Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d34411af by security tracker role at 2019-11-27T08:10:19Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,39 @@ +CVE-2019-19326 + RESERVED +CVE-2019-19325 + RESERVED +CVE-2019-19324 + RESERVED +CVE-2019-19323 + RESERVED +CVE-2019-19322 + RESERVED +CVE-2019-19321 + RESERVED +CVE-2019-19320 + RESERVED +CVE-2019-19319 + RESERVED +CVE-2019-19318 + RESERVED +CVE-2019-19317 + RESERVED +CVE-2019-19316 + RESERVED +CVE-2019-19315 + RESERVED +CVE-2019-19314 + RESERVED +CVE-2019-19313 + RESERVED +CVE-2019-19312 + RESERVED +CVE-2019-19311 + RESERVED +CVE-2019-19310 + RESERVED +CVE-2019-19309 + RESERVED CVE-2019-XXXX [CRLF injection when decoding from http/2 to http/1] - haproxy 2.0.10-1 NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=54f53ef7ce4102be596130b44c768d1818570344 @@ -7386,6 +7422,7 @@ CVE-2019-17547 (In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16537 NOTE: https://github.com/ImageMagick/ImageMagick/commit/ecf7c6b288e11e7e7f75387c5e9e93e423b98397 CVE-2019-17546 (tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0. ...) + {DLA-2009-1} - gdal <unfixed> (unimportant) - tiff 4.0.10+git190818-1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443 @@ -7841,7 +7878,7 @@ CVE-2019-17408 (parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 all NOT-FOR-US: ZZZCMS CVE-2019-17407 RESERVED -CVE-2019-14842 [Remote code execution vulnerability] +CVE-2019-14842 (Structured reply is a feature of the newstyle NBD protocol allowing th ...) - libnbd 1.0.3-1 (bug #942215) NOTE: https://www.redhat.com/archives/libguestfs/2019-October/msg00060.html NOTE: https://github.com/libguestfs/libnbd/commit/f75f602a6361c0c5f42debfeea6980f698ce7f09 (1.1.4) @@ -32651,6 +32688,7 @@ CVE-2019-9435 (In Bluetooth, there is a possible out of bounds read due to a mis CVE-2019-9434 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9433 (In libvpx, there is a possible information disclosure due to improper ...) + {DLA-2012-1} - libvpx 1.8.1-2 NOTE: https://github.com/webmproject/libvpx/commit/52add5896661d186dec284ed646a4b33b607d2c7 CVE-2019-9432 (In Bluetooth, there is a possible out of bounds read due to improper i ...) @@ -33066,6 +33104,7 @@ CVE-2019-9234 (In wpa_supplicant_8, there is a possible out of bounds read due t CVE-2019-9233 (In wpa_supplicant_8, there is a possible out of bounds read due to an ...) NOT-FOR-US: Android CVE-2019-9232 (In libvpx, there is a possible out of bounds read due to a missing bou ...) + {DLA-2012-1} - libvpx 1.8.1-2 NOTE: https://github.com/webmproject/libvpx/commit/46e17f0cb4a80b36755c84b8bf15731d3386c08f CVE-2019-9231 (An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M80 ...) @@ -41235,6 +41274,7 @@ CVE-2019-6129 (** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 h NOTE: https://github.com/glennrp/libpng/issues/269 NOTE: Memory leak in CLI tool, no security impact CVE-2019-6128 (The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory l ...) + {DLA-2009-1} - tiff 4.0.10-4 (bug #921157; unimportant) - tiff3 <removed> (unimportant) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2836 @@ -60419,6 +60459,7 @@ CVE-2018-18662 (There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700043 NOTE: http://git.ghostscript.com/?p=mupdf.git;h=164ddc22ee0d5b63a81d5148f44c37dd132a9356 CVE-2018-18661 (An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dere ...) + {DLA-2009-1} - tiff 4.0.10-1 (unimportant; bug #912012) - tiff3 <removed> (unimportant) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2819 @@ -75387,6 +75428,7 @@ CVE-2018-12902 (In Easy Magazine through 2012-10-26, there is XSS in the search CVE-2018-12901 (A vulnerability in the conferencing component of Mitel ST 14.2, versio ...) NOT-FOR-US: Mitel CVE-2018-12900 (Heap-based buffer overflow in the cpSeparateBufToContigBuf function in ...) + {DLA-2009-1} - tiff 