Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: ea926fa6 by security tracker role at 2019-11-25T20:10:23Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,49 @@ +CVE-2019-19263 + RESERVED +CVE-2019-19262 + RESERVED +CVE-2019-19261 + RESERVED +CVE-2019-19260 + RESERVED +CVE-2019-19259 + RESERVED +CVE-2019-19258 + RESERVED +CVE-2019-19257 + RESERVED +CVE-2019-19256 + RESERVED +CVE-2019-19255 + RESERVED +CVE-2019-19254 + RESERVED +CVE-2019-19253 + RESERVED +CVE-2019-19252 (vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5. ...) + TODO: check +CVE-2019-19251 + RESERVED +CVE-2019-19250 (OpenTrade before 2019-11-23 allows SQL injection, related to server/mo ...) + TODO: check +CVE-2019-19249 (Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta m ...) + TODO: check +CVE-2019-19248 + RESERVED +CVE-2019-19247 + RESERVED +CVE-2019-19246 (Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has ...) + TODO: check +CVE-2019-19245 + RESERVED +CVE-2019-19244 + RESERVED +CVE-2019-19243 + RESERVED +CVE-2019-19242 (SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_C ...) + TODO: check +CVE-2019-19241 + RESERVED CVE-2019-19240 (Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests wit ...) NOT-FOR-US: Embedthis GoAhead CVE-2019-19239 @@ -3486,8 +3532,7 @@ CVE-2019-18683 (An issue was discovered in drivers/media/platform/vivid in the L - linux <unfixed> [jessie] - linux <not-affected> (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2019/11/02/1 -CVE-2019-18675 [integer overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c] - RESERVED +CVE-2019-18675 (The Linux kernel through 5.3.13 has a start_offset+size Integer Overfl ...) - linux <unfixed> NOTE: https://deshal3v.github.io/blog/kernel-research/mmap_exploitation CVE-2019-18674 (An issue was discovered in Joomla! before 3.9.13. A missing access che ...) @@ -3591,7 +3636,7 @@ CVE-2019-18627 RESERVED CVE-2019-18626 RESERVED -CVE-2018-21029 (systemd 239 through 243 accepts any certificate signed by a trusted ce ...) +CVE-2018-21029 (systemd 239 through 244 accepts any certificate signed by a trusted ce ...) - systemd <unfixed> [buster] - systemd <no-dsa> (Minor issue; systemd-resolved not enabled by default) [stretch] - systemd <not-affected> (Vulnerable code introduced later) @@ -4384,8 +4429,8 @@ CVE-2019-18376 RESERVED CVE-2019-18375 RESERVED -CVE-2019-18374 - RESERVED +CVE-2019-18374 (Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & ...) + TODO: check CVE-2019-18373 (Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass ex ...) NOT-FOR-US: Norton CVE-2019-18372 (Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to ...) @@ -7703,14 +7748,14 @@ CVE-2019-XXXX [Remote code execution vulnerability] NOTE: https://www.redhat.com/archives/libguestfs/2019-October/msg00060.html NOTE: https://github.com/libguestfs/libnbd/commit/f75f602a6361c0c5f42debfeea6980f698ce7f09 (1.1.4) NOTE: https://github.com/libguestfs/libnbd/commit/2c1987fc23d6d0f537edc6d4701e95a2387f7917 (stable-1.0) -CVE-2019-17406 - RESERVED -CVE-2019-17405 - RESERVED -CVE-2019-17404 - RESERVED -CVE-2019-17403 - RESERVED +CVE-2019-17406 (Nokia IMPACT < 18A has path traversal that may lead to RCE if chain ...) + TODO: check +CVE-2019-17405 (Nokia IMPACT < 18A: has Reflected self XSS ...) + TODO: check +CVE-2019-17404 (Nokia IMPACT < 18A: allows full path disclosure ...) + TODO: check +CVE-2019-17403 (Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was f ...) + TODO: check CVE-2019-17402 (Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in ...) TODO: check CVE-2019-17401 (** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer over-rea ...) @@ -9243,10 +9288,10 @@ CVE-2019-16767 RESERVED CVE-2019-16766 RESERVED -CVE-2019-16765 - RESERVED -CVE-2019-16764 - RESERVED +CVE-2019-16765 (If an attacker can get a user to open a specially prepared directory t ...) + TODO: check +CVE-2019-16764 (The use of `String.to_atom/1` in PowAssent is susceptible to denial of ...) + TODO: check CVE-2019-16763 (In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data ...) NOT-FOR-US: Pannellum CVE-2019-16762 (A specially crafted Bitcoin script can cause a discrepancy between the ...) @@ -12283,8 +12328,8 @@ CVE-2019-15686 RESERVED CVE-2019-15685 RESERVED -CVE-2019-15684 - RESERVED +CVE-2019-15684 (Kaspersky Protection extension for web browser Google Chrome prior to ...) + TODO: check CVE-2019-15683 (TurboVNC server code contains stack buffer overflow vulnerability in c ...) NOT-FOR-US: TurboVNC CVE-2019-15682 (RDesktop version 1.8.4 contains multiple out-of-bound access read vuln ...) @@ -14811,8 +14856,7 @@ CVE-2019-14892 NOTE: https://github.com/FasterXML/jackson-databind/issues/2462 NOTE: https://github.com/FasterXML/jackson-databind/commit/41b7f9b90149e9d44a65a8261a8deedc7186f6af NOTE: https://github.com/FasterXML/jackson-databind/commit/819cdbcab51c6da9fb896380f2d46e9b7d4fdc3b -CVE-2019-14891 - RESERVED +CVE-2019-14891 (A flaw was found in cri-o, as a result of all pod-related processes be ...) NOT-FOR-US: Kubernetes CRI-O CVE-2019-14890 RESERVED @@ -15048,8 +15092,7 @@ CVE-2019-14826 (A flaw was found in FreeIPA versions 4.5.0 and later. Session co NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1746944 NOTE: Introduced by https://pagure.io/freeipa/c/b895f4a34bcbd0b1787d2bfc1db25f34c3584b9c NOTE: due to fix for https://fedorahosted.org/freeipa/ticket/6682. -CVE-2019-14825 - RESERVED +CVE-2019-14825 (A cleartext password storage issue was discovered in Katello, versions ...) NOT-FOR-US: Katello CVE-2019-14824 (A flaw was found in the 'deref' plugin of 389-ds-base where it could u ...) {DLA-2004-1} @@ -15064,8 +15107,7 @@ CVE-2019-14823 (A flaw was found in the "Leaf and Chain" OCSP policy implementat NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1747435 NOTE: https://github.com/dogtagpki/jss/pull/284 NOTE: https://github.com/dogtagpki/jss/commit/be37ff4738b4696d529a13b6ed33c7ac56d97ba4 -CVE-2019-14822 [missing authorization flaw] - RESERVED +CVE-2019-14822 (A flaw was discovered in ibus that allows any unprivileged user to mon ...) {DSA-4525-1} - ibus 1.5.21-1 (bug #940267) NOTE: https://www.openwall.com/lists/oss-security/2019/09/13/1 @@ -15103,8 +15145,7 @@ CVE-2019-14817 (A flaw was found in, ghostscript versions prior to 9.50, in the CVE-2019-14816 (There is heap-based buffer overflow in kernel, all versions up to, exc ...) {DLA-1930-1} - linux 5.2.17-1 -CVE-2019-14815 - RESERVED +CVE-2019-14815 (kernel is vulnerable to a None ...) {DLA-1930-1} - linux 5.2.17-1 [jessie] - linux <not-affected> (Vulnerability introduced later) @@ -18490,254 +18531,195 @@ CVE-2019-13726 RESERVED CVE-2019-13725 RESERVED -CVE-2019-13724 - RESERVED +CVE-2019-13724 (Out of bounds memory access in WebBluetooth in Google Chrome prior to ...) {DSA-4575-1} - chromium 78.0.3904.108-1 -CVE-2019-13723 - RESERVED +CVE-2019-13723 (Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 ...) {DSA-4575-1} - chromium 78.0.3904.108-1 CVE-2019-13722 RESERVED -CVE-2019-13721 - RESERVED +CVE-2019-13721 (Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowe ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13720 - RESERVED +CVE-2019-13720 (Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allo ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13719 - RESERVED +CVE-2019-13719 (Incorrect security UI in full screen mode in Google Chrome prior to 78 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13718 - RESERVED +CVE-2019-13718 (Insufficient data validation in Omnibox in Google Chrome prior to 78.0 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13717 - RESERVED +CVE-2019-13717 (Incorrect security UI in full screen mode in Google Chrome prior to 78 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13716 - RESERVED +CVE-2019-13716 (Insufficient policy enforcement in service workers in Google Chrome pr ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13715 - RESERVED +CVE-2019-13715 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13714 - RESERVED +CVE-2019-13714 (Insufficient validation of untrusted input in Color Enhancer extension ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13713 - RESERVED +CVE-2019-13713 (Insufficient policy enforcement in JavaScript in Google Chrome prior t ...) {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13712 RESERVED -CVE-2019-13711 - RESERVED +CVE-2019-13711 (Insufficient policy enforcement in JavaScript in Google Chrome prior t ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13710 - RESERVED +CVE-2019-13710 (Insufficient validation of untrusted input in downloads in Google Chro ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13709 - RESERVED +CVE-2019-13709 (Insufficient policy enforcement in downloads in Google Chrome prior to ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13708 - RESERVED +CVE-2019-13708 (Inappropriate implementation in navigation in Google Chrome on iOS pri ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13707 - RESERVED +CVE-2019-13707 (Insufficient validation of untrusted input in intents in Google Chrome ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13706 - RESERVED +CVE-2019-13706 (Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13705 - RESERVED +CVE-2019-13705 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13704 - RESERVED +CVE-2019-13704 (Insufficient policy enforcement in navigation in Google Chrome prior t ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13703 - RESERVED +CVE-2019-13703 (Insufficient policy enforcement in the Omnibox in Google Chrome on And ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13702 - RESERVED +CVE-2019-13702 (Inappropriate implementation in installer in Google Chrome on Windows ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13701 - RESERVED +CVE-2019-13701 (Incorrect implementation in navigation in Google Chrome prior to 78.0. ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13700 - RESERVED +CVE-2019-13700 (Out of bounds memory access in the gamepad API in Google Chrome prior ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13699 - RESERVED +CVE-2019-13699 (Use after free in media in Google Chrome prior to 78.0.3904.70 allowed ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13698 - RESERVED -CVE-2019-13697 - RESERVED +CVE-2019-13698 (Out of bounds memory access in JavaScript in Google Chrome prior to 73 ...) + TODO: check +CVE-2019-13697 (Insufficient policy enforcement in performance APIs in Google Chrome p ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13696 - RESERVED +CVE-2019-13696 (Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 a ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13695 - RESERVED +CVE-2019-13695 (Use after free in audio in Google Chrome on Android prior to 77.0.3865 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13694 - RESERVED +CVE-2019-13694 (Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allow ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13693 - RESERVED +CVE-2019-13693 (Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 al ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13692 - RESERVED +CVE-2019-13692 (Insufficient policy enforcement in reader mode in Google Chrome prior ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13691 - RESERVED +CVE-2019-13691 (Insufficient validation of untrusted input in navigation in Google Chr ...) {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13690 RESERVED CVE-2019-13689 RESERVED -CVE-2019-13688 - RESERVED +CVE-2019-13688 (Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13687 - RESERVED +CVE-2019-13687 (Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13686 - RESERVED +CVE-2019-13686 (Use after free in offline mode in Google Chrome prior to 77.0.3865.90 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13685 - RESERVED +CVE-2019-13685 (Use after free in sharing view in Google Chrome prior to 77.0.3865.90 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13684 - RESERVED -CVE-2019-13683 - RESERVED +CVE-2019-13684 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...) + TODO: check +CVE-2019-13683 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13682 - RESERVED +CVE-2019-13682 (Insufficient policy enforcement in external protocol handling in Googl ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13681 - RESERVED +CVE-2019-13681 (Insufficient data validation in downloads in Google Chrome prior to 77 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13680 - RESERVED +CVE-2019-13680 (Inappropriate implementation in TLS in Google Chrome prior to 77.0.386 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13679 - RESERVED +CVE-2019-13679 (Insufficient policy enforcement in PDFium in Google Chrome prior to 77 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13678 - RESERVED +CVE-2019-13678 (Incorrect data validation in downloads in Google Chrome prior to 77.0. ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13677 - RESERVED +CVE-2019-13677 (Insufficient policy enforcement in site isolation in Google Chrome pri ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13676 - RESERVED +CVE-2019-13676 (Insufficient policy enforcement in Chromium in Google Chrome prior to ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13675 - RESERVED +CVE-2019-13675 (Insufficient data validation in extensions in Google Chrome prior to 7 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13674 - RESERVED +CVE-2019-13674 (IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13673 - RESERVED +CVE-2019-13673 (Insufficient data validation in developer tools in Google Chrome prior ...) {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13672 RESERVED -CVE-2019-13671 - RESERVED +CVE-2019-13671 (UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13670 - RESERVED +CVE-2019-13670 (Insufficient data validation in JavaScript in Google Chrome prior to 7 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13669 - RESERVED +CVE-2019-13669 (Incorrect data validation in navigation in Google Chrome prior to 77.0 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13668 - RESERVED +CVE-2019-13668 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13667 - RESERVED +CVE-2019-13667 (Inappropriate implementation in Omnibox in Google Chrome on iOS prior ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13666 - RESERVED +CVE-2019-13666 (Information leak in storage in Google Chrome prior to 77.0.3865.75 all ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13665 - RESERVED +CVE-2019-13665 (Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13664 - RESERVED +CVE-2019-13664 (Insufficient policy enforcement in Blink in Google Chrome prior to 77. ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13663 - RESERVED +CVE-2019-13663 (IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13662 - RESERVED +CVE-2019-13662 (Insufficient policy enforcement in navigations in Google Chrome prior ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13661 - RESERVED +CVE-2019-13661 (UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13660 - RESERVED +CVE-2019-13660 (UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-13659 - RESERVED +CVE-2019-13659 (IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed ...) {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13658 (CA Network Flow Analysis 9.x and 10.0.x have a default credential vuln ...) @@ -27052,6 +27034,7 @@ CVE-2019-11038 (When using the gdImageCreateFromXbm() function in the GD Graphic NOTE: https://github.com/libgd/libgd/issues/501 NOTE: https://github.com/libgd/libgd/commit/e13a342c079aeb73e31dfa19eaca119761bac3f3 CVE-2019-11037 (In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing ...) + {DSA-4576-1} - php-imagick 3.4.3-4.1 (bug #928420) [jessie] - php-imagick <not-affected> (vulnerable code is not present) NOTE: https://bugs.php.net/bug.php?id=77791 @@ -29109,8 +29092,7 @@ CVE-2019-10226 (HTML Injection has been discovered in the v0.19.0 version of the CVE-2019-10225 RESERVED NOT-FOR-US: OpenShift -CVE-2019-10224 [using dscreate in verbose mode results in information disclosure] - RESERVED +CVE-2019-10224 (A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. ...) - 389-ds-base 1.4.1.5-1 [stretch] - 389-ds-base <not-affected> (vulnerable code not present) [jessie] - 389-ds-base <not-affected> (vulnerable code not present) @@ -29145,8 +29127,7 @@ CVE-2019-10218 (A flaw was found in the samba client, all samba versions before [stretch] - samba <no-dsa> (Minor issue) [jessie] - samba <no-dsa> (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2019-10218.html -CVE-2019-10217 - RESERVED +CVE-2019-10217 (A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensit ...) - ansible 2.8.6+dfsg-1 (bug #934128) [buster] - ansible <not-affected> (Vulnerable code introduced later) [stretch] - ansible <not-affected> (Vulnerable code introduced later) @@ -29164,14 +29145,12 @@ CVE-2019-10216 [-dSAFER escape via .buildfont1] NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19 CVE-2019-10215 (Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-sit ...) NOT-FOR-US: Bootstrap-3-Typeahead -CVE-2019-10214 - RESERVED +CVE-2019-10214 (The containers/image library used by the container tools Podman, Build ...) - golang-github-containers-image <not-affected> (Vulnerable version was never in unstable) - singularity-container <unfixed> NOTE: https://github.com/containers/image/issues/654 NOTE: https://github.com/containers/image/pull/669 -CVE-2019-10213 - RESERVED +CVE-2019-10213 (OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize ...) NOT-FOR-US: OpenShift CVE-2019-10212 (A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for i ...) - undertow 2.0.27-1 @@ -29193,8 +29172,7 @@ CVE-2019-10208 (A flaw was discovered in postgresql versions 9.4.x before 9.4.24 - postgresql-9.6 <removed> - postgresql-9.4 <removed> NOTE: https://www.postgresql.org/about/news/1960/ -CVE-2019-10207 [bluetooth: hci_uart: 0x0 address execution as nonprivileged user] - RESERVED +CVE-2019-10207 (A flaw was found in the Linux kernel's Bluetooth implementation of UAR ...) {DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1} - linux 5.2.6-1 NOTE: https://www.openwall.com/lists/oss-security/2019/07/25/1 @@ -29330,8 +29308,7 @@ CVE-2019-10176 (A flaw was found in OpenShift Container Platform, versions 3.11 NOT-FOR-US: OpenShift CVE-2019-10175 (A flaw was found in the containerized-data-importer in virt-cdi-cloner ...) NOT-FOR-US: KubeVirt -CVE-2019-10174 - RESERVED +CVE-2019-10174 (A vulnerability was found in Infinispan such that the invokeAccessibly ...) NOT-FOR-US: infinispan CVE-2019-10173 (It was found that xstream API version 1.4.10 before 1.4.11 introduced ...) - libxstream-java 1.4.11-1 @@ -41710,141 +41687,108 @@ CVE-2019-5884 (php/elFinder.class.php in elFinder before 2.1.45 leaks informatio CVE-2019-5883 (An Incorrect Access Control issue was discovered in GitLab Community a ...) - gitlab 11.3.11+dfsg-1 NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/ -CVE-2019-5881 - RESERVED +CVE-2019-5881 (Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865. ...) - chromium 78.0.3904.87-1 -CVE-2019-5880 - RESERVED +CVE-2019-5880 (Insufficient policy enforcement in Blink in Google Chrome prior to 77. ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-5879 - RESERVED +CVE-2019-5879 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-5878 - RESERVED +CVE-2019-5878 (Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-5877 - RESERVED +CVE-2019-5877 (Out of bounds memory access in JavaScript in Google Chrome prior to 77 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-5876 - RESERVED +CVE-2019-5876 (Use after free in media in Google Chrome on Android prior to 77.0.3865 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-5875 - RESERVED +CVE-2019-5875 (Insufficient data validation in downloads in Google Chrome prior to 77 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-5874 - RESERVED +CVE-2019-5874 (Insufficient filtering in URI schemes in Google Chrome on Windows prio ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-5873 - RESERVED +CVE-2019-5873 (Insufficient policy validation in navigation in Google Chrome on iOS p ...) - chromium <not-affected> (iOS specific issue) -CVE-2019-5872 - RESERVED +CVE-2019-5872 (Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-5871 - RESERVED +CVE-2019-5871 (Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 al ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-5870 - RESERVED +CVE-2019-5870 (Use after free in media in Google Chrome prior to 77.0.3865.75 allowed ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-5869 - RESERVED +CVE-2019-5869 (Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowe ...) {DSA-4562-1} - chromium 78.0.3904.87-1 -CVE-2019-5868 - RESERVED +CVE-2019-5868 (Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allow ...) {DSA-4500-1} - chromium 76.0.3809.100-1 -CVE-2019-5867 - RESERVED +CVE-2019-5867 (Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.1 ...) {DSA-4500-1} - chromium 76.0.3809.100-1 -CVE-2019-5866 - RESERVED -CVE-2019-5865 - RESERVED +CVE-2019-5866 (Out of bounds memory access in JavaScript in Google Chrome prior to 75 ...) + TODO: check +CVE-2019-5865 (Insufficient policy enforcement in navigations in Google Chrome prior ...) {DSA-4500-1} - chromium 76.0.3809.87-1 -CVE-2019-5864 - RESERVED +CVE-2019-5864 (Insufficient data validation in CORS in Google Chrome prior to 76.0.38 ...) {DSA-4500-1} - chromium 76.0.3809.87-1 CVE-2019-5863 RESERVED - chromium <not-affected> (Windows-specific) -CVE-2019-5862 - RESERVED +CVE-2019-5862 (Insufficient data validation in AppCache in Google Chrome prior to 76. ...) {DSA-4500-1} - chromium 76.0.3809.87-1 -CVE-2019-5861 - RESERVED +CVE-2019-5861 (Insufficient data validation in Blink in Google Chrome prior to 76.0.3 ...) {DSA-4500-1} - chromium 76.0.3809.87-1 -CVE-2019-5860 - RESERVED +CVE-2019-5860 (Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowe ...) {DSA-4500-1} - chromium 76.0.3809.87-1 -CVE-2019-5859 - RESERVED +CVE-2019-5859 (Insufficient filtering in URI schemes in Google Chrome on Windows prio ...) {DSA-4500-1} - chromium 76.0.3809.87-1 -CVE-2019-5858 - RESERVED +CVE-2019-5858 (Incorrect security UI in MacOS services integration in Google Chrome o ...) {DSA-4500-1} - chromium 76.0.3809.87-1 -CVE-2019-5857 - RESERVED +CVE-2019-5857 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...) {DSA-4500-1} - chromium 76.0.3809.87-1 -CVE-2019-5856 - RESERVED +CVE-2019-5856 (Insufficient policy enforcement in storage in Google Chrome prior to 7 ...) {DSA-4500-1} - chromium 76.0.3809.87-1 -CVE-2019-5855 - RESERVED +CVE-2019-5855 (Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allo ...) {DSA-4500-1} - chromium 76.0.3809.87-1 -CVE-2019-5854 - RESERVED +CVE-2019-5854 (Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allo ...) {DSA-4500-1} - chromium 76.0.3809.87-1 -CVE-2019-5853 - RESERVED +CVE-2019-5853 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...) {DSA-4500-1} - chromium 76.0.3809.87-1 -CVE-2019-5852 - RESERVED +CVE-2019-5852 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...) {DSA-4500-1} - chromium 76.0.3809.87-1 -CVE-2019-5851 - RESERVED +CVE-2019-5851 (Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allo ...) {DSA-4500-1} - chromium 76.0.3809.87-1 -CVE-2019-5850 - RESERVED +CVE-2019-5850 (Use after free in offline mode in Google Chrome prior to 76.0.3809.87 ...) {DSA-4500-1} - chromium 76.0.3809.87-1 -CVE-2019-5849 - RESERVED +CVE-2019-5849 (Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allo ...) {DSA-4500-1} - chromium 76.0.3809.87-1 - firefox 69.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-5849 -CVE-2019-5848 - RESERVED +CVE-2019-5848 (Incorrect font handling in autofill in Google Chrome prior to 75.0.377 ...) {DSA-4500-1} - chromium 76.0.3809.87-1 -CVE-2019-5847 - RESERVED +CVE-2019-5847 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...) {DSA-4500-1} - chromium 76.0.3809.87-1 CVE-2019-5846 @@ -41855,8 +41799,7 @@ CVE-2019-5844 RESERVED CVE-2019-5843 RESERVED -CVE-2019-5842 - RESERVED +CVE-2019-5842 (Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed ...) {DSA-4500-1} - chromium 75.0.3770.90-1 CVE-2019-5841 @@ -45217,8 +45160,8 @@ CVE-2019-4408 RESERVED CVE-2019-4407 