[Git][security-tracker-team/security-tracker][master] Several chroimium issues fixed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 174d0af1 by Salvatore Bonaccorso at 2019-12-12T07:01:21Z Several chroimium issues fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22720,85 +22720,85 @@ CVE-2019-13766 CVE-2019-13765 RESERVED CVE-2019-13764 (Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 al ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13763 (Insufficient policy enforcement in payments in Google Chrome prior to ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13762 (Insufficient policy enforcement in downloads in Google Chrome on Windo ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13761 (Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.7 ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13760 RESERVED CVE-2019-13759 (Incorrect security UI in interstitials in Google Chrome prior to 79.0. ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13758 (Insufficient policy enforcement in navigation in Google Chrome on Andr ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13757 (Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.7 ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13756 (Incorrect security UI in printing in Google Chrome prior to 79.0.3945. ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13755 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13754 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13753 (Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 al ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13752 (Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 al ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13751 (Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 al ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13750 (Insufficient data validation in SQLite in Google Chrome prior to 79.0. ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13749 (Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0 ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13748 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13747 (Uninitialized data in rendering in Google Chrome on Android prior to 7 ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13746 (Insufficient policy enforcement in Omnibox in Google Chrome prior to 7 ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13745 (Insufficient policy enforcement in audio in Google Chrome prior to 79. ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13744 (Insufficient policy enforcement in cookies in Google Chrome prior to 7 ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13743 (Incorrect security UI in external protocol handling in Google Chrome p ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13742 (Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0 ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13741 (Insufficient validation of untrusted input in Blink in Google Chrome p ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13740 (Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.7 ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13739 (Insufficient policy enforcement in Omnibox in Google Chrome prior to 7 ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13738 (Insufficient policy enforcement in navigation in Google Chrome prior t ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13737 (Insufficient policy enforcement in autocomplete in Google Chrome prior ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13736 (Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allo ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13735 (Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945. ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13734 (Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 a ...) - - chromium + - chromium 79.0.3945.79-1 CVE-2019-13733 RESERVED CVE-2019-13732 (Use-after-free in WebAudio in Google Chrome prior
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19339 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2063a1b1 by Salvatore Bonaccorso at 2019-12-12T06:28:11Z Add CVE-2019-19339 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3762,6 +3762,7 @@ CVE-2019-19340 RESERVED CVE-2019-19339 RESERVED + NOT-FOR-US: Red Hat specific kpatch update which was incomplete to address CVE-2018-12207 CVE-2019-19338 [KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)] RESERVED - linux (Only affects specific distro kernels which do not include commit e1d38b63acd8) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2063a1b19873e23b7f744c8ecb4e2f1f443dd6eb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2063a1b19873e23b7f744c8ecb4e2f1f443dd6eb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-19687/keystone
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4cc58e66 by Salvatore Bonaccorso at 2019-12-11T22:15:34Z Add Debian bug reference for CVE-2019-19687/keystone - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1324,7 +1324,7 @@ CVE-2019-19689 CVE-2019-19688 RESERVED CVE-2019-19687 (OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in th ...) - - keystone + - keystone (bug #946614) [buster] - keystone (Vulnerable code introduced later) [stretch] - keystone (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2019/12/11/8 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4cc58e6654eaaeecc6e75a8642925e54928fd321 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4cc58e6654eaaeecc6e75a8642925e54928fd321 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2019-14870 as no-dsa for jessie
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 53275b5d by Thorsten Alteholz at 2019-12-11T21:43:42Z mark CVE-2019-14870 as no-dsa for jessie - - - - - 709ed0da by Thorsten Alteholz at 2019-12-11T21:44:13Z mark CVE-2019-14861 as no-dsa for jessie - - - - - 3a04f424 by Thorsten Alteholz at 2019-12-11T21:47:40Z mark CVEs for libsixel as no-dsa in jessie - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1433,21 +1433,25 @@ CVE-2019-19638 (An issue was discovered in libsixel 1.8.2. There is a heap-based - libsixel [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) + [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/102 CVE-2019-19637 (An issue was discovered in libsixel 1.8.2. There is an integer overflo ...) - libsixel [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) + [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/105 CVE-2019-19636 (An issue was discovered in libsixel 1.8.2. There is an integer overflo ...) - libsixel [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) + [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/104 CVE-2019-19635 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...) - libsixel [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) + [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/103 CVE-2019-19634 RESERVED @@ -19141,9 +19145,11 @@ CVE-2019-14870 (All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 an - samba [buster] - samba (Minor issue) [stretch] - samba (Minor issue) + [jessie] - samba (Minor issue) - heimdal [buster] - heimdal (Minor issue) [stretch] - heimdal (Minor issue) + [jessie] - heimdal (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2019-14870.html NOTE: https://github.com/heimdal/heimdal/pull/663 NOTE: https://github.com/heimdal/heimdal/pull/664 (port to 7.1 branch) @@ -19199,6 +19205,7 @@ CVE-2019-14861 (All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 an - samba [buster] - samba (Minor issue) [stretch] - samba (Minor issue) + [jessie] - samba (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2019-14861.html CVE-2019-14860 (It was found that the Syndesis configuration for Cross-Origin Resource ...) NOT-FOR-US: Syndesis View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e8822ae813b90c9ce772ee7fb27a188ca5504c8e...3a04f424ce81b6073cc344051b040b4c90491e0b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e8822ae813b90c9ce772ee7fb27a188ca5504c8e...3a04f424ce81b6073cc344051b040b4c90491e0b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19687/keystone
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e8822ae8 by Salvatore Bonaccorso at 2019-12-11T21:37:51Z Add CVE-2019-19687/keystone - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1324,7 +1324,11 @@ CVE-2019-19689 CVE-2019-19688 RESERVED CVE-2019-19687 (OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in th ...) - TODO: check + - keystone + [buster] - keystone (Vulnerable code introduced later) + [stretch] - keystone (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2019/12/11/8 + NOTE: https://bugs.launchpad.net/keystone/+bug/1855080 CVE-2019-19686 RESERVED CVE-2019-19685 (RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e8822ae813b90c9ce772ee7fb27a188ca5504c8e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e8822ae813b90c9ce772ee7fb27a188ca5504c8e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-19645/sqlite3
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e17bd477 by Salvatore Bonaccorso at 2019-12-11T21:29:20Z Add Debian bug reference for CVE-2019-19645/sqlite3 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1411,7 +1411,7 @@ CVE-2019-19646 (pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an inte NOTE: https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3 NOTE: https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd CVE-2019-19645 (alter.c in SQLite through 3.30.1 allows attackers to trigger infinite ...) - - sqlite3 + - sqlite3 (bug #946612) NOTE: https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06 CVE-2019-19644 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e17bd477b691bdf588ae78e66690a8ce3f9d307c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e17bd477b691bdf588ae78e66690a8ce3f9d307c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1da36d89 by Salvatore Bonaccorso at 2019-12-11T20:55:48Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1398,9 +1398,9 @@ CVE-2019-19652 CVE-2019-19651 RESERVED CVE-2019-19650 (Zoho ManageEngine Applications Manager before 13640 allows a remote au ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2019-19649 (Zoho ManageEngine Applications Manager before 13620 allows a remote un ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2019-19648 (In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, ...) - yara NOTE: https://github.com/VirusTotal/yara/issues/1178 @@ -3535,7 +3535,7 @@ CVE-2019-19375 (In Octopus Deploy before 2019.10.7, in a configuration where SSL CVE-2019-19374 RESERVED CVE-2019-19373 (An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5. ...) - TODO: check + NOT-FOR-US: Squiz Matrix CMS CVE-2019-19372 (** DISPUTED ** A downloadFile.php download_file path traversal vulnera ...) NOT-FOR-US: rConfig CVE-2019-19371 @@ -4780,7 +4780,7 @@ CVE-2019-18962 CVE-2019-18961 RESERVED CVE-2019-18960 (AWS Firecracker through v0.19.0 has a Buffer Overflow. ...) - TODO: check + NOT-FOR-US: AWS Firecracker CVE-2019-18959 RESERVED CVE-2019-18958 (Nitro Pro before 13.2 creates a debug.log file in the directory where ...) @@ -4830,7 +4830,7 @@ CVE-2019-18937 (eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Par CVE-2019-18936 RESERVED CVE-2019-18935 (Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .N ...) - TODO: check + NOT-FOR-US: Progress Telerik UI for ASP.NET AJAX CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec modul ...) - unbound (unimportant) [stretch] - unbound (ipsecmod module introduced later) @@ -8539,11 +8539,11 @@ CVE-2019-18381 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to CVE-2019-18380 (Symantec Industrial Control System Protection (ICSP), versions 6.x.x, ...) NOT-FOR-US: Symantec CVE-2019-18379 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a s ...) - TODO: check + NOT-FOR-US: Symantec CVE-2019-18378 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a c ...) - TODO: check + NOT-FOR-US: Symantec CVE-2019-18377 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a p ...) - TODO: check + NOT-FOR-US: Symantec CVE-2019-18376 RESERVED CVE-2019-18375 @@ -12185,7 +12185,7 @@ CVE-2019-17272 (All versions of ONTAP Select Deploy administration utility are s CVE-2019-17271 (vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList ...) NOT-FOR-US: vBulletin CVE-2019-17270 (Yachtcontrol through 2019-10-06: It's possible to perform direct Opera ...) - TODO: check + NOT-FOR-US: Yachtcontrol CVE-2019-17269 (Intellian Remote Access 3.18 allows remote attackers to execute arbitr ...) NOT-FOR-US: Intellian Remote Access CVE-2019-17268 @@ -18682,11 +18682,11 @@ CVE-2019-15011 CVE-2019-15010 RESERVED CVE-2019-15009 (The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and ...) - TODO: check + NOT-FOR-US: Atlassian Fisheye and Crucible CVE-2019-15008 (The /plugins/servlet/branchreview resource in Atlassian Fisheye and Cr ...) - TODO: check + NOT-FOR-US: Atlassian Fisheye and Crucible CVE-2019-15007 (The review resource in Atlassian Fisheye and Crucible before version 4 ...) - TODO: check + NOT-FOR-US: Atlassian Fisheye and Crucible CVE-2019-15006 RESERVED CVE-2019-15005 (The Atlassian Troubleshooting and Support Tools plugin prior to versio ...) @@ -21624,7 +21624,7 @@ CVE-2019-14253 (An issue was discovered in servletcontroller in the secure porta CVE-2019-14252 (An issue was discovered in the secure portal in Publisure 2.1.2. Once ...) NOT-FOR-US: Publisure CVE-2019-14251 (An issue was discovered in T24 in TEMENOS Channels R15.01. The login p ...) - TODO: check + NOT-FOR-US: T24 in TEMENOS Channels R15.01 CVE-2019-14250 (An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...) - binutils 2.33-1 (unimportant) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924 @@ -59291,71 +59291,71 @@ CVE-2019-1492 CVE-2019-1491 RESERVED CVE-2019-1490 (A spoofing vulnerability exists when a Skype for Business Server does ...) - TODO: check + NOT-FOR-US: Skype CVE-2019-1489 (An information disclosure vulnerability exists when the Windows Remote ...) -
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19725/sysstat
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d042c0f6 by Salvatore Bonaccorso at 2019-12-11T20:29:42Z Add CVE-2019-19725/sysstat - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,9 @@ CVE-2019-19726 RESERVED CVE-2019-19725 (sysstat through 12.2.0 has a double free in check_file_actlst in sa_co ...) - TODO: check + - sysstat + NOTE: https://github.com/sysstat/sysstat/issues/242 + NOTE: https://github.com/sysstat/sysstat/commit/a5c8abd4a481ee6e27a3acf00e6d9b0f023e20ed CVE-2019-19724 RESERVED CVE-2019-19723 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d042c0f687256328654c346a12f7cfe42d2210f9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d042c0f687256328654c346a12f7cfe42d2210f9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fc3bcb8f by Salvatore Bonaccorso at 2019-12-11T20:25:44Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -48847,7 +48847,7 @@ CVE-2019-4717 CVE-2019-4716 RESERVED CVE-2019-4715 (IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated atta ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4714 RESERVED CVE-2019-4713 @@ -48947,7 +48947,7 @@ CVE-2019-4667 CVE-2019-4666 RESERVED CVE-2019-4665 (IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4664 RESERVED CVE-2019-4663 (IBM WebSphere Application Server - Liberty is vulnerable to cross-site ...) @@ -252780,7 +252780,7 @@ CVE-2013-5980 CVE-2013-5979 (Directory traversal vulnerability in Spring Signage Xibo 1.2.x before ...) NOT-FOR-US: Xibo CVE-2013-5978 (Multiple cross-site scripting (XSS) vulnerabilities in products.php in ...) - TODO: check + NOT-FOR-US: Cart66 Lite plugin for WordPress CVE-2013-5977 (Cross-site request forgery (CSRF) vulnerability in Cart66Product.php i ...) NOT-FOR-US: Cart66 Lite plugin for WordPress CVE-2013-5976 (Cross-site scripting (XSS) vulnerability in the access policy logout p ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc3bcb8f2207c98ae11038c2a504f0485aab445c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc3bcb8f2207c98ae11038c2a504f0485aab445c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove obsolete WIP note
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: b47aee0f by Utkarsh Gupta at 2019-12-11T20:15:48Z Remove obsolete WIP note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -46,7 +46,6 @@ libexif libjackson-json-java (Adrian Bunk) -- libjpeg-turbo - NOTE: 20191118: WIP. (utkarsh2102) NOTE: 20191125: Huh, too big a patch; checking what works and what doesn't. (utkarsh2102) -- libmatio (Adrian Bunk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b47aee0fdc3e74cd3a6c86d60a240cb71b1b1123 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b47aee0fdc3e74cd3a6c86d60a240cb71b1b1123 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1150583d by security tracker role at 2019-12-11T20:10:27Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,15 @@ +CVE-2019-19726 + RESERVED +CVE-2019-19725 (sysstat through 12.2.0 has a double free in check_file_actlst in sa_co ...) + TODO: check +CVE-2019-19724 + RESERVED +CVE-2019-19723 + RESERVED +CVE-2019-19722 + RESERVED +CVE-2019-19721 + RESERVED CVE-2020-3109 RESERVED CVE-2020-3108 @@ -1383,10 +1395,10 @@ CVE-2019-19652 RESERVED CVE-2019-19651 RESERVED -CVE-2019-19650 - RESERVED -CVE-2019-19649 - RESERVED +CVE-2019-19650 (Zoho ManageEngine Applications Manager before 13640 allows a remote au ...) + TODO: check +CVE-2019-19649 (Zoho ManageEngine Applications Manager before 13620 allows a remote un ...) + TODO: check CVE-2019-19648 (In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, ...) - yara NOTE: https://github.com/VirusTotal/yara/issues/1178 @@ -2598,28 +2610,22 @@ CVE-2019-19585 RESERVED CVE-2019-19584 RESERVED -CVE-2019-19583 [VMX: VMentry failure with debug exceptions and blocked states] - RESERVED +CVE-2019-19583 (An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH gue ...) - xen NOTE: https://xenbits.xen.org/xsa/advisory-308.html -CVE-2019-19582 - RESERVED +CVE-2019-19582 (An issue was discovered in Xen through 4.12.x allowing x86 guest OS us ...) - xen NOTE: https://xenbits.xen.org/xsa/advisory-307.html -CVE-2019-19581 - RESERVED +CVE-2019-19581 (An issue was discovered in Xen through 4.12.x allowing 32-bit Arm gues ...) - xen NOTE: https://xenbits.xen.org/xsa/advisory-307.html -CVE-2019-19580 - RESERVED +CVE-2019-19580 (An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS ...) - xen NOTE: https://xenbits.xen.org/xsa/advisory-310.html -CVE-2019-19578 - RESERVED +CVE-2019-19578 (An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS ...) - xen NOTE: https://xenbits.xen.org/xsa/advisory-309.html -CVE-2019-19577 - RESERVED +CVE-2019-19577 (An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM gue ...) - xen NOTE: https://xenbits.xen.org/xsa/advisory-311.html CVE-2019-19579 (An issue was discovered in Xen through 4.12.x allowing attackers to ga ...) @@ -3526,8 +3532,8 @@ CVE-2019-19375 (In Octopus Deploy before 2019.10.7, in a configuration where SSL NOT-FOR-US: Octopus Deploy CVE-2019-19374 RESERVED -CVE-2019-19373 - RESERVED +CVE-2019-19373 (An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5. ...) + TODO: check CVE-2019-19372 (** DISPUTED ** A downloadFile.php download_file path traversal vulnera ...) NOT-FOR-US: rConfig CVE-2019-19371 @@ -4771,8 +4777,8 @@ CVE-2019-18962 RESERVED CVE-2019-18961 RESERVED -CVE-2019-18960 - RESERVED +CVE-2019-18960 (AWS Firecracker through v0.19.0 has a Buffer Overflow. ...) + TODO: check CVE-2019-18959 RESERVED CVE-2019-18958 (Nitro Pro before 13.2 creates a debug.log file in the directory where ...) @@ -4821,8 +4827,8 @@ CVE-2019-18937 (eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Par NOT-FOR-US: eQ-3 Homematic CVE-2019-18936 RESERVED -CVE-2019-18935 - RESERVED +CVE-2019-18935 (Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .N ...) + TODO: check CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec modul ...) - unbound (unimportant) [stretch] - unbound (ipsecmod module introduced later) @@ -8530,12 +8536,12 @@ CVE-2019-18381 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to NOT-FOR-US: Norton Password Manager CVE-2019-18380 (Symantec Industrial Control System Protection (ICSP), versions 6.x.x, ...) NOT-FOR-US: Symantec -CVE-2019-18379 - RESERVED -CVE-2019-18378 - RESERVED -CVE-2019-18377 - RESERVED +CVE-2019-18379 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a s ...) + TODO: check +CVE-2019-18378 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a c ...) + TODO: check +CVE-2019-18377 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a p ...) + TODO: check CVE-2019-18376 RESERVED CVE-2019-18375 @@ -12018,6 +12024,7 @@ CVE-2019-17359 (The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can NOTE: https://github.com/bcgit/bc-java/commit/b1bc75254f5fea633a49a751a1a7339056f97856 CVE-2019-17358 RESERVED +
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-1209{4,5}/php-horde as no-dsa for buster and stretch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7bd7f641 by Salvatore Bonaccorso at 2019-12-11T20:06:44Z Mark CVE-2019-1209{4,5}/php-horde as no-dsa for buster and stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -28289,10 +28289,14 @@ CVE-2019-12095 (Horde Trean, as used in Horde Groupware Webmail Edition through [buster] - php-horde-trean (Minor issue) [stretch] - php-horde-trean (Minor issue) - php-horde 5.2.21+debian0-1 + [buster] - php-horde (Minor issue; can be fixed via point release) + [stretch] - php-horde (Minor issue; can be fixed via point release) NOTE: https://github.com/horde/base/commit/81a7b53973506856db67e7f0b0263be29528aa75 NOTE: https://bugs.horde.org/ticket/14926 (for the stored XSS) CVE-2019-12094 (Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin ...) - php-horde + [buster] - php-horde (Minor issue) + [stretch] - php-horde (Minor issue) NOTE: https://bugs.horde.org/ticket/14926 (for the reflected XSS) CVE-2019-12093 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7bd7f641ab8eec978c4f501f5ba8b3170cdb5aa4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7bd7f641ab8eec978c4f501f5ba8b3170cdb5aa4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-12095/php-horde-trean as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 001240fb by Salvatore Bonaccorso at 2019-12-11T20:05:16Z Mark CVE-2019-12095/php-horde-trean as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -28286,6 +28286,8 @@ CVE-2019-12096 RESERVED CVE-2019-12095 (Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 ...) - php-horde-trean + [buster] - php-horde-trean (Minor issue) + [stretch] - php-horde-trean (Minor issue) - php-horde 5.2.21+debian0-1 NOTE: https://github.com/horde/base/commit/81a7b53973506856db67e7f0b0263be29528aa75 NOTE: https://bugs.horde.org/ticket/14926 (for the stored XSS) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/001240fb0efa4ebdab383a2e8199194995fc7af7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/001240fb0efa4ebdab383a2e8199194995fc7af7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update entry for intel-microcode
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 583a51a0 by Salvatore Bonaccorso at 2019-12-11T20:04:10Z Update entry for intel-microcode - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -30,7 +30,7 @@ glusterfs/oldstable graphicsmagick/oldstable -- intel-microcode (carnil) - Followup for more support for other CPUs pending + Followup for more support for other CPUs pending, regression fixes, wait for more information -- jruby/oldstable -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/583a51a061cd029a7540f97765961c970ed27d50 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/583a51a061cd029a7540f97765961c970ed27d50 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19603/sqlite3
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aba0e2ac by Salvatore Bonaccorso at 2019-12-11T20:03:09Z Add CVE-2019-19603/sqlite3 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1520,7 +1520,8 @@ CVE-2019-19604 (Arbitrary command execution is possible in Git before 2.20.2, 2. NOTE: by the bug. NOTE: https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md CVE-2019-19603 (SQLite 3.30.1, during handling of CREATE TABLE and CREATE VIEW stateme ...) - TODO: check + - sqlite3 + NOTE: https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13 CVE-2019-19601 (OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of ...) - texlive-bin NOTE: https://github.com/pkubowicz/opendetex/issues/60 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aba0e2ac966de8b40bb3fe440c5f217613e2fdde -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aba0e2ac966de8b40bb3fe440c5f217613e2fdde You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6ac4f695 by Salvatore Bonaccorso at 2019-12-11T19:59:20Z Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1226,7 +1226,7 @@ CVE-2019-19709 (MediaWiki through 1.33.1 allows attackers to bypass the Title_bl CVE-2019-19708 (The VisualEditor extension through 1.34 for MediaWiki allows XSS via p ...) TODO: check CVE-2019-19707 (On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware thr ...) - TODO: check + NOT-FOR-US: Moxa CVE-2019-19706 RESERVED CVE-2019-19705 @@ -1236,7 +1236,7 @@ CVE-2019-19704 CVE-2019-19703 (In Ktor through 1.2.6, the client resends data from the HTTP Authoriza ...) TODO: check CVE-2019-19702 (The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML Ext ...) - TODO: check + NOT-FOR-US: Modoboa CVE-2018-21033 RESERVED CVE-2018-21032 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6ac4f69546df68232761fcf1679f23b51fe3a1b9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6ac4f69546df68232761fcf1679f23b51fe3a1b9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19720/yabasic
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9937e768 by Salvatore Bonaccorso at 2019-12-11T19:46:11Z Add