Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e803dd70 by security tracker role at 2019-02-11T20:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2019-7744
+ RESERVED
+CVE-2019-7743
+ RESERVED
+CVE-2019-7742
+ RESERVED
+CVE-2019-7741
+ RESERVED
+CVE-2019-7740
+ RESERVED
+CVE-2019-7739
+ RESERVED
+CVE-2019-7738
+ RESERVED
+CVE-2019-7737
+ RESERVED
+CVE-2019-7736 (D-Link DIR-600M C1 3.04 devices allow authentication bypass via
a ...)
+ TODO: check
+CVE-2019-7735
+ RESERVED
+CVE-2019-7734
+ RESERVED
+CVE-2019-7733 (In Live555 0.95, there is a buffer overflow via a large integer
in a ...)
+ TODO: check
+CVE-2019-7732 (In Live555 0.95, a setup packet can cause a memory leak leading
to DoS ...)
+ TODO: check
+CVE-2019-7731 (MyWebSQL 3.7 has a remote code execution (RCE) vulnerability
after an ...)
+ TODO: check
+CVE-2019-7730 (MyWebSQL 3.7 has a Cross-site request forgery (CSRF)
vulnerability for ...)
+ TODO: check
+CVE-2019-7729
+ RESERVED
+CVE-2019-7728
+ RESERVED
+CVE-2019-7727
+ RESERVED
+CVE-2019-7726
+ RESERVED
+CVE-2019-7725
+ RESERVED
+CVE-2019-7724
+ RESERVED
+CVE-2019-7723
+ RESERVED
+CVE-2019-7722 (PMD 5.8.1 and earlier processes XML external entities in
ruleset files ...)
+ TODO: check
CVE-2019-XXXX [fuse mount exposes backup to unauthorized users]
- borgbackup 1.1.9-1 (bug #922080)
NOTE: https://github.com/borgbackup/borg/issues/3903
@@ -1903,7 +1949,7 @@ CVE-2019-6976 (libvips before 8.7.4 writes to
uninitialized memory locations in
- vips 8.7.4-1
[jessie] - vips <ignored> (Minor Issue)
NOTE:
https://github.com/libvips/libvips/commit/00622428bda8d7521db8d74260b519fa41d69d0a
-CVE-2019-6975 [Memory exhaustion in django.utils.numberformat.format()]
+CVE-2019-6975 (Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x
before ...)
- python-django 1:1.11.20-1 (bug #922027)
[jessie] - python-django <not-affected> (Vulnerable code not present)
NOTE: Upstream re-released https://code.djangoproject.com/ticket/30175
@@ -3985,7 +4031,7 @@ CVE-2019-6117
RESERVED
CVE-2019-6116 [subroutines within pseudo-operators must themselves be
pseudo-operators]
RESERVED
- {DSA-4372-1}
+ {DSA-4372-1 DLA-1670-1}
- ghostscript 9.26a~dfsg-1
NOTE: https://www.openwall.com/lists/oss-security/2019/01/23/5
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996
@@ -4918,8 +4964,7 @@ CVE-2018-20679 (An issue was discovered in BusyBox before
1.30.0. An out of boun
NOTE: is needed to fix the issue completely.
CVE-2018-20678
RESERVED
-CVE-2019-5736 [runc container breakout]
- RESERVED
+CVE-2019-5736 (runc through 1.0-rc6, as used in Docker before 18.09.2 and
other ...)
- runc <unfixed> (bug #922050)
- lxc <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2019/02/11/2
@@ -8872,13 +8917,13 @@ CVE-2019-3825 (A vulnerability was discovered in gdm
before 3.31.4. When timed l
CVE-2019-3824
RESERVED
CVE-2019-3823 (libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to
a heap ...)
- {DSA-4386-1}
+ {DSA-4386-1 DLA-1672-1}
- curl 7.64.0-1
NOTE: https://curl.haxx.se/docs/CVE-2019-3823.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484
NOTE: Introduced by:
https://github.com/curl/curl/commit/2766262a68688c1dd8143f9c4be84b46c408b70a
CVE-2019-3822 (libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to
a ...)
- {DSA-4386-1}
+ {DSA-4386-1 DLA-1672-1}
- curl 7.64.0-1
NOTE: https://curl.haxx.se/docs/CVE-2019-3822.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/50c9484278c63b958655a717844f0721263939cc
@@ -9970,8 +10015,8 @@ CVE-2018-20589 (Ivan Cordoba Generic Content Management
System (CMS) through 201
NOT-FOR-US: Ivan Cordoba Generic Content Management System (CMS)
CVE-2018-20588 (lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc
...)
