[Git][security-tracker-team/security-tracker][master] Cleanup trailing whitespaces
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8836c6da by Salvatore Bonaccorso at 2019-11-07T05:48:33Z Cleanup trailing whitespaces - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -42353,7 +42353,7 @@ CVE-2019-5069 (A code execution vulnerability exists in Epignosis eFront LMS v5. CVE-2019-5068 (An exploitable shared memory permissions vulnerability exists in the f ...) - mesa NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857 - NOTE: https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html + NOTE: https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html CVE-2019-5067 (An uninitialized memory access vulnerability exists in the way Aspose. ...) NOT-FOR-US: Aspose CVE-2019-5066 (An exploitable use-after-free vulnerability exists in the way LZW-comp ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8836c6da2cc98db51a70a2e33fb4d1638bb41ff7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8836c6da2cc98db51a70a2e33fb4d1638bb41ff7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Apache CFX NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 72c12854 by Salvatore Bonaccorso at 2019-11-07T05:48:06Z Add Apache CFX NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21903,6 +21903,7 @@ CVE-2019-12420 RESERVED CVE-2019-12419 RESERVED + NOT-FOR-US: Apache CFX CVE-2019-12418 RESERVED CVE-2019-12417 (A malicious admin user could edit the state of objects in the Airflow ...) @@ -21929,6 +21930,7 @@ CVE-2019-12407 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted - jspwiki CVE-2019-12406 RESERVED + NOT-FOR-US: Apache CFX CVE-2019-12405 (Improper authentication is possible in Apache Traffic Control versions ...) NOT-FOR-US: Apache Traffic Control CVE-2019-12404 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/72c12854c6ad23f3919c8d9e876a2f8f9c7a7d10 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/72c12854c6ad23f3919c8d9e876a2f8f9c7a7d10 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-18684 as unimportant (as non-(security)-issue)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 90e4073e by Salvatore Bonaccorso at 2019-11-07T05:27:54Z Mark CVE-2019-18684 as unimportant (as non-(security)-issue) An attack is only viable if the attacker can write to fd/3. In the concrete case fd/3 would point to /etc/sudoers. Then the only way to write to /proc/$pid/fd/3 would be to have write permission to /etc/sudoers itself. Thanks: Todd C. Miller for the analysis. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2415,8 +2415,10 @@ CVE-2019-18686 CVE-2019-18685 REJECTED CVE-2019-18684 (Sudo through 1.8.29 allows local users to escalate to root if they hav ...) - - sudo + - sudo (unimportant) NOTE: https://gist.github.com/oxagast/51171aa161074188a11d96cbef884bbd + NOTE: Issue is bogus and a non-security issue (confirmed by upstream and in progress + NOTE: of beeing REJECTED). An attack is only viable if the attacker can write to fd/3. CVE-2019-18682 RESERVED CVE-2019-18681 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/90e4073ed312e5f38ae184732d05e5181c1476ed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/90e4073ed312e5f38ae184732d05e5181c1476ed You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream advisory for CVE-2019-3465
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: afa521e5 by Salvatore Bonaccorso at 2019-11-07T05:17:23Z Reference upstream advisory for CVE-2019-3465 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -46065,6 +46065,7 @@ CVE-2019-3465 {DSA-4560-1 DLA-1983-1} - simplesamlphp 1.17.6-2 (bug #944107) NOTE: https://groups.google.com/forum/#!msg/simplesamlphp-announce/2odMqz63z7k/6zQQeM91EwAJ + NOTE: https://simplesamlphp.org/security/201911-01 CVE-2019-3464 (Insufficient sanitization of environment variables passed to rsync can ...) {DSA-4382-1 DLA-1660-1} - rssh 2.3.4-10 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/afa521e5814b3873a5b4458e01c7a6b0895f89fd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/afa521e5814b3873a5b4458e01c7a6b0895f89fd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] org/lts-frontdesk.2020.txt: Take one week per month (except October 2020).
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: 0dde427c by Mike Gabriel at 2019-11-06T22:21:06Z org/lts-frontdesk.2020.txt: Take one week per month (except October 2020). - - - - - 1 changed file: - org/lts-frontdesk.2020.txt Changes: = org/lts-frontdesk.2020.txt = @@ -12,42 +12,42 @@ Who is in charge ? -- From 06-01 to 12-01:Chris Lamb -From 13-01 to 19-01: +From 13-01 to 19-01:Mike Gabriel From 20-01 to 26-01:Thorsten Alteholz From 27-01 to 02-02: From 03-02 to 09-02:Chris Lamb -From 10-02 to 16-02: +From 10-02 to 16-02:Mike Gabriel From 17-02 to 23-02:Thorsten Alteholz From 24-02 to 01-03: From 02-03 to 08-03:Chris Lamb -From 09-03 to 15-03: +From 09-03 to 15-03:Mike Gabriel From 16-03 to 22-03:Thorsten Alteholz From 23-03 to 29-03: From 30-03 to 05-04: From 06-04 to 12-04:Chris Lamb -From 13-04 to 19-04: +From 13-04 to 19-04:Mike Gabriel From 20-04 to 26-04:Thorsten Alteholz From 27-04 to 03-05: From 04-05 to 10-05:Chris Lamb -From 11-05 to 17-05: +From 11-05 to 17-05:Mike Gabriel From 18-05 to 24-05:Thorsten Alteholz From 25-05 to 31-05: From 01-06 to 07-06: From 08-06 to 14-06:Chris Lamb -From 15-06 to 21-06: +From 15-06 to 21-06:Mike Gabriel From 22-06 to 28-06:Thorsten Alteholz From 29-06 to 05-07: From 06-07 to 12-07:Chris Lamb -From 13-07 to 19-07: +From 13-07 to 19-07:Mike Gabriel From 20-07 to 26-07:Thorsten Alteholz From 27-07 to 02-08: From 03-08 to 09-08: -From 10-08 to 16-08: +From 10-08 to 16-08:Mike Gabriel From 17-08 to 23-08:Chris Lamb From 24-08 to 30-08:Thorsten Alteholz From 31-08 to 06-09: From 07-09 to 13-09:Chris Lamb -From 14-09 to 20-09: +From 14-09 to 20-09:Mike Gabriel From 21-09 to 27-09:Thorsten Alteholz From 28-09 to 04-10: From 05-10 to 11-10:Chris Lamb @@ -56,10 +56,10 @@ From 19-10 to 25-10:Thorsten Alteholz From 26-10 to 01-11: From 02-11 to 08-11:Chris Lamb From 09-11 to 15-11:Thorsten Alteholz -From 16-11 to 22-11: +From 16-11 to 22-11:Mike Gabriel From 23-11 to 29-11: From 30-11 to 06-12:Thorsten Alteholz From 07-12 to 13-12:Chris Lamb -From 14-12 to 20-12: +From 14-12 to 20-12:Mike Gabriel From 21-12 to 27-12: From 28-12 to 03-01: View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0dde427c59602e374bda0037e4a3f0f1b0107d11 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0dde427c59602e374bda0037e4a3f0f1b0107d11 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-1879{7,8,9}/libsass
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e130c0ce by Salvatore Bonaccorso at 2019-11-06T20:17:33Z Add CVE-2019-1879{7,8,9}/libsass - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,14 @@ CVE-2019-18800 (Viber through 11.7.0.5 allows a remote attacker who can capture a vict ...) TODO: check CVE-2019-18799 (LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser ...) - TODO: check + - libsass + NOTE: https://github.com/sass/libsass/issues/3001 CVE-2019-18798 (LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::wea ...) - TODO: check + - libsass + NOTE: https://github.com/sass/libsass/issues/2999 CVE-2019-18797 (LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sas ...) - TODO: check + - libsass + NOTE: https://github.com/sass/libsass/issues/3000 CVE-2019-18796 RESERVED CVE-2019-18795 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e130c0ce3842f709abd8c5ad95f8369525cd81fd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e130c0ce3842f709abd8c5ad95f8369525cd81fd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cf258506 by security tracker role at 2019-11-06T20:10:28Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,21 @@ +CVE-2019-18800 (Viber through 11.7.0.5 allows a remote attacker who can capture a vict ...) + TODO: check +CVE-2019-18799 (LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser ...) + TODO: check +CVE-2019-18798 (LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::wea ...) + TODO: check +CVE-2019-18797 (LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sas ...) + TODO: check +CVE-2019-18796 + RESERVED +CVE-2019-18795 + RESERVED +CVE-2019-18794 + RESERVED +CVE-2019-18793 + RESERVED +CVE-2017-18639 (Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : ...) + TODO: check CVE-2019-18792 RESERVED CVE-2019-18791 @@ -13801,8 +13819,7 @@ CVE-2019-14849 RESERVED CVE-2019-14848 RESERVED -CVE-2019-14847 - RESERVED +CVE-2019-14847 (A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x b ...) - samba 2:4.11.0+dfsg-6 [buster] - samba (Minor issue) [stretch] - samba (Minor issue) @@ -13842,8 +13859,7 @@ CVE-2019-14835 (A buffer overflow flaw was found, in versions from 2.6.34 to 5.2 NOTE: https://git.kernel.org/linus/060423bfdee3f8bc6e2c1bac97de24d5415e2bc4 CVE-2019-14834 RESERVED -CVE-2019-14833 - RESERVED +CVE-2019-14833 (A flaw was found in Samba, all versions starting samba 4.5.0 before sa ...) - samba 2:4.11.1+dfsg-2 [buster] - samba (Minor issue) [stretch] - samba (Minor issue) @@ -20103,18 +20119,18 @@ CVE-2019-13083 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+ NOT-FOR-US: XnView CVE-2019-13082 (Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_ ...) NOT-FOR-US: Chamilo LMS -CVE-2019-13081 - RESERVED -CVE-2019-13080 - RESERVED -CVE-2019-13079 - RESERVED -CVE-2019-13078 - RESERVED -CVE-2019-13077 - RESERVED -CVE-2019-13076 - RESERVED +CVE-2019-13081 (Quest KACE Systems Management Appliance Server Center 9.1.317 has an X ...) + TODO: check +CVE-2019-13080 (Quest KACE Systems Management Appliance Server Center 9.1.317 has an X ...) + TODO: check +CVE-2019-13079 (Quest KACE Systems Management Appliance Server Center 9.1.317 is vulne ...) + TODO: check +CVE-2019-13078 (Quest KACE Systems Management Appliance Server Center 9.1.317 is vulne ...) + TODO: check +CVE-2019-13077 (Quest KACE Systems Management Appliance Server Center 9.1.317 has an X ...) + TODO: check +CVE-2019-13076 (Quest KACE Systems Management Appliance Server Center 9.1.317 is vulne ...) + TODO: check CVE-2019-13075 (Tor Browser through 8.5.3 has an information exposure vulnerability. I ...) - firefox-esr 68.2.0esr-1 (unimportant) - firefox 68.0-1 (unimportant) @@ -20565,10 +20581,10 @@ CVE-2019-12920 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 d NOT-FOR-US: Shenzhen Cylan Clever Dog Smart Cameraa DOG-2W and DOG-2W-V4 devices CVE-2019-12919 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices ...) NOT-FOR-US: Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices -CVE-2019-12918 - RESERVED -CVE-2019-12917 - RESERVED +CVE-2019-12918 (Quest KACE Systems Management Appliance Server Center version 9.1.317 ...) + TODO: check +CVE-2019-12917 (A reflected XSS vulnerability exists in Quest KACE Systems Management ...) + TODO: check CVE-2019-12916 RESERVED CVE-2019-12915 @@ -27017,8 +27033,8 @@ CVE-2019-10567 RESERVED CVE-2019-10566 RESERVED -CVE-2019-10565 - RESERVED +CVE-2019-10565 (Double free issue can happen when sensor power settings is freed by so ...) + TODO: check CVE-2019-10564 RESERVED CVE-2019-10563 @@ -27066,10 +27082,10 @@ CVE-2019-10544 RESERVED CVE-2019-10543 RESERVED -CVE-2019-10542 - RESERVED -CVE-2019-10541 - RESERVED +CVE-2019-10542 (Buffer over-read may occur when downloading a corrupted firmware file ...) + TODO: check +CVE-2019-10541 (Dereference on uninitialized buffer can happen when parsing FLV clip w ...) + TODO: check CVE-2019-10540 (Buffer overflow in WLAN NAN function due to lack of check of count val ...) NOT-FOR-US: Snapdragon CVE-2019-10539 (Possible buffer overflow issue due to lack of length check when parsin ...) @@ -27082,33 +27098,33 @@ CVE-2019-10536 RESERVED CVE-2019-10535 RESERVED -CVE-2019-10534 - RESERVED -CVE-2019-10533 - RESERVED +CVE-2019-10534
[Git][security-tracker-team/security-tracker][master] 2 commits: Add information from CVE-2019-2214
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 50ba07bc by Salvatore Bonaccorso at 2019-11-06T19:57:41Z Add information from CVE-2019-2214 - - - - - d5a1774e by Salvatore Bonaccorso at 2019-11-06T19:58:00Z Update information on CVE-2019-2213 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -50775,11 +50775,13 @@ CVE-2019-2215 (A use-after-free in binder.c allows an elevation of privilege fro NOTE: Fixed by: https://git.kernel.org/linus/f5cb779ba16334b45ba8946d6bfa6d9834d1527f CVE-2019-2214 RESERVED - - linux + - linux 5.2.6-1 NOTE: https://lore.kernel.org/driverdev-devel/20190709110923.220736-1-m...@android.com/ + NOTE: https://git.kernel.org/linus/a56587065094fd96eb4c2b5ad65571daad32156d CVE-2019-2213 RESERVED - - linux + - linux 5.2.6-1 + [buster] - linux 4.19.67-1 NOTE: https://lore.kernel.org/patchwork/patch/1087916/ CVE-2019-2212 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/3a443b1f6a4757ec83cce8abcda444a63fe33e40...d5a1774e2e1b7c0f62c7914e1cd7a40a1dc81a4c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/3a443b1f6a4757ec83cce8abcda444a63fe33e40...d5a1774e2e1b7c0f62c7914e1cd7a40a1dc81a4c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2019-9466
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3a443b1f by Salvatore Bonaccorso at 2019-11-06T19:49:27Z Update information for CVE-2019-9466 Do not mark it yet as full duplicate as want to check with Android if the CVE was on purpose seprately assigned distinct from CVE-2019-9503. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31138,8 +31138,11 @@ CVE-2019-9467 NOT-FOR-US: LG components for Android CVE-2019-9466 RESERVED - - linux + - linux 4.19.37-4 + [stretch] - linux 4.9.168-1+deb9u3 + [jessie] - linux 3.16.68-1 NOTE: https://patchwork.kernel.org/patch/10812613/ + NOTE: Duplicate of CVE-2019-9503. CVE-2019-9465 RESERVED CVE-2019-9464 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a443b1f6a4757ec83cce8abcda444a63fe33e40 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a443b1f6a4757ec83cce8abcda444a63fe33e40 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: cd8297cc by Henri Salo at 2019-11-06T18:55:04Z NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13275,8 +13275,10 @@ CVE-2019-15005 RESERVED CVE-2019-15004 RESERVED + NOT-FOR-US: Atlassian CVE-2019-15003 RESERVED + NOT-FOR-US: Atlassian CVE-2019-15002 RESERVED CVE-2019-15001 (The Jira Importers Plugin in Atlassian Jira Server and Data Cente from ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd8297cc2a65a337411f867337e19c1b0add4344 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd8297cc2a65a337411f867337e19c1b0add4344 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs and some generic issues from current Android release
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: e0bea478 by Moritz Muehlenhoff at 2019-11-06T17:57:07Z NFUs and some generic issues from current Android release - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27004,6 +27004,7 @@ CVE-2019-10572 RESERVED CVE-2019-10571 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10570 RESERVED CVE-2019-10569 @@ -27028,6 +27029,7 @@ CVE-2019-10560 RESERVED CVE-2019-10559 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10558 RESERVED CVE-2019-10557 @@ -27036,6 +27038,7 @@ CVE-2019-10556 RESERVED CVE-2019-10555 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10554 RESERVED CVE-2019-10553 @@ -27056,6 +27059,7 @@ CVE-2019-10546 RESERVED CVE-2019-10545 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10544 RESERVED CVE-2019-10543 @@ -27086,6 +27090,7 @@ CVE-2019-10531 RESERVED CVE-2019-10530 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10529 RESERVED CVE-2019-10528 @@ -27106,6 +27111,7 @@ CVE-2019-10521 RESERVED CVE-2019-10520 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10519 RESERVED CVE-2019-10518 @@ -27124,6 +27130,7 @@ CVE-2019-10512 RESERVED CVE-2019-10511 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10510 (BT process died and BT toggled due to null pointer dereference when in ...) NOT-FOR-US: Snapdragon CVE-2019-10509 (Device record of the pairing device used after free during ACL disconn ...) @@ -27160,6 +27167,7 @@ CVE-2019-10494 RESERVED CVE-2019-10493 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10492 (Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon ...) NOT-FOR-US: Snapdragon CVE-2019-10491 @@ -27176,8 +27184,10 @@ CVE-2019-10486 RESERVED CVE-2019-10485 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10484 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10483 RESERVED CVE-2019-10482 @@ -31123,8 +31133,11 @@ CVE-2019-9468 RESERVED CVE-2019-9467 RESERVED + NOT-FOR-US: LG components for Android CVE-2019-9466 RESERVED + - linux + NOTE: https://patchwork.kernel.org/patch/10812613/ CVE-2019-9465 RESERVED CVE-2019-9464 @@ -50500,8 +50513,10 @@ CVE-2019-2339 RESERVED CVE-2019-2338 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-2337 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-2336 RESERVED CVE-2019-2335 @@ -50534,10 +50549,13 @@ CVE-2019-2322 (Buffer overflow can occur when playing specific clip which is non NOT-FOR-US: Qualcomm components for Android CVE-2019-2321 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-2320 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-2319 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-2318 RESERVED CVE-2019-2317 @@ -50556,6 +50574,7 @@ CVE-2019-2311 RESERVED CVE-2019-2310 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-2309 (While storing calibrated data from firmware in cache, An integer overf ...) NOT-FOR-US: Snapdragon CVE-2019-2308 (User application could potentially make RPC call to the fastrpc driver ...) @@ -50600,6 +50619,7 @@ CVE-2019-2289 RESERVED CVE-2019-2288 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-2287 (Improper validation for inputs received from firmware can lead to an o ...) NOT-FOR-US: Snapdragon CVE-2019-2286 @@ -50710,6 +50730,7 @@ CVE-2019-2234 RESERVED CVE-2019-2233 RESERVED + NOT-FOR-US: Android CVE-2019-2232 RESERVED CVE-2019-2231 @@ -50749,50 +50770,80 @@ CVE-2019-2215 (A use-after-free in binder.c allows an elevation of privilege fro NOTE: Fixed by: https://git.kernel.org/linus/f5cb779ba16334b45ba8946d6bfa6d9834d1527f CVE-2019-2214 RESERVED + - linux + NOTE: https://lore.kernel.org/driverdev-devel/20190709110923.220736-1-m...@android.com/ CVE-2019-2213 RESERVED + - linux + NOTE: https://lore.kernel.org/patchwork/patch/1087916/ CVE-2019-2212 RESERVED + - libc++ + - llvm-toolchain-6.0 + - llvm-toolchain-7.0 + NOTE: https://android.googlesource.com/platform/external/libcxx/+/4cebe6f1f01a34546b3b843b5267619a61bd7d39 + TODO: check CVE-2019-2211 RESERVED + NOT-FOR-US:
[Git][security-tracker-team/security-tracker][master] Track phpmyadmin as proposed via stretch-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 55503a74 by Salvatore Bonaccorso at 2019-11-06T13:42:13Z Track phpmyadmin as proposed via stretch-pu - - - - - 2 changed files: - data/CVE/list - data/next-oldstable-point-update.txt Changes: = data/CVE/list = @@ -21325,6 +21325,7 @@ CVE-2019-12617 (In SilverStripe through 4.3.3, there is access escalation for CM CVE-2019-12616 (An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability wa ...) {DLA-1821-1} - phpmyadmin (bug #930017) + [stretch] - phpmyadmin (Minor issue; can be fixed via point release) NOTE: https://www.phpmyadmin.net/security/PMASA-2019-4/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec CVE-2019-12613 @@ -23494,6 +23495,7 @@ CVE-2019-11769 (An issue was discovered in TeamViewer 14.2.2558. Updating the pr NOT-FOR-US: TeamViewer CVE-2019-11768 (An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability ...) - phpmyadmin (bug #930048) + [stretch] - phpmyadmin (Minor issue; can be fixed via point release) [jessie] - phpmyadmin (vulnerable code is not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2019-3/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee86 @@ -37941,11 +37943,13 @@ CVE-2019-6800 (In TitanHQ SpamTitan through 7.03, a vulnerability exists in the CVE-2019-6799 (An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbi ...) {DLA-1692-1} - phpmyadmin (bug #920823) + [stretch] - phpmyadmin (Minor issue; can be fixed via point release) NOTE: https://www.phpmyadmin.net/security/PMASA-2019-1/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/aeac90623e525057a7672ab3d98154b5c57c15ec NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c5e01f84ad48c5c626001cb92d7a95500920a900 CVE-2019-6798 (An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability wa ...) - phpmyadmin (bug #920822) + [stretch] - phpmyadmin (Minor issue; can be fixed via point release) [jessie] - phpmyadmin (Vulnerable code introduced later >= 4.5.0) NOTE: https://www.phpmyadmin.net/security/PMASA-2019-2/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/469934cf7d3bd19a839eb78670590f7511399435 @@ -51448,6 +51452,7 @@ CVE-2018-19971 (JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. ...) CVE-2018-19970 (In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navi ...) {DLA-1658-1} - phpmyadmin + [stretch] - phpmyadmin (Minor issue; can be fixed via point release) NOTE: https://www.phpmyadmin.net/security/PMASA-2018-8/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b293ff5f234ef493336ed8638f623a12164d359e CVE-2018-19969 (phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a s ...) @@ -51459,6 +51464,7 @@ CVE-2018-19969 (phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected CVE-2018-19968 (An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents o ...) {DLA-1658-1} - phpmyadmin + [stretch] - phpmyadmin (Minor issue; can be fixed via point release) NOTE: https://www.phpmyadmin.net/security/PMASA-2018-6/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732 CVE-2018-19959 = data/next-oldstable-point-update.txt = @@ -64,3 +64,17 @@ CVE-2016-9112 [stretch] - openjpeg2 2.1.2-1.1+deb9u4 CVE-2019-14806 [stretch] - python-werkzeug 0.11.15+dfsg1-1+deb9u1 +CVE-2018-7260 + [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 +CVE-2018-19968 + [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 +CVE-2018-19970 + [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 +CVE-2019-6799 + [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 +CVE-2019-6798 + [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 +CVE-2019-11768 + [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 +CVE-2019-12616 + [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/55503a74774e97e76e3e9ba8c512a6a2cb0b9d11 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/55503a74774e97e76e3e9ba8c512a6a2cb0b9d11 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] fix simplesamlphp
Thijs Kinkhorst pushed to branch master at Debian Security Tracker / security-tracker Commits: 92be510f by Thijs Kinkhorst at 2019-11-06T12:20:33Z fix simplesamlphp - - - - - 4 changed files: - data/CVE/list - data/DLA/list - data/DSA/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -46022,7 +46022,7 @@ CVE-2019-3466 RESERVED CVE-2019-3465 RESERVED - - simplesamlphp (bug #944107) + - simplesamlphp 1.17.6-2 (bug #944107) NOTE: https://groups.google.com/forum/#!msg/simplesamlphp-announce/2odMqz63z7k/6zQQeM91EwAJ CVE-2019-3464 (Insufficient sanitization of environment variables passed to rsync can ...) {DSA-4382-1 DLA-1660-1} = data/DLA/list = @@ -1,3 +1,6 @@ +[06 Nov 2019] DLA-1983-1 simplesamlphp - security update + {CVE-2019-3465} + [jessie] - simplesamlphp 1.13.1-2+deb8u3 [05 Nov 2019] DLA-1982-1 openafs - security update {CVE-2019-18601 CVE-2019-18602 CVE-2019-18603} [jessie] - openafs 1.6.9-2+deb8u9 = data/DSA/list = @@ -1,3 +1,7 @@ +[06 Nov 2019] DSA-4560-1 simplesamlphp - security update + {CVE-2019-3465} + [stretch] - simplesamlphp 1.14.11-1+deb9u2 + [buster] - simplesamlphp 1.16.3-1+deb10u1 [05 Nov 2019] DSA-4559-1 proftpd-dfsg - security update {CVE-2019-18217} [stretch] - proftpd-dfsg 1.3.5b-4+deb9u2 = data/dsa-needed.txt = @@ -53,8 +53,6 @@ python-ecdsa (seb) -- python-reportlab (hle) -- -simplesamlphp/oldstable --- slurm-llnl (jmm) -- smarty3/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92be510f4392e91055ae2d9b30bfb02ef655ab72 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92be510f4392e91055ae2d9b30bfb02ef655ab72 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] add reference for mesa issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 29a99e58 by Moritz Muehlenhoff at 2019-11-06T10:18:16Z add reference for mesa issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -42309,6 +42309,7 @@ CVE-2019-5069 (A code execution vulnerability exists in Epignosis eFront LMS v5. CVE-2019-5068 (An exploitable shared memory permissions vulnerability exists in the f ...) - mesa NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857 + NOTE: https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html CVE-2019-5067 (An uninitialized memory access vulnerability exists in the way Aspose. ...) NOT-FOR-US: Aspose CVE-2019-5066 (An exploitable use-after-free vulnerability exists in the way LZW-comp ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/29a99e581b421092f354a947c23ee198fa7475dc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/29a99e581b421092f354a947c23ee198fa7475dc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix version for CVE-2019-9656/libofx
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 20c97155 by Salvatore Bonaccorso at 2019-11-06T09:47:48Z Fix version for CVE-2019-9656/libofx - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -63,7 +63,7 @@ CVE-2018-20847 CVE-2019-14806 [buster] - python-werkzeug 0.14.1+dfsg1-4+deb10u1 CVE-2019-9656 - [buster] - libofx 0.9.14-1+deb10u1 + [buster] - libofx 1:0.9.14-1+deb10u1 CVE-2019-17594 [buster] - ncurses 6.1+20181013-2+deb10u2 CVE-2019-17595 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/20c971555c4696434326a9a967a57735ccbbfc32 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/20c971555c4696434326a9a967a57735ccbbfc32 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fcaa8327 by Salvatore Bonaccorso at 2019-11-06T08:56:36Z Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -51517,15 +51517,15 @@ CVE-2019-1984 (A vulnerability in Cisco Enterprise Network Functions Virtualizat CVE-2019-1983 RESERVED CVE-2019-1982 (A vulnerability in the HTTP traffic filtering component of Cisco Firep ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-1981 (A vulnerability in the normalization functionality of Cisco Firepower ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-1980 (A vulnerability in the protocol detection component of Cisco Firepower ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-1979 RESERVED CVE-2019-1978 (A vulnerability in the stream reassembly component of Cisco Firepower ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-1977 (A vulnerability within the Endpoint Learning feature of Cisco Nexus 90 ...) NOT-FOR-US: Cisco CVE-2019-1976 (A vulnerability in the ldquo;plug-and-playrdquo; services co ...) @@ -51727,7 +51727,7 @@ CVE-2019-1879 (A vulnerability in the CLI of Cisco Integrated Management Control CVE-2019-1878 (A vulnerability in the Cisco Discovery Protocol (CDP) implementation f ...) NOT-FOR-US: Cisco CVE-2019-1877 (A vulnerability in the HTTP API of Cisco Enterprise Chat and Email cou ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-1876 (A vulnerability in the HTTPS proxy feature of Cisco Wide Area Applicat ...) NOT-FOR-US: Cisco CVE-2019-1875 (A vulnerability in the web-based management interface of Cisco Prime S ...) @@ -52037,7 +52037,7 @@ CVE-2019-1736 CVE-2019-1735 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1734 (A vulnerability in the implementation of a CLI diagnostic command in C ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-1733 (A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX- ...) NOT-FOR-US: Cisco CVE-2019-1732 (A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco ...) @@ -57610,37 +57610,37 @@ CVE-2018-19169 CVE-2018-19168 (Shell Metacharacter Injection in www/modules/save.php in FruityWifi (a ...) NOT-FOR-US: FruityWifi CVE-2018-19167 (CloakCoin through 2.2.2.0 (a chain-based proof-of-stake cryptocurrency ...) - TODO: check + NOT-FOR-US: CloakCoin CVE-2018-19166 (peercoin through 0.6.4 (a chain-based proof-of-stake cryptocurrency) a ...) - TODO: check + NOT-FOR-US: peercoin CVE-2018-19165 (neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) all ...) - TODO: check + NOT-FOR-US: neblio CVE-2018-19164 (reddcoin through 2.1.0.5 (a chain-based proof-of-stake cryptocurrency) ...) - TODO: check + NOT-FOR-US: reddcoin CVE-2018-19163 (stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) ...) - TODO: check + NOT-FOR-US: stratisX CVE-2018-19162 (Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allow ...) - TODO: check + NOT-FOR-US: Divi CVE-2018-19161 (alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows ...) - TODO: check + NOT-FOR-US: alqo CVE-2018-19160 (Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency) ...) - TODO: check + NOT-FOR-US: Diamond CVE-2018-19159 (lux through 5.2.2 (a chain-based proof-of-stake cryptocurrency) allows ...) - TODO: check + NOT-FOR-US: lux CVE-2018-19158 (ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurre ...) NOT-FOR-US: ColossusCoinXT CVE-2018-19157 (Phore through 1.3.3.1 (a chain-based proof-of-stake cryptocurrency) al ...) - TODO: check + NOT-FOR-US: Phore CVE-2018-19156 (PIVX through 3.1.03 (a chain-based proof-of-stake cryptocurrency) allo ...) - TODO: check + NOT-FOR-US: PIVX CVE-2018-19155 (navcoin through 4.3.0 (a chain-based proof-of-stake cryptocurrency) al ...) - TODO: check + NOT-FOR-US: navcoin CVE-2018-19154 (HTMLCOIN through 2.12 (a chain-based proof-of-stake cryptocurrency) al ...) - TODO: check + NOT-FOR-US: HTMLCOIN CVE-2018-19153 (particl through 0.17 (a chain-based proof-of-stake cryptocurrency) all ...) - TODO: check + NOT-FOR-US: particl CVE-2018-19152 (emercoin through 0.7 (a chain-based proof-of-stake cryptocurrency) all ...) - TODO: check + NOT-FOR-US: emercoin CVE-2018-19151 (qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows ...) NOT-FOR-US: qtum CVE-2018-19150 (Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdffor ...) View it on GitLab:
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-5068/mesa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c9e6d15c by Salvatore Bonaccorso at 2019-11-06T08:47:25Z Add CVE-2019-5068/mesa Packages embedding (and using) mesa might need to be checked as well. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -42307,7 +42307,8 @@ CVE-2019-5070 (An exploitable SQL injection vulnerability exists in the unauthen CVE-2019-5069 (A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. ...) NOT-FOR-US: Epignosis eFront LMS CVE-2019-5068 (An exploitable shared memory permissions vulnerability exists in the f ...) - TODO: check + - mesa + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857 CVE-2019-5067 (An uninitialized memory access vulnerability exists in the way Aspose. ...) NOT-FOR-US: Aspose CVE-2019-5066 (An exploitable use-after-free vulnerability exists in the way LZW-comp ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c9e6d15c3d402ead7005806460410d6d2f731f9c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c9e6d15c3d402ead7005806460410d6d2f731f9c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 7545395e by Moritz Muehlenhoff at 2019-11-06T08:28:19Z NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,7 +13,7 @@ CVE-2019-18787 CVE-2019-18785 RESERVED CVE-2019-18784 (SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to ...) - TODO: check + NOT-FOR-US: SuiteCRM CVE-2019-18783 RESERVED CVE-2019-18782 @@ -2417,7 +2417,7 @@ CVE-2019-18683 (An issue was discovered in drivers/media/platform/vivid in the L CVE-2019-18675 RESERVED CVE-2019-18674 (An issue was discovered in Joomla! before 3.9.13. A missing access che ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2019-18673 (On SHIFT BitBox02 devices, a side channel for the row-based OLED displ ...) NOT-FOR-US: SHIFT BitBox02 devices CVE-2019-18672 @@ -2465,7 +2465,7 @@ CVE-2019-18652 CVE-2019-18651 RESERVED CVE-2019-18650 (An issue was discovered in Joomla! before 3.9.13. A missing token chec ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2018-21030 (Jupyter Notebook before 5.5.0 does not use a CSP header to treat serve ...) - jupyter-notebook 5.7.4-1 NOTE: https://github.com/jupyter/notebook/pull/3341 @@ -7011,9 +7011,9 @@ CVE-2019-17214 (The WebARX plugin 1.3.0 for WordPress allows firewall bypass by CVE-2019-17213 (The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS v ...) NOT-FOR-US: WebARX plugin for WordPress CVE-2019-17212 (Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5. ...) - TODO: check + NOT-FOR-US: Arm Mbed OS CVE-2019-17211 (An integer overflow was discovered in the CoAP library in Arm Mbed OS ...) - TODO: check + NOT-FOR-US: Arm Mbed OS CVE-2019-17210 (A denial-of-service issue was discovered in the MQTT library in Arm Mb ...) NOT-FOR-US: Arm Mbed OS CVE-2019-17209 @@ -9349,7 +9349,7 @@ CVE-2019-16286 CVE-2019-16285 RESERVED CVE-2019-16284 (A potential security vulnerability has been identified in multiple HP ...) - TODO: check + NOT-FOR-US: HP CVE-2019-16283 RESERVED CVE-2019-16282 (In NCH Express Invoice v7.12, persistent cross site scripting (XSS) ex ...) @@ -34433,19 +34433,19 @@ CVE-2019-8235 (An insecure direct object reference (IDOR) vulnerability exists i CVE-2019-8234 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site r ...) NOT-FOR-US: Adobe CVE-2019-8233 (In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8232 (In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 pr ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8231 (In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8230 (In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenti ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8229 (In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authent ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8228 (in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenti ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8227 (In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenti ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8226 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8225 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) @@ -34581,111 +34581,111 @@ CVE-2019-8161 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2 CVE-2019-8160 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8159 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8158 (An XPath entity injection vulnerability exists in Magento 2.2 prior to ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8157 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8156 (A server-side request forgery (SSRF) vulnerability exists in Magento 2 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8155 (Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8154 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8153 (A mitigation bypass to prevent cross-site scripting (XSS) exists
[Git][security-tracker-team/security-tracker][master] dla: claim sudo
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: c52353fd by Sylvain Beucler at 2019-11-06T08:18:47Z dla: claim sudo - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -129,6 +129,8 @@ slurm-llnl NOTE: 20191022: Big chunk to backport afa7d743f407c60a7c8a4bd98a10be32c82988b5 and NOTE: 20191022: 750cc23edcc6fddfff21d33bdaf4fb7deb28cfda would be a start.(abhijith) -- +sudo (Sylvain Beucler) +-- thunderbird (Emilio) NOTE: 20191105: toolchain almost ready (waiting for NEW) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c52353fd926d043fb74658d436dd5aec1c5137cc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c52353fd926d043fb74658d436dd5aec1c5137cc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e83c53f4 by security tracker role at 2019-11-06T08:10:18Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,26 @@ -CVE-2019-18786 [media: rcar_drif: fix a memory disclosure] +CVE-2019-18792 + RESERVED +CVE-2019-18791 + RESERVED +CVE-2019-18790 + RESERVED +CVE-2019-18789 + RESERVED +CVE-2019-18788 + RESERVED +CVE-2019-18787 + RESERVED +CVE-2019-18785 + RESERVED +CVE-2019-18784 (SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to ...) + TODO: check +CVE-2019-18783 + RESERVED +CVE-2019-18782 + RESERVED +CVE-2019-18781 + RESERVED +CVE-2019-18786 (In the Linux kernel through 5.3.8, f-fmt.sdr.reserved is uninitial ...) - linux NOTE: https://patchwork.linuxtv.org/patch/59542/ CVE-2019-18780 (An arbitrary command injection vulnerability in the Cluster Server com ...) @@ -2394,8 +2416,8 @@ CVE-2019-18683 (An issue was discovered in drivers/media/platform/vivid in the L NOTE: https://www.openwall.com/lists/oss-security/2019/11/02/1 CVE-2019-18675 RESERVED -CVE-2019-18674 - RESERVED +CVE-2019-18674 (An issue was discovered in Joomla! before 3.9.13. A missing access che ...) + TODO: check CVE-2019-18673 (On SHIFT BitBox02 devices, a side channel for the row-based OLED displ ...) NOT-FOR-US: SHIFT BitBox02 devices CVE-2019-18672 @@ -2442,8 +2464,8 @@ CVE-2019-18652 RESERVED CVE-2019-18651 RESERVED -CVE-2019-18650 - RESERVED +CVE-2019-18650 (An issue was discovered in Joomla! before 3.9.13. A missing token chec ...) + TODO: check CVE-2018-21030 (Jupyter Notebook before 5.5.0 does not use a CSP header to treat serve ...) - jupyter-notebook 5.7.4-1 NOTE: https://github.com/jupyter/notebook/pull/3341 @@ -3020,12 +3042,15 @@ CVE-2019-18467 CVE-2019-18466 (An issue was discovered in Podman in libpod before 1.6.0. It resolves ...) NOT-FOR-US: libpod (podman library used to create container pods) CVE-2019-18601 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of ser ...) + {DLA-1982-1} - openafs 1.8.5-1 (bug #943587) NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-003.txt CVE-2019-18602 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an informatio ...) + {DLA-1982-1} - openafs 1.8.5-1 (bug #943587) NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-002.txt CVE-2019-18603 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information l ...) + {DLA-1982-1} - openafs 1.8.5-1 (bug #943587) NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-001.txt CVE-2019-18465 (In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has be ...) @@ -3612,7 +3637,7 @@ CVE-2019-18218 (cdf_read_property_info in cdf.c in file through 5.37 does not re NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780 NOTE: https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 CVE-2019-18217 (ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauth ...) - {DLA-1974-1} + {DSA-4559-1 DLA-1974-1} - proftpd-dfsg 1.3.6a-2 (bug #942831) NOTE: https://github.com/proftpd/proftpd/commit/13fe9462787b9a551152162f46f1641d65fe4df4 NOTE: https://github.com/proftpd/proftpd/issues/846 @@ -5798,7 +5823,7 @@ CVE-2019-17626 (ReportLab through 3.5.26 allows remote code execution because of NOTE: https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code CVE-2019-17625 (There is a stored XSS in Rambox 0.6.9 that can lead to code execution. ...) NOT-FOR-US: Rambox -CVE-2019-17624 (In X.Org X Server 1.20.4, there is a stack-based buffer overflow in th ...) +CVE-2019-17624 ("" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in ...) - xorg-server NOTE: https://packetstormsecurity.com/files/154868/X.Org-X-Server-1.20.4-Local-Stack-Overflow.html CVE-2019-17623 @@ -9323,8 +9348,8 @@ CVE-2019-16286 RESERVED CVE-2019-16285 RESERVED -CVE-2019-16284 - RESERVED +CVE-2019-16284 (A potential security vulnerability has been identified in multiple HP ...) + TODO: check CVE-2019-16283 RESERVED CVE-2019-16282 (In NCH Express Invoice v7.12, persistent cross site scripting (XSS) ex ...) @@ -28311,8 +28336,7 @@ CVE-2019-10086 (In Apache Commons Beanutils 1.9.2, a special BeanIntrospector cl NOTE: https://github.com/apache/commons-beanutils/commit/dd48f4e589462a8cdb1f29bbbccb35d6b0291d58 CVE-2019-10085 (In Apache Allura prior to 1.11.0, a vulnerability exists for stored XS ...) NOT-FOR-US: Apache