[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 27 Nov 2019 00:11:13 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d34411af by security tracker role at 2019-11-27T08:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2019-19326
+       RESERVED
+CVE-2019-19325
+       RESERVED
+CVE-2019-19324
+       RESERVED
+CVE-2019-19323
+       RESERVED
+CVE-2019-19322
+       RESERVED
+CVE-2019-19321
+       RESERVED
+CVE-2019-19320
+       RESERVED
+CVE-2019-19319
+       RESERVED
+CVE-2019-19318
+       RESERVED
+CVE-2019-19317
+       RESERVED
+CVE-2019-19316
+       RESERVED
+CVE-2019-19315
+       RESERVED
+CVE-2019-19314
+       RESERVED
+CVE-2019-19313
+       RESERVED
+CVE-2019-19312
+       RESERVED
+CVE-2019-19311
+       RESERVED
+CVE-2019-19310
+       RESERVED
+CVE-2019-19309
+       RESERVED
 CVE-2019-XXXX [CRLF injection when decoding from http/2 to http/1]
        - haproxy 2.0.10-1
        NOTE: 
https://git.haproxy.org/?p=haproxy.git;a=commit;h=54f53ef7ce4102be596130b44c768d1818570344
@@ -7386,6 +7422,7 @@ CVE-2019-17547 (In ImageMagick before 7.0.8-62, 
TraceBezier in MagickCore/draw.c
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16537
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/ecf7c6b288e11e7e7f75387c5e9e93e423b98397
 CVE-2019-17546 (tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL 
through 3.0. ...)
+       {DLA-2009-1}
        - gdal <unfixed> (unimportant)
        - tiff 4.0.10+git190818-1
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443
@@ -7841,7 +7878,7 @@ CVE-2019-17408 (parserIfLabel in inc/zzz_template.php in 
ZZZCMS zzzphp 1.7.3 all
        NOT-FOR-US: ZZZCMS
 CVE-2019-17407
        RESERVED
-CVE-2019-14842 [Remote code execution vulnerability]
+CVE-2019-14842 (Structured reply is a feature of the newstyle NBD protocol 
allowing th ...)
        - libnbd 1.0.3-1 (bug #942215)
        NOTE: 
https://www.redhat.com/archives/libguestfs/2019-October/msg00060.html
        NOTE: 
https://github.com/libguestfs/libnbd/commit/f75f602a6361c0c5f42debfeea6980f698ce7f09
 (1.1.4)
@@ -32651,6 +32688,7 @@ CVE-2019-9435 (In Bluetooth, there is a possible out of 
bounds read due to a mis
 CVE-2019-9434 (In Bluetooth, there is a possible out of bounds read due to a 
missing  ...)
        NOT-FOR-US: Android
 CVE-2019-9433 (In libvpx, there is a possible information disclosure due to 
improper  ...)
+       {DLA-2012-1}
        - libvpx 1.8.1-2
        NOTE: 
https://github.com/webmproject/libvpx/commit/52add5896661d186dec284ed646a4b33b607d2c7
 CVE-2019-9432 (In Bluetooth, there is a possible out of bounds read due to 
improper i ...)
@@ -33066,6 +33104,7 @@ CVE-2019-9234 (In wpa_supplicant_8, there is a possible 
out of bounds read due t
 CVE-2019-9233 (In wpa_supplicant_8, there is a possible out of bounds read due 
to an  ...)
        NOT-FOR-US: Android
 CVE-2019-9232 (In libvpx, there is a possible out of bounds read due to a 
missing bou ...)
+       {DLA-2012-1}
        - libvpx 1.8.1-2
        NOTE: 
https://github.com/webmproject/libvpx/commit/46e17f0cb4a80b36755c84b8bf15731d3386c08f
 CVE-2019-9231 (An issue was discovered on AudioCodes Mediant 500L-MSBR, 
500-MBSR, M80 ...)
@@ -41235,6 +41274,7 @@ CVE-2019-6129 (** DISPUTED ** png_create_info_struct in 
png.c in libpng 1.6.36 h
        NOTE: https://github.com/glennrp/libpng/issues/269
        NOTE: Memory leak in CLI tool, no security impact
 CVE-2019-6128 (The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a 
memory l ...)
+       {DLA-2009-1}
        - tiff 4.0.10-4 (bug #921157; unimportant)
        - tiff3 <removed> (unimportant)
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2836
@@ -60419,6 +60459,7 @@ CVE-2018-18662 (There is an out-of-bounds read in 
fz_run_t3_glyph in fitz/font.c
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700043
        NOTE: 
http://git.ghostscript.com/?p=mupdf.git;h=164ddc22ee0d5b63a81d5148f44c37dd132a9356
 CVE-2018-18661 (An issue was discovered in LibTIFF 4.0.9. There is a NULL 
pointer dere ...)
+       {DLA-2009-1}
        - tiff 4.0.10-1 (unimportant; bug #912012)
        - tiff3 <removed> (unimportant)
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2819
@@ -75387,6 +75428,7 @@ CVE-2018-12902 (In Easy Magazine through 2012-10-26, 
there is XSS in the search
 CVE-2018-12901 (A vulnerability in the conferencing component of Mitel ST 
14.2, versio ...)