4.0.10-4 (bug #902718) [stretch] - tiff <postponed> (Minor issue, can be fixed along in future DSA) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2798 @@ -111039,7 +111081,7 @@ CVE-2017-17092 (wp-includes/functions.php in WordPress before 4.9.1 does not req NOTE: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509 NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/ CVE-2017-17095 (tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to ...) - {DSA-4349-1} + {DSA-4349-1 DLA-2009-1} - tiff 4.0.9-5 (unimportant; bug #883320) - tiff3 <removed> (unimportant) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2750 @@ -173820,7 +173862,7 @@ CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ext/zip NOTE: http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6296 (Integer signedness error in the simplestring_addn function in simplest ...) - {DSA-3631-1 DLA-628-1 DLA-569-1} + {DSA-3631-1 DLA-2011-1 DLA-628-1 DLA-569-1} - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72606 @@ -176973,7 +177015,7 @@ CVE-2016-5340 (The is_ashmem_file function in drivers/staging/android/ashmem.c i CVE-2016-5339 RESERVED CVE-2014-9862 (Integer signedness error in bspatch.c in bspatch in bsdiff, as used in ...) - {DLA-697-1} + {DLA-2010-1 DLA-697-1} - bsdiff 4.3-17 NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=372525 CVE-2016-5361 (programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial ...) @@ -204452,7 +204494,7 @@ CVE-2015-5156 (The virtnet_probe function in drivers/net/virtio_net.c in the Lin - linux-2.6 <removed> NOTE: http://marc.info/?l=linux-netdev&m=143868216724068&w=2 CVE-2015-5155 [Packet with crafted "nextoffset" and "extid" values causes DoS] - RESERVED + REJECTED - openslp-dfsg 1.2.1-8 (bug #623551) [squeeze] - openslp-dfsg 1.2.1-7.8+deb6u1 NOTE: duplicate of CVE-2010-3609 @@ -283830,8 +283872,7 @@ CVE-2011-4312 (Multiple cross-site scripting (XSS) vulnerabilities in the commen NOT-FOR-US: Review Board CVE-2011-4311 (ResourceSpace before 4.2.2833 does not properly validate access keys, ...) NOT-FOR-US: ResourceSpace -CVE-2011-4310 - RESERVED +CVE-2011-4310 (The news module in CMSMS before 1.9.4.3 allows remote attackers to cor ...) - cmsms <itp> (bug #608888) CVE-2011-4309 (Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attacke ...) - moodle <not-affected> (Only affects 2.x) @@ -290983,8 +291024,7 @@ CVE-2011-1940 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin - phpmyadmin 4:3.4.1-1 [lenny] - phpmyadmin <not-affected> (3.3.x+ only) [squeeze] - phpmyadmin <no-dsa> (may be bundled with future issues) -CVE-2011-1939 - RESERVED +CVE-2011-1939 (SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and ...) - zendframework 1.11.6-1 (low) [squeeze] - zendframework <no-dsa> (Minor issue) CVE-2011-1938 (Stack-based buffer overflow in the socket_connect function in ext/sock ...) @@ -291000,13 +291040,11 @@ CVE-2011-1935 (pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d [squeeze] - libpcap 1.1.1-2+squeeze1 [lenny] - libpcap <not-affected> NOTE: <878vsbyviu....@silenus.orebokech.com> -CVE-2011-1934 [lilo: lilo.conf world-readable] - RESERVED +CVE-2011-1934 (lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1. ...) - lilo 23.1-2 (low; bug #615103) [squeeze] - lilo <not-affected> (Introduced in 23.1) [lenny] - lilo <not-affected> (Introduced in 23.1) -CVE-2011-1933 - RESERVED +CVE-2011-1933 (SQL injection vulnerability in Jifty::DBI before 0.68. ...) - libjifty-dbi-perl 0.68-1 (low; bug #622919) [squeeze] - libjifty-dbi-perl 0.60-1+squeeze1 CVE-2011-1932 (Directory traversal vulnerability in io/filesystem/filesystem.cc in Wi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d34411af943a20e1f782d2fd3a694052f80fef17 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d34411af943a20e1f782d2fd3a694052f80fef17 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits