Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 228a07fa by security tracker role at 2019-10-05T20:10:22Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,17 @@ +CVE-2019-17199 (www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory T ...) + TODO: check +CVE-2019-17198 + RESERVED +CVE-2019-17197 (OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic f ...) + TODO: check +CVE-2019-17196 + RESERVED +CVE-2019-17195 + RESERVED +CVE-2019-17194 + RESERVED +CVE-2019-17193 + RESERVED CVE-2019-17192 (** DISPUTED ** The WebRTC component in the Signal Private Messenger ap ...) TODO: check CVE-2019-17191 (The Signal Private Messenger application before 4.47.7 for Android all ...) @@ -700,6 +714,7 @@ CVE-2019-16890 (Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/c CVE-2019-16889 (Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause ...) NOT-FOR-US: Ubiquiti EdgeMAX CVE-2017-18635 (An XSS vulnerability was discovered in noVNC before 0.6.2 in which the ...) + {DLA-1946-1} - novnc 1:1.0.0-1 NOTE: https://bugs.launchpad.net/horizon/+bug/1656435 NOTE: https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534 @@ -12580,9 +12595,9 @@ CVE-2019-13147 (In Audio File Library (aka audiofile) 0.3.6, there exists one NU CVE-2019-13146 (The field_test gem 0.3.0 for Ruby has unvalidated input. A method call ...) NOT-FOR-US: field_test gem CVE-2019-13145 - RESERVED -CVE-2019-13144 REJECTED +CVE-2019-13144 (myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. This is fixed in ...) + TODO: check CVE-2019-13143 (An HTTP parameter pollution issue was discovered on Shenzhen Dragon Br ...) NOT-FOR-US: Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 CVE-2019-13142 (The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) ...) @@ -22333,32 +22348,32 @@ CVE-2019-9855 (LibreOffice is typically bundled with LibreLogo, a programmable t - libreoffice <not-affected> (Windows-specific) NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9855/ CVE-2019-9854 (LibreOffice has a feature where documents can specify that pre-install ...) - {DSA-4519-1} + {DSA-4519-1 DLA-1947-1} - libreoffice 1:6.3.1~rc2-1 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9854/ CVE-2019-9853 (LibreOffice documents can contain macros. The execution of those macro ...) - {DSA-4501-1} + {DSA-4501-1 DLA-1947-1} - libreoffice 1:6.3.0-1 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9853 CVE-2019-9852 (LibreOffice has a feature where documents can specify that pre-install ...) - {DSA-4501-1} + {DSA-4501-1 DLA-1947-1} - libreoffice 1:6.3.0-1 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9852/ CVE-2019-9851 (LibreOffice is typically bundled with LibreLogo, a programmable turtle ...) - {DSA-4501-1} + {DSA-4501-1 DLA-1947-1} - libreoffice 1:6.3.0-1 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9851/ CVE-2019-9850 (LibreOffice is typically bundled with LibreLogo, a programmable turtle ...) - {DSA-4501-1} + {DSA-4501-1 DLA-1947-1} - libreoffice 1:6.3.0-1 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9850/ CVE-2019-9849 (LibreOffice has a 'stealth mode' in which only documents from location ...) - {DSA-4483-1} + {DSA-4483-1 DLA-1947-1} [experimental] - libreoffice 1:6.3.0~beta2-1 - libreoffice 1:6.3.0~rc1-1 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9849/ CVE-2019-9848 (LibreOffice has a feature where documents can specify that pre-install ...) - {DSA-4483-1} + {DSA-4483-1 DLA-1947-1} [experimental] - libreoffice 1:6.3.0~beta2-1 - libreoffice 1:6.3.0~rc1-1 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9848/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/228a07fa76c73594e791f696ac2168cd33cd5e09 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/228a07fa76c73594e791f696ac2168cd33cd5e09 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits