Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: e803dd70 by security tracker role at 2019-02-11T20:10:19Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,49 @@ +CVE-2019-7744 + RESERVED +CVE-2019-7743 + RESERVED +CVE-2019-7742 + RESERVED +CVE-2019-7741 + RESERVED +CVE-2019-7740 + RESERVED +CVE-2019-7739 + RESERVED +CVE-2019-7738 + RESERVED +CVE-2019-7737 + RESERVED +CVE-2019-7736 (D-Link DIR-600M C1 3.04 devices allow authentication bypass via a ...) + TODO: check +CVE-2019-7735 + RESERVED +CVE-2019-7734 + RESERVED +CVE-2019-7733 (In Live555 0.95, there is a buffer overflow via a large integer in a ...) + TODO: check +CVE-2019-7732 (In Live555 0.95, a setup packet can cause a memory leak leading to DoS ...) + TODO: check +CVE-2019-7731 (MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an ...) + TODO: check +CVE-2019-7730 (MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for ...) + TODO: check +CVE-2019-7729 + RESERVED +CVE-2019-7728 + RESERVED +CVE-2019-7727 + RESERVED +CVE-2019-7726 + RESERVED +CVE-2019-7725 + RESERVED +CVE-2019-7724 + RESERVED +CVE-2019-7723 + RESERVED +CVE-2019-7722 (PMD 5.8.1 and earlier processes XML external entities in ruleset files ...) + TODO: check CVE-2019-XXXX [fuse mount exposes backup to unauthorized users] - borgbackup 1.1.9-1 (bug #922080) NOTE: https://github.com/borgbackup/borg/issues/3903 @@ -1903,7 +1949,7 @@ CVE-2019-6976 (libvips before 8.7.4 writes to uninitialized memory locations in - vips 8.7.4-1 [jessie] - vips <ignored> (Minor Issue) NOTE: https://github.com/libvips/libvips/commit/00622428bda8d7521db8d74260b519fa41d69d0a -CVE-2019-6975 [Memory exhaustion in django.utils.numberformat.format()] +CVE-2019-6975 (Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before ...) - python-django 1:1.11.20-1 (bug #922027) [jessie] - python-django <not-affected> (Vulnerable code not present) NOTE: Upstream re-released https://code.djangoproject.com/ticket/30175 @@ -3985,7 +4031,7 @@ CVE-2019-6117 RESERVED CVE-2019-6116 [subroutines within pseudo-operators must themselves be pseudo-operators] RESERVED - {DSA-4372-1} + {DSA-4372-1 DLA-1670-1} - ghostscript 9.26a~dfsg-1 NOTE: https://www.openwall.com/lists/oss-security/2019/01/23/5 NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996 @@ -4918,8 +4964,7 @@ CVE-2018-20679 (An issue was discovered in BusyBox before 1.30.0. An out of boun NOTE: is needed to fix the issue completely. CVE-2018-20678 RESERVED -CVE-2019-5736 [runc container breakout] - RESERVED +CVE-2019-5736 (runc through 1.0-rc6, as used in Docker before 18.09.2 and other ...) - runc <unfixed> (bug #922050) - lxc <unfixed> (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2019/02/11/2 @@ -8872,13 +8917,13 @@ CVE-2019-3825 (A vulnerability was discovered in gdm before 3.31.4. When timed l CVE-2019-3824 RESERVED CVE-2019-3823 (libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap ...) - {DSA-4386-1} + {DSA-4386-1 DLA-1672-1} - curl 7.64.0-1 NOTE: https://curl.haxx.se/docs/CVE-2019-3823.html NOTE: Fixed by: https://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484 NOTE: Introduced by: https://github.com/curl/curl/commit/2766262a68688c1dd8143f9c4be84b46c408b70a CVE-2019-3822 (libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a ...) - {DSA-4386-1} + {DSA-4386-1 DLA-1672-1} - curl 7.64.0-1 NOTE: https://curl.haxx.se/docs/CVE-2019-3822.html NOTE: Fixed by: https://github.com/curl/curl/commit/50c9484278c63b958655a717844f0721263939cc @@ -9970,8 +10015,8 @@ CVE-2018-20589 (Ivan Cordoba Generic Content Management System (CMS) through 201 NOT-FOR-US: Ivan Cordoba Generic Content Management System (CMS) CVE-2018-20588 (lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc ...) NOT-FOR-US: otfcc -CVE-2018-20587 - RESERVED +CVE-2018-20587 (Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through ...) + TODO: check CVE-2018-20586 RESERVED CVE-2018-20585 @@ -10727,6 +10772,7 @@ CVE-2018-20341 RESERVED CVE-2018-20340 [buffer overflow] RESERVED + {DSA-4389-1} - libu2f-host 1.1.7-1 (bug #921726) NOTE: https://www.yubico.com/support/security-advisories/ysa-2019-01/ NOTE: https://github.com/Yubico/libu2f-host/commit/f526546bb29f2ef704ae9850f0f4b41fea7b62a4 @@ -21436,7 +21482,7 @@ CVE-2018-18897 (An issue was discovered in Poppler 0.71.0. There is a memory lea NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/654 CVE-2018-18896 RESERVED -CVE-2018-18895 (A version of Castor XML, as used in Cisco WebEx Meetings Server before ...) +CVE-2018-18895 NOT-FOR-US: Cisco CVE-2018-18894 RESERVED @@ -26539,7 +26585,7 @@ CVE-2018-16892 CVE-2018-16891 RESERVED CVE-2018-16890 (libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap ...) - {DSA-4386-1} + {DSA-4386-1 DLA-1672-1} - curl 7.64.0-1 NOTE: https://curl.haxx.se/docs/CVE-2018-16890.html NOTE: Fixed by: https://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb @@ -28693,21 +28739,21 @@ CVE-2018-16108 CVE-2018-16107 RESERVED CVE-2018-16106 - RESERVED + REJECTED CVE-2018-16105 - RESERVED + REJECTED CVE-2018-16104 - RESERVED + REJECTED CVE-2018-16103 - RESERVED + REJECTED CVE-2018-16102 - RESERVED + REJECTED CVE-2018-16101 - RESERVED + REJECTED CVE-2018-16100 - RESERVED + REJECTED CVE-2018-16099 - RESERVED + REJECTED CVE-2018-16098 (In some Lenovo ThinkPads, an unquoted search path vulnerability was ...) NOT-FOR-US: Lenovo CVE-2018-16097 (LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System ...) @@ -30051,12 +30097,12 @@ CVE-2018-15590 (An issue was discovered in Ivanti Workspace Control before 10.3. NOT-FOR-US: Ivanti Workspace Control CVE-2018-15589 RESERVED -CVE-2018-15588 - RESERVED -CVE-2018-15587 - RESERVED -CVE-2018-15586 - RESERVED +CVE-2018-15588 (MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a ...) + TODO: check +CVE-2018-15587 (GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being ...) + TODO: check +CVE-2018-15586 (Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed ...) + TODO: check CVE-2018-1000657 (Rust Programming Language Rust standard library version Commit ...) - rustc 1.22.1+dfsg1-1 (bug #906585) NOTE: Introduced by: https://github.com/rust-lang/rust/commit/bfa0e1f58acf1c28d500c34ed258f09ae021893e (1.3.0) @@ -34462,18 +34508,18 @@ CVE-2018-13895 RESERVED CVE-2018-13894 RESERVED -CVE-2018-13893 - RESERVED +CVE-2018-13893 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...) + TODO: check CVE-2018-13892 RESERVED CVE-2018-13891 RESERVED CVE-2018-13890 RESERVED -CVE-2018-13889 - RESERVED -CVE-2018-13888 - RESERVED +CVE-2018-13889 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...) + TODO: check +CVE-2018-13888 (There is potential for memory corruption in the RIL daemon due to de ...) + TODO: check CVE-2018-13887 RESERVED CVE-2018-13886 @@ -37754,12 +37800,12 @@ CVE-2018-12550 [jessie] - mosquitto <postponed> (Minor issue) NOTE: https://mosquitto.org/blog/2019/02/version-1-5-6-released/ NOTE: https://mosquitto.org/files/cve/2018-12550 -CVE-2018-12549 - RESERVED +CVE-2018-12549 (In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may ...) + TODO: check CVE-2018-12548 (In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public ...) NOT-FOR-US: OpenJDK + Eclipse OpenJ9 -CVE-2018-12547 - RESERVED +CVE-2018-12547 (In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and ...) + TODO: check CVE-2018-12546 RESERVED {DSA-4388-1} @@ -39369,24 +39415,24 @@ CVE-2018-12017 CVE-2018-12016 (libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows ...) - epiphany-browser 3.28.3.1-1 (unimportant; bug #901018) NOTE: webkit not covered by security support -CVE-2018-12014 - RESERVED +CVE-2018-12014 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...) + TODO: check CVE-2018-12013 RESERVED CVE-2018-12012 RESERVED -CVE-2018-12011 - RESERVED -CVE-2018-12010 - RESERVED +CVE-2018-12011 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...) + TODO: check +CVE-2018-12010 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...) + TODO: check CVE-2018-12009 RESERVED CVE-2018-12008 RESERVED CVE-2018-12007 RESERVED -CVE-2018-12006 - RESERVED +CVE-2018-12006 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...) + TODO: check CVE-2018-12005 RESERVED CVE-2018-12004 @@ -39476,8 +39522,8 @@ CVE-2018-11964 (In all android releases(Android for MSM, Firefox OS for MSM, QRD NOT-FOR-US: CodeAurora components for Android CVE-2018-11963 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...) NOT-FOR-US: CodeAurora components for Android -CVE-2018-11962 - RESERVED +CVE-2018-11962 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...) + TODO: check CVE-2018-11961 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...) NOT-FOR-US: CodeAurora components for Android CVE-2018-11960 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...) @@ -39609,8 +39655,8 @@ CVE-2018-11901 RESERVED CVE-2018-11900 RESERVED -CVE-2018-11899 - RESERVED +CVE-2018-11899 (While processing radio connection status change events, Radio index is ...) + TODO: check CVE-2018-11898 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11897 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...) @@ -39631,8 +39677,8 @@ CVE-2018-11890 RESERVED CVE-2018-11889 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-11888 - RESERVED +CVE-2018-11888 (Unauthorized access may be allowed by the SCP11 Crypto Services TA ...) + TODO: check CVE-2018-11887 RESERVED CVE-2018-11886 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...) @@ -39698,8 +39744,7 @@ CVE-2018-11857 (Improper input validation in WLAN encrypt/decrypt module can lea NOT-FOR-US: Qualcomm components for Android CVE-2018-11856 (Improper input validation leads to buffer overwrite in the WLAN ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-11855 - RESERVED +CVE-2018-11855 (If an end user makes use of SCP11 sample OCE code without modification ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11854 (Lack of check of valid length of input parameter may cause buffer ...) NOT-FOR-US: Qualcomm components for Android @@ -39715,8 +39760,8 @@ CVE-2018-11849 (Lack of check on out of range of bssid parameter When processing NOT-FOR-US: Qualcomm components for Android CVE-2018-11848 RESERVED -CVE-2018-11847 - RESERVED +CVE-2018-11847 (Malicious TA can tag QSEE kernel memory and map to EL0, there by ...) + TODO: check CVE-2018-11846 (The use of a non-time-constant memory comparison operation can lead to ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11845 @@ -61708,16 +61753,16 @@ CVE-2018-4060 RESERVED CVE-2018-4059 RESERVED - {DSA-4373-1} + {DSA-4373-1 DLA-1671-1} - coturn 4.5.1.0-1 CVE-2018-4058 RESERVED - {DSA-4373-1} + {DSA-4373-1 DLA-1671-1} - coturn 4.5.1.0-1 CVE-2018-4057 RESERVED CVE-2018-4056 (An exploitable SQL injection vulnerability exists in the administrator ...) - {DSA-4373-1} + {DSA-4373-1 DLA-1671-1} - coturn 4.5.1.0-1 CVE-2018-4055 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e803dd703cc586cf3a46bfa73423aa5951ca7dca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e803dd703cc586cf3a46bfa73423aa5951ca7dca You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits