[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 05 Oct 2019 13:11:08 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
228a07fa by security tracker role at 2019-10-05T20:10:22Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2019-17199 (www/getfile.php in WPO WebPageTest 19.04 on Windows allows 
Directory T ...)
+       TODO: check
+CVE-2019-17198
+       RESERVED
+CVE-2019-17197 (OpenEMR through 5.0.2 has SQL Injection in the Lifestyle 
demographic f ...)
+       TODO: check
+CVE-2019-17196
+       RESERVED
+CVE-2019-17195
+       RESERVED
+CVE-2019-17194
+       RESERVED
+CVE-2019-17193
+       RESERVED
 CVE-2019-17192 (** DISPUTED ** The WebRTC component in the Signal Private 
Messenger ap ...)
        TODO: check
 CVE-2019-17191 (The Signal Private Messenger application before 4.47.7 for 
Android all ...)
@@ -700,6 +714,7 @@ CVE-2019-16890 (Halo 1.1.0 has XSS via a crafted authorUrl 
in JSON data to api/c
 CVE-2019-16889 (Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers 
to cause  ...)
        NOT-FOR-US: Ubiquiti EdgeMAX
 CVE-2017-18635 (An XSS vulnerability was discovered in noVNC before 0.6.2 in 
which the ...)
+       {DLA-1946-1}
        - novnc 1:1.0.0-1
        NOTE: https://bugs.launchpad.net/horizon/+bug/1656435
        NOTE: 
https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534
@@ -12580,9 +12595,9 @@ CVE-2019-13147 (In Audio File Library (aka audiofile) 
0.3.6, there exists one NU
 CVE-2019-13146 (The field_test gem 0.3.0 for Ruby has unvalidated input. A 
method call ...)
        NOT-FOR-US: field_test gem
 CVE-2019-13145
-       RESERVED
-CVE-2019-13144
        REJECTED
+CVE-2019-13144 (myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. This is 
fixed in  ...)
+       TODO: check
 CVE-2019-13143 (An HTTP parameter pollution issue was discovered on Shenzhen 
Dragon Br ...)
        NOT-FOR-US: Shenzhen Dragon Brothers Fingerprint Bluetooth Round 
Padlock FB50
 CVE-2019-13142 (The RzSurroundVADStreamingService 
(RzSurroundVADStreamingService.exe)  ...)
@@ -22333,32 +22348,32 @@ CVE-2019-9855 (LibreOffice is typically bundled with 
LibreLogo, a programmable t
        - libreoffice <not-affected> (Windows-specific)
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/cve-2019-9855/
 CVE-2019-9854 (LibreOffice has a feature where documents can specify that 
pre-install ...)
-       {DSA-4519-1}
+       {DSA-4519-1 DLA-1947-1}
        - libreoffice 1:6.3.1~rc2-1
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/cve-2019-9854/
 CVE-2019-9853 (LibreOffice documents can contain macros. The execution of 
those macro ...)
-       {DSA-4501-1}
+       {DSA-4501-1 DLA-1947-1}
        - libreoffice 1:6.3.0-1
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/cve-2019-9853
 CVE-2019-9852 (LibreOffice has a feature where documents can specify that 
pre-install ...)
-       {DSA-4501-1}
+       {DSA-4501-1 DLA-1947-1}
        - libreoffice 1:6.3.0-1
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/cve-2019-9852/
 CVE-2019-9851 (LibreOffice is typically bundled with LibreLogo, a programmable 
turtle ...)
-       {DSA-4501-1}
+       {DSA-4501-1 DLA-1947-1}
        - libreoffice 1:6.3.0-1
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/cve-2019-9851/
 CVE-2019-9850 (LibreOffice is typically bundled with LibreLogo, a programmable 
turtle ...)
-       {DSA-4501-1}
+       {DSA-4501-1 DLA-1947-1}
        - libreoffice 1:6.3.0-1
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/cve-2019-9850/
 CVE-2019-9849 (LibreOffice has a 'stealth mode' in which only documents from 
location ...)
-       {DSA-4483-1}
+       {DSA-4483-1 DLA-1947-1}
        [experimental] - libreoffice 1:6.3.0~beta2-1
        - libreoffice 1:6.3.0~rc1-1
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/cve-2019-9849/
 CVE-2019-9848 (LibreOffice has a feature where documents can specify that 
pre-install ...)
-       {DSA-4483-1}
+       {DSA-4483-1 DLA-1947-1}
        [experimental] - libreoffice 1:6.3.0~beta2-1
        - libreoffice 1:6.3.0~rc1-1
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/cve-2019-9848/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/228a07fa76c73594e791f696ac2168cd33cd5e09

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/228a07fa76c73594e791f696ac2168cd33cd5e09
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to