental] - firefox 67.0-1
- firefox
@@ -16908,7 +16908,7 @@ CVE-2019-5799 (Incorrect inheritance of a new
document's policy in Content Secur
{DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5798 (Lack of correct bounds checking in Skia in Google Chrome
[Git][security-tracker-team/security-tracker][master] Correct source package tracking for CVE-2019-12221
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fae85ac1 by Salvatore Bonaccorso at 2019-05-25T12:50:22Z Correct source package tracking for CVE-2019-12221 After further investigation Hugo Lefeuvre found the root cause for he CVE and can be associated with libsdl2-image and sdl-image1.2. Thus the explicitly added TODO item can be dropped and source packages adjusted accordingly. Details in https://bugzilla.libsdl.org/show_bug.cgi?id=4628#c2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -242,14 +242,13 @@ CVE-2019-1 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4621 TODO: check details and correct vulnerability location CVE-2019-12221 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) - - libsdl2 - [stretch] - libsdl2 (Minor issue) - [jessie] - libsdl2 (Minor issue) - - libsdl1.2 - [stretch] - libsdl1.2 (Minor issue) - [jessie] - libsdl1.2 (Minor issue) + - libsdl2-image + [stretch] - libsdl2-image (Minor issue) + [jessie] - libsdl2-image (Minor issue) + - sdl-image1.2 + [stretch] - sdl-image1.2 (Minor issue) + [jessie] - sdl-image1.2 (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4628 - NOTE: affects libsdl2-image/sdl-image1.2, not libsdl2/libsdl1.2 CVE-2019-12220 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) - libsdl2 [stretch] - libsdl2 (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fae85ac1d5d2f7a9c765f900a3543cbad8b72e33 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fae85ac1d5d2f7a9c765f900a3543cbad8b72e33 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2019-11811/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d4ddab3d by Salvatore Bonaccorso at 2019-05-25T19:25:44Z Update status for CVE-2019-11811/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1144,6 +1144,8 @@ CVE-2019-11815 (An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in NOTE: Fixed by: https://git.kernel.org/linus/cb66ddd156203daefb8d71158036b27b0e2caf63 CVE-2019-11811 (An issue was discovered in the Linux kernel before 5.0.4. There is a u ...) - linux 4.19.37-1 + [stretch] - linux (Vulnerable code not present) + [jessie] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/401e7e88d4ef80188ffa07095ac00456f901b8c4 CVE-2019-11810 (An issue was discovered in the Linux kernel before 5.0.7. A NULL point ...) - linux 4.19.37-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4ddab3daba9f0dfb660ece02329d936233b3d4d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4ddab3daba9f0dfb660ece02329d936233b3d4d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2018-20510
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cd43949d by Salvatore Bonaccorso at 2019-05-25T19:37:19Z Update information for CVE-2018-20510 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22750,6 +22750,7 @@ CVE-2018-20512 (EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of NOT-FOR-US: EPON CPE-WiFi devices CVE-2018-20510 (The print_binder_transaction_ilocked function in drivers/android/binde ...) - linux 4.16.5-1 + [jessie] - linux 3.16.57-1 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8ca86f1639ec5890d400fff9211aca22d0a392eb CVE-2018-20509 (The print_binder_ref_olocked function in drivers/android/binder.c in t ...) - linux 4.14.2-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd43949ddef8ae2f9bd7bd918ae3ede613543a6e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd43949ddef8ae2f9bd7bd918ae3ede613543a6e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6ae76b13 by security tracker role at 2019-05-25T20:10:23Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -3105,6 +3105,7 @@ CVE-2019-11037 (In PHP imagick extension in versions
between 3.3.0 and 3.4.4, wr
NOTE: https://bugs.php.net/bug.php?id=77791
NOTE: https://github.com/mkoppanen/imagick/commits/bugfix_77791
CVE-2019-11036 (When processing certain files, PHP EXIF extension in versions
7.1.x be ...)
+ {DLA-1803-1}
- php7.3 (bug #928421)
- php7.0
[stretch] - php7.0 (Fix along in future update)
@@ -3112,6 +3113,7 @@ CVE-2019-11036 (When processing certain files, PHP EXIF
extension in versions 7.
NOTE: Fixed in 7.1.29, 7.2.18, 7.3.5
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77950
CVE-2019-11035 (When processing certain files, PHP EXIF extension in versions
7.1.x be ...)
+ {DLA-1803-1}
- php7.3 7.3.4-1
- php7.0
[stretch] - php7.0 (Fix along in future update)
@@ -3119,6 +3121,7 @@ CVE-2019-11035 (When processing certain files, PHP EXIF
extension in versions 7.
NOTE: Fixed in 7.1.28, 7.2.17, 7.3.4
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77831
CVE-2019-11034 (When processing certain files, PHP EXIF extension in versions
7.1.x be ...)
+ {DLA-1803-1}
- php7.3 7.3.4-1
- php7.0
[stretch] - php7.0 (Fix along in future update)
@@ -17874,6 +17877,7 @@ CVE-2019-5437 (Information exposure through the
directory listing in npm's harp
NOT-FOR-US: npm harp module
CVE-2019-5436 [TFTP receive buffer overflow]
RESERVED
+ {DLA-1804-1}
- curl (bug #929351)
NOTE: https://curl.haxx.se/docs/CVE-2019-5436.html
NOTE: Introduced by: https://github.com/curl/curl/commit/0516ce7786e95
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6ae76b1370ddc372cc65d6d3c4e5c07696016ccf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6ae76b1370ddc372cc65d6d3c4e5c07696016ccf
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add upstream commit for CVE-2019-10143/freeradius
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c9752b83 by Salvatore Bonaccorso at 2019-05-26T14:45:19Z Add upstream commit for CVE-2019-10143/freeradius - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5266,6 +5266,7 @@ CVE-2019-10144 CVE-2019-10143 (It was discovered freeradius up to and including version 3.0.19 does n ...) - freeradius (unimportant; bug #929466) NOTE: https://github.com/FreeRADIUS/freeradius-server/pull/2666 + NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/1f233773962bf1a9c2d228a180eacddb9db2d574 NOTE: This is not a security issue per se CVE-2019-10142 [drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl] RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c9752b83a773e6ad65866e48a818463a628be355 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c9752b83a773e6ad65866e48a818463a628be355 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-12886/gcc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 425e885c by Salvatore Bonaccorso at 2019-05-26T18:51:31Z Add CVE-2018-12886/gcc This defintively is not DSA material thus go and mark directly any source affecting stable as ignored already as backporting the fix will be quite intrusive. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49750,7 +49750,14 @@ CVE-2018-12888 CVE-2018-12887 RESERVED CVE-2018-12886 (stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in fu ...) - TODO: check + - gcc-snapshot + - gcc-8 + - gcc-7 + - gcc-6 + [stretch] - gcc-6 (Too intrusive to backport) + - gcc-4.9 + - gcc-4.8 + NOTE: https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup CVE-2018-12885 (The randMod() function of the smart contract implementation for MyCryp ...) NOT-FOR-US: MyCryptoChamp CVE-2018-12884 (In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/425e885c945d222ae1ad77f444ddbc88f53daed9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/425e885c945d222ae1ad77f444ddbc88f53daed9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
44f76234 by security tracker role at 2019-05-27T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -529,6 +529,7 @@ CVE-2019-12107 (The upnp_event_prepare function in
upnpevents.c in MiniUPnP Mini
NOTE:
https://github.com/miniupnp/miniupnp/commit/bec6ccec63cadc95655721bc0e1dd49dac759d94
TODO: check, might affect minidlna
CVE-2019-12106 (The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd
1.4 and ...)
+ {DLA-1805-1}
- minissdpd 1.5.20190210-1 (bug #929297)
NOTE:
https://github.com/miniupnp/miniupnp/commit/cd506a67e174a45c6a202eff182a712955ed6d6f
CVE-2019-12105
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/44f762345732b0fba06d3e29a67ecb1de175bba6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/44f762345732b0fba06d3e29a67ecb1de175bba6
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for freeimage issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dff56a0b by Salvatore Bonaccorso at 2019-05-27T10:28:31Z Add bug reference for freeimage issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -290,16 +290,16 @@ CVE-2019-12216 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer CVE-2019-12215 (** DISPUTED ** A full path disclosure vulnerability was discovered in ...) - matomo (bug #448532) CVE-2019-12214 (In FreeImage 3.18.0, an out-of-bounds access occurs because of mishand ...) - - freeimage + - freeimage (bug #929597) NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/ CVE-2019-12213 (When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory ...) - - freeimage + - freeimage (bug #929597) NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/ CVE-2019-12212 (When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize ...) - - freeimage + - freeimage (bug #929597) NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/ CVE-2019-12211 (When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load ...) - - freeimage + - freeimage (bug #929597) NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/ CVE-2019-12210 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dff56a0b50da52ac54c171a3715f7c284dc5366b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dff56a0b50da52ac54c171a3715f7c284dc5366b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2019-12106/minissdpd as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4b4fe260 by Salvatore Bonaccorso at 2019-05-27T12:12:19Z
Mark CVE-2019-12106/minissdpd as no-dsa
- - - - -
ca4a034a by Salvatore Bonaccorso at 2019-05-27T12:12:19Z
Track proposed fix for CVE-2019-12106 via stretch-pu
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=
data/CVE/list
=
@@ -532,6 +532,7 @@ CVE-2019-12107 (The upnp_event_prepare function in
upnpevents.c in MiniUPnP Mini
CVE-2019-12106 (The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd
1.4 and ...)
{DLA-1805-1}
- minissdpd 1.5.20190210-1 (bug #929297)
+ [stretch] - minissdpd (Minor issue)
NOTE:
https://github.com/miniupnp/miniupnp/commit/cd506a67e174a45c6a202eff182a712955ed6d6f
CVE-2019-12105
RESERVED
=
data/next-point-update.txt
=
@@ -81,3 +81,5 @@ CVE-2019-2614
[stretch] - mariadb-10.1 10.1.40-0+deb9u1
CVE-2018-19105
[stretch] - librecad 2.1.2-1+deb9u1
+CVE-2019-12106
+ [stretch] - minissdpd 1.2.20130907-4.1+deb9u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/6a7cb531fab0a2106dd0375c8ecc25634c454909...ca4a034a0e012b218db8ff387b886ab1523d10c0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/6a7cb531fab0a2106dd0375c8ecc25634c454909...ca4a034a0e012b218db8ff387b886ab1523d10c0
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2017-15365: group source package entries
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 34155b2b by Salvatore Bonaccorso at 2019-05-27T15:06:20Z CVE-2017-15365: group source package entries - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -92326,8 +92326,8 @@ CVE-2017-15365 (sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x b - mariadb-10.2 (bug #884065) - mariadb-10.1 1:10.1.34-1 (bug #885345) - mariadb-10.0 - - percona-xtrabackup [jessie] - mariadb-10.0 (vulnerable code not present) + - percona-xtrabackup [jessie] - percona-xtrabackup (vulnerable code not present) - mysql-5.7 - mysql-5.5 (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34155b2b8ef5844af81665dc11e07ef41b364955 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34155b2b8ef5844af81665dc11e07ef41b364955 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2019-12295/wireshark
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9351ed2b by Salvatore Bonaccorso at 2019-05-27T15:07:50Z Add fixed version via unstable for CVE-2019-12295/wireshark - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -76,7 +76,7 @@ CVE-2019-12297 (An issue was discovered in scopd on Motorola routers CX2 1.01 an CVE-2019-12296 RESERVED CVE-2019-12295 (In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the ...) - - wireshark (low; bug #929446) + - wireshark 2.6.8-1.1 (low; bug #929446) [stretch] - wireshark (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9351ed2b7b0baf6536d948b464b0a1911d93accc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9351ed2b7b0baf6536d948b464b0a1911d93accc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference fix for CVE-2018-11802 from the branch_6_6
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 19067384 by Salvatore Bonaccorso at 2019-05-27T18:32:16Z Reference fix for CVE-2018-11802 from the branch_6_6 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -52946,6 +52946,7 @@ CVE-2018-11802 [Rule-base Authorization plugin skips authorization if querying n - lucene-solr [jessie] - lucene-solr (Vulnerable code is not present) NOTE: https://issues.apache.org/jira/browse/SOLR-12514 + NOTE: Fixed by: https://github.com/apache/lucene-solr/commit/add003f217806afb4e1604f697cdb0a5a7115895 (releases/lucene-solr/6.6.6) CVE-2018-11801 RESERVED NOT-FOR-US: Apache Fineract View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/190673842f35dd1c0aef15045e26d8f0154915eb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/190673842f35dd1c0aef15045e26d8f0154915eb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