NOT-FOR-US: otfcc
-CVE-2018-20587
- RESERVED
+CVE-2018-20587 (Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0
through ...)
+ TODO: check
CVE-2018-20586
RESERVED
CVE-2018-20585
@@ -10727,6 +10772,7 @@ CVE-2018-20341
RESERVED
CVE-2018-20340 [buffer overflow]
RESERVED
+ {DSA-4389-1}
- libu2f-host 1.1.7-1 (bug #921726)
NOTE: https://www.yubico.com/support/security-advisories/ysa-2019-01/
NOTE:
https://github.com/Yubico/libu2f-host/commit/f526546bb29f2ef704ae9850f0f4b41fea7b62a4
@@ -21436,7 +21482,7 @@ CVE-2018-18897 (An issue was discovered in Poppler
0.71.0. There is a memory lea
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/654
CVE-2018-18896
RESERVED
-CVE-2018-18895 (A version of Castor XML, as used in Cisco WebEx Meetings
Server before ...)
+CVE-2018-18895
NOT-FOR-US: Cisco
CVE-2018-18894
RESERVED
@@ -26539,7 +26585,7 @@ CVE-2018-16892
CVE-2018-16891
RESERVED
CVE-2018-16890 (libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to
a heap ...)
- {DSA-4386-1}
+ {DSA-4386-1 DLA-1672-1}
- curl 7.64.0-1
NOTE: https://curl.haxx.se/docs/CVE-2018-16890.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb
@@ -28693,21 +28739,21 @@ CVE-2018-16108
CVE-2018-16107
RESERVED
CVE-2018-16106
- RESERVED
+ REJECTED
CVE-2018-16105
- RESERVED
+ REJECTED
CVE-2018-16104
- RESERVED
+ REJECTED
CVE-2018-16103
- RESERVED
+ REJECTED
CVE-2018-16102
- RESERVED
+ REJECTED
CVE-2018-16101
- RESERVED
+ REJECTED
CVE-2018-16100
- RESERVED
+ REJECTED
CVE-2018-16099
- RESERVED
+ REJECTED
CVE-2018-16098 (In some Lenovo ThinkPads, an unquoted search path
vulnerability was ...)
NOT-FOR-US: Lenovo
CVE-2018-16097 (LXCI for VMware versions prior to 5.5 and LXCI for Microsoft
System ...)
@@ -30051,12 +30097,12 @@ CVE-2018-15590 (An issue was discovered in Ivanti
Workspace Control before 10.3.
NOT-FOR-US: Ivanti Workspace Control
CVE-2018-15589
RESERVED
-CVE-2018-15588
- RESERVED
-CVE-2018-15587
- RESERVED
-CVE-2018-15586
- RESERVED
+CVE-2018-15588 (MailMate before 1.11.3 mishandles a suspicious HTML/MIME
structure in a ...)
+ TODO: check
+CVE-2018-15587 (GNOME Evolution through 3.28.2 is prone to OpenPGP signatures
being ...)
+ TODO: check
+CVE-2018-15586 (Enigmail before 2.0.6 is prone to to OpenPGP signatures being
spoofed ...)
+ TODO: check
CVE-2018-1000657 (Rust Programming Language Rust standard library version
Commit ...)
- rustc 1.22.1+dfsg1-1 (bug #906585)
NOTE: Introduced by:
https://github.com/rust-lang/rust/commit/bfa0e1f58acf1c28d500c34ed258f09ae021893e
(1.3.0)
@@ -34462,18 +34508,18 @@ CVE-2018-13895
RESERVED
CVE-2018-13894
RESERVED
-CVE-2018-13893
- RESERVED
+CVE-2018-13893 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
+ TODO: check
CVE-2018-13892
RESERVED
CVE-2018-13891
RESERVED
CVE-2018-13890
RESERVED
-CVE-2018-13889
- RESERVED
-CVE-2018-13888
- RESERVED
+CVE-2018-13889 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
+ TODO: check
+CVE-2018-13888 (There is potential for memory corruption in the RIL daemon due
to de ...)
+ TODO: check
CVE-2018-13887
RESERVED
CVE-2018-13886
@@ -37754,12 +37800,12 @@ CVE-2018-12550
[jessie] - mosquitto <postponed> (Minor issue)
NOTE: https://mosquitto.org/blog/2019/02/version-1-5-6-released/
NOTE: https://mosquitto.org/files/cve/2018-12550
-CVE-2018-12549
- RESERVED
+CVE-2018-12549 (In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may
...)
+ TODO: check
CVE-2018-12548 (In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public
...)
NOT-FOR-US: OpenJDK + Eclipse OpenJ9
-CVE-2018-12547
- RESERVED
+CVE-2018-12547 (In Eclipse OpenJ9, prior to the 0.12.0 release, the
jio_snprintf() and ...)
+ TODO: check
CVE-2018-12546
RESERVED
{DSA-4388-1}
@@ -39369,24 +39415,24 @@ CVE-2018-12017
CVE-2018-12016 (libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1
allows ...)
- epiphany-browser 3.28.3.1-1 (unimportant; bug #901018)
NOTE: webkit not covered by security support
-CVE-2018-12014
- RESERVED
+CVE-2018-12014 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
+ TODO: check
CVE-2018-12013
RESERVED
CVE-2018-12012
RESERVED
-CVE-2018-12011
- RESERVED
-CVE-2018-12010
- RESERVED
+CVE-2018-12011 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
+ TODO: check
+CVE-2018-12010 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
+ TODO: check
CVE-2018-12009
RESERVED
CVE-2018-12008
RESERVED
CVE-2018-12007
RESERVED
-CVE-2018-12006
- RESERVED
+CVE-2018-12006 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
+ TODO: check
CVE-2018-12005
RESERVED
CVE-2018-12004
@@ -39476,8 +39522,8 @@ CVE-2018-11964 (In all android releases(Android for
MSM, Firefox OS for MSM, QRD
NOT-FOR-US: CodeAurora components for Android
CVE-2018-11963 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
NOT-FOR-US: CodeAurora components for Android
-CVE-2018-11962
- RESERVED
+CVE-2018-11962 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
+ TODO: check
CVE-2018-11961 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
NOT-FOR-US: CodeAurora components for Android
CVE-2018-11960 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
@@ -39609,8 +39655,8 @@ CVE-2018-11901
RESERVED
CVE-2018-11900
RESERVED
-CVE-2018-11899
- RESERVED
+CVE-2018-11899 (While processing radio connection status change events, Radio
index is ...)
+ TODO: check
CVE-2018-11898 (In all android releases (Android for MSM, Firefox OS for MSM,
QRD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11897 (In all android releases (Android for MSM, Firefox OS for MSM,
QRD ...)
@@ -39631,8 +39677,8 @@ CVE-2018-11890
RESERVED
CVE-2018-11889 (In all android releases (Android for MSM, Firefox OS for MSM,
QRD ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11888
- RESERVED
+CVE-2018-11888 (Unauthorized access may be allowed by the SCP11 Crypto
Services TA ...)
+ TODO: check
CVE-2018-11887
RESERVED
CVE-2018-11886 (In all android releases (Android for MSM, Firefox OS for MSM,
QRD ...)
@@ -39698,8 +39744,7 @@ CVE-2018-11857 (Improper input validation in WLAN
encrypt/decrypt module can lea
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11856 (Improper input validation leads to buffer overwrite in the
WLAN ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11855
- RESERVED
+CVE-2018-11855 (If an end user makes use of SCP11 sample OCE code without
modification ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11854 (Lack of check of valid length of input parameter may cause
buffer ...)
NOT-FOR-US: Qualcomm components for Android
@@ -39715,8 +39760,8 @@ CVE-2018-11849 (Lack of check on out of range of bssid
parameter When processing
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11848
RESERVED
-CVE-2018-11847
- RESERVED
+CVE-2018-11847 (Malicious TA can tag QSEE kernel memory and map to EL0, there
by ...)
+ TODO: check
CVE-2018-11846 (The use of a non-time-constant memory comparison operation can
lead to ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11845
@@ -61708,16 +61753,16 @@ CVE-2018-4060
RESERVED
CVE-2018-4059
RESERVED
- {DSA-4373-1}
+ {DSA-4373-1 DLA-1671-1}
- coturn 4.5.1.0-1
CVE-2018-4058
RESERVED
- {DSA-4373-1}
+ {DSA-4373-1 DLA-1671-1}
- coturn 4.5.1.0-1
CVE-2018-4057
RESERVED
CVE-2018-4056 (An exploitable SQL injection vulnerability exists in the
administrator ...)
- {DSA-4373-1}
+ {DSA-4373-1 DLA-1671-1}
- coturn 4.5.1.0-1
CVE-2018-4055
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e803dd703cc586cf3a46bfa73423aa5951ca7dca
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e803dd703cc586cf3a46bfa73423aa5951ca7dca
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