        NOT-FOR-US: Mitel
 CVE-2018-12900 (Heap-based buffer overflow in the cpSeparateBufToContigBuf 
function in ...)
+       {DLA-2009-1}
        - tiff 4.0.10-4 (bug #902718)
        [stretch] - tiff <postponed> (Minor issue, can be fixed along in future 
DSA)
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2798
@@ -111039,7 +111081,7 @@ CVE-2017-17092 (wp-includes/functions.php in 
WordPress before 4.9.1 does not req
        NOTE: 
https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
        NOTE: 
https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
 CVE-2017-17095 (tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote 
attackers to ...)
-       {DSA-4349-1}
+       {DSA-4349-1 DLA-2009-1}
        - tiff 4.0.9-5 (unimportant; bug #883320)
        - tiff3 <removed> (unimportant)
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2750
@@ -173820,7 +173862,7 @@ CVE-2016-6297 (Integer overflow in the 
php_stream_zip_opener function in ext/zip
        NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9
        NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
 CVE-2016-6296 (Integer signedness error in the simplestring_addn function in 
simplest ...)
-       {DSA-3631-1 DLA-628-1 DLA-569-1}
+       {DSA-3631-1 DLA-2011-1 DLA-628-1 DLA-569-1}
        - php7.0 7.0.9-1
        - php5 5.6.24+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/72606
@@ -176973,7 +177015,7 @@ CVE-2016-5340 (The is_ashmem_file function in 
drivers/staging/android/ashmem.c i
 CVE-2016-5339
        RESERVED
 CVE-2014-9862 (Integer signedness error in bspatch.c in bspatch in bsdiff, as 
used in ...)
-       {DLA-697-1}
+       {DLA-2010-1 DLA-697-1}
        - bsdiff 4.3-17
        NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=372525
 CVE-2016-5361 (programs/pluto/ikev1.c in libreswan before 3.17 retransmits in 
initial ...)
@@ -204452,7 +204494,7 @@ CVE-2015-5156 (The virtnet_probe function in 
drivers/net/virtio_net.c in the Lin
        - linux-2.6 <removed>
        NOTE: http://marc.info/?l=linux-netdev&m=143868216724068&w=2
 CVE-2015-5155 [Packet with crafted "nextoffset" and "extid" values causes DoS]
-       RESERVED
+       REJECTED
        - openslp-dfsg 1.2.1-8 (bug #623551)
        [squeeze] - openslp-dfsg 1.2.1-7.8+deb6u1
        NOTE: duplicate of CVE-2010-3609
@@ -283830,8 +283872,7 @@ CVE-2011-4312 (Multiple cross-site scripting (XSS) 
vulnerabilities in the commen
        NOT-FOR-US: Review Board
 CVE-2011-4311 (ResourceSpace before 4.2.2833 does not properly validate access 
keys,  ...)
        NOT-FOR-US: ResourceSpace
-CVE-2011-4310
-       RESERVED
+CVE-2011-4310 (The news module in CMSMS before 1.9.4.3 allows remote attackers 
to cor ...)
        - cmsms <itp> (bug #608888)
 CVE-2011-4309 (Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote 
attacke ...)
        - moodle <not-affected> (Only affects 2.x)
@@ -290983,8 +291024,7 @@ CVE-2011-1940 (Multiple cross-site scripting (XSS) 
vulnerabilities in phpMyAdmin
        - phpmyadmin 4:3.4.1-1
        [lenny] - phpmyadmin <not-affected> (3.3.x+ only)
        [squeeze] - phpmyadmin <no-dsa> (may be bundled with future issues)
-CVE-2011-1939
-       RESERVED
+CVE-2011-1939 (SQL injection vulnerability in Zend Framework 1.10.x before 
1.10.9 and ...)
        - zendframework 1.11.6-1 (low)
        [squeeze] - zendframework <no-dsa> (Minor issue)
 CVE-2011-1938 (Stack-based buffer overflow in the socket_connect function in 
ext/sock ...)
@@ -291000,13 +291040,11 @@ CVE-2011-1935 (pcap-linux.c in libpcap 1.1.1 before 
commit ea9432fabdf4b33cbc76d
        [squeeze] - libpcap 1.1.1-2+squeeze1
        [lenny] - libpcap <not-affected>
        NOTE: <878vsbyviu....@silenus.orebokech.com>
-CVE-2011-1934 [lilo: lilo.conf world-readable]
-       RESERVED
+CVE-2011-1934 (lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 
23.1. ...)
        - lilo 23.1-2 (low; bug #615103)
        [squeeze] - lilo <not-affected> (Introduced in 23.1)
        [lenny] - lilo <not-affected> (Introduced in 23.1)
-CVE-2011-1933
-       RESERVED
+CVE-2011-1933 (SQL injection vulnerability in Jifty::DBI before 0.68. ...)
        - libjifty-dbi-perl 0.68-1 (low; bug #622919)
        [squeeze] - libjifty-dbi-perl 0.60-1+squeeze1
 CVE-2011-1932 (Directory traversal vulnerability in 
io/filesystem/filesystem.cc in Wi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d34411af943a20e1f782d2fd3a694052f80fef17

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d34411af943a20e1f782d2fd3a694052f80fef17
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to