RESERVED -CVE-2019-4406 - RESERVED +CVE-2019-4406 (IBM Spectrum Protect Backup-Archive Client 7.1 and 8.1 may be vulnerab ...) + TODO: check CVE-2019-4405 RESERVED CVE-2019-4404 @@ -106431,8 +106374,8 @@ CVE-2018-2027 RESERVED CVE-2018-2026 (IBM Financial Transaction Manager 3.2.1 for Digital Payments could all ...) NOT-FOR-US: IBM -CVE-2018-2025 - RESERVED +CVE-2018-2025 (IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect fo ...) + TODO: check CVE-2018-2024 (IBM QRadar SIEM 7.2 and 7.3 specifies permissions for a security-criti ...) NOT-FOR-US: IBM CVE-2018-2023 @@ -216544,8 +216487,7 @@ CVE-2014-9650 (CRLF injection vulnerability in the management plugin in RabbitMQ NOTE: https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-management/commit/b5a5fc31bd49ad821a655ea9e2fe920d670a62ad NOTE: http://www.openwall.com/lists/oss-security/2015/01/21/13 -CVE-2015-1396 [(another) directory traversal via symlinks -- incomplete fix for CVE-2015-1196] - RESERVED +CVE-2015-1396 (A Directory Traversal vulnerability exists in the GNU patch before 2.7 ...) - patch 2.7.3-1 (bug #775901) [wheezy] - patch <not-affected> (Not affected by CVE-2015-1196 and no incomplete fix applied) [squeeze] - patch <not-affected> (Not affected by CVE-2015-1196 and no incomplete fix applied) @@ -239078,8 +239020,7 @@ CVE-2014-2310 (The AgentX subagent in Net-SNMP before 5.4.4 allows remote attack [wheezy] - net-snmp 5.4.3~dfsg-2.8 [squeeze] - net-snmp <no-dsa> (Minor issue) NOTE: http://sourceforge.net/p/net-snmp/patches/1113/ -CVE-2012-6639 - RESERVED +CVE-2012-6639 (An privilege elevation vulnerability exists in Cloud-init before 0.7.0 ...) - cloud-init 0.7.1-1 NOTE: http://article.gmane.org/gmane.comp.security.oss.general/12299 CVE-2014-2280 (Cross-site scripting (XSS) vulnerability in the search feature in Seed ...) @@ -253231,7 +253172,7 @@ CVE-2013-4225 RESERVED NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module CVE-2013-4224 - RESERVED + REJECTED NOTE: Dublicate of CVE-2013-4187, thus rejected CVE-2013-4223 (The Gentoo Nullmailer package before 1.11-r2 uses world-readable permi ...) - nullmailer 1:1.11-2 (low; bug #684619) @@ -267052,8 +266993,7 @@ CVE-2012-5645 - freeciv 2.3.4-1 (low; bug #696306) [squeeze] - freeciv <no-dsa> (Minor issue) [wheezy] - freeciv 2.3.2-1+deb7u1 -CVE-2012-5644 [(Complete) Information disclosure when moving user's home directory] - RESERVED +CVE-2012-5644 (libuser has information disclosure when moving user's home directory ...) - libuser 1:0.60~dfsg-1 (low; bug #705690) [wheezy] - libuser <no-dsa> (Minor issue) [squeeze] - libuser <no-dsa> (Minor issue) @@ -267069,8 +267009,7 @@ CVE-2012-5642 (server/action.py in Fail2ban before 0.8.8 does not properly handl [squeeze] - fail2ban <not-affected> (Introduced in 0.8.6, see #696187) CVE-2012-5641 (Directory traversal vulnerability in the partition2 function in mochiw ...) - couchdb <not-affected> (Only affects CouchDB on Windows) -CVE-2012-5640 [thttpd: Local DoS vulnerability] - RESERVED +CVE-2012-5640 (thttpd has a local DoS vulnerability via specially-crafted .htpasswd f ...) - thttpd <removed> (low) [squeeze] - thttpd <no-dsa> (Minor issue) CVE-2012-5639 @@ -267100,11 +267039,9 @@ CVE-2012-5633 (The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x befor - jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226) CVE-2012-5632 RESERVED -CVE-2012-5631 - RESERVED +CVE-2012-5631 (ipa 3.0 does not properly check server identity before sending credent ...) NOT-FOR-US: FreeIPA -CVE-2012-5630 [TOCTOU race conditions by copying and removing directory trees] - RESERVED +CVE-2012-5630 (libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race co ...) - libuser 1:0.60~dfsg-1 (low; bug #705690) [wheezy] - libuser <no-dsa> (Minor issue) [squeeze] - libuser <no-dsa> (Minor issue) @@ -267144,8 +267081,7 @@ CVE-2012-5619 (The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) CVE-2012-5618 RESERVED NOT-FOR-US: Ushahidi -CVE-2012-5617 [privilege escalation due to improper authentication settings in policykit configuration file] - RESERVED +CVE-2012-5617 (gksu-polkit: permissive PolicyKit policy configuration file allows pri ...) - gksu-polkit <removed> (bug #695807) [squeeze] - gksu-polkit <end-of-life> (Unsupported in squeeze-lts) NOTE: http://www.openwall.com/lists/oss-security/2012/12/12/8 @@ -267252,8 +267188,7 @@ CVE-2012-5583 (phpCAS before 1.3.2 does not verify that the server hostname matc [squeeze] - moodle <no-dsa> (Minor issue) [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy1 NOTE: https://github.com/Jasig/phpCAS/pull/58 -CVE-2012-5582 [opendnssec curl usage] - RESERVED +CVE-2012-5582 (opendnssec misuses libcurl API ...) - opendnssec <not-affected> (eppclient not built in Debian package) NOTE: http://lists.opendnssec.org/pipermail/opendnssec-user/2012-November/002296.html CVE-2012-5581 (Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allow ...) @@ -267269,8 +267204,7 @@ CVE-2012-5580 (Format string vulnerability in the print_proxies function in bin/ NOTE: https://code.google.com/p/libproxy/source/detail?r=475 CVE-2012-5579 REJECTED -CVE-2012-5578 [Python keyring insecure permissions on new databases] - RESERVED +CVE-2012-5578 (Python keyring has insecure permissions on new databases allowing worl ...) - python-keyring 0.9.2-1.1 (bug #696736) [wheezy] - python-keyring 0.7.1-1+deb7u1 [squeeze] - python-keyring <no-dsa> (Minor issue) @@ -267379,8 +267313,7 @@ CVE-2012-5537 (The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal NOT-FOR-US: Drupal contributed-module CVE-2012-5536 (A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat En ...) NOT-FOR-US: Red Hat-specific packaging flaw -CVE-2012-5535 - RESERVED +CVE-2012-5535 (gnome-system-log polkit policy allows arbitrary files on the system to ...) - gnome-system-log <not-affected> (Fedora-specific issue) CVE-2012-5534 (The hook_process function in the plugin API for WeeChat 0.3.0 through ...) {DSA-2598-1} @@ -267404,8 +267337,7 @@ CVE-2012-5529 (TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, - firebird2.1 <not-affected> (Only affects 2.5.x) CVE-2012-5528 RESERVED -CVE-2012-5527 - RESERVED +CVE-2012-5527 (Claws Mail vCalendar plugin: credentials exposed on interface ...) - claws-mail-extra-plugins 3.8.1-2 (unimportant; bug #693391) NOTE: More of a plain bug than a security vulnerability CVE-2012-5526 (CGI.pm module before 3.63 for Perl does not properly escape newlines i ...) @@ -267429,8 +267361,7 @@ CVE-2012-5522 (MantisBT before 1.2.12 does not use an expected default value dur - mantis 1.2.11-1.2 (bug #693283) [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts) NOTE: http://www.mantisbt.org/bugs/view.php?id=14496 -CVE-2012-5521 - RESERVED +CVE-2012-5521 (quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon pe ...) - quagga <unfixed> (unimportant; bug #693102) NOTE: Not reproducible so far CVE-2012-5520 (The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x ...) @@ -267439,8 +267370,7 @@ CVE-2012-5519 (CUPS 1.4.4, when running in certain Linux distributions such as D {DSA-2600-1} - cups 1.5.3-2.7 (bug #692791) NOTE: http://seclists.org/oss-sec/2012/q4/253 -CVE-2012-5518 - RESERVED +CVE-2012-5518 (vdsm: certificate generation upon node creation allowing vdsm to start ...) NOT-FOR-US: ovirt / vsdm CVE-2012-5517 (The online_pages function in mm/memory_hotplug.c in the Linux kernel b ...) - linux 3.2.41-1 @@ -281534,8 +281464,7 @@ CVE-2011-4926 (Cross-site scripting (XSS) vulnerability in adminimize/adminimize NOT-FOR-US: WordPress plugin Adminimize CVE-2011-4925 (Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource ...) - torque <not-affected> (The version in Debian doesn't yet have MUNGE support) -CVE-2011-4924 - RESERVED +CVE-2011-4924 (Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, ...) - zope2.12 2.12.22-1 - zope3 <removed> (low) - zope2.10 <removed> (low) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ea926fa6940e7f7f9d12b0dd5afe5641948a3e85 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ea926fa6940e7f7f9d12b0dd5afe5641948a3e85 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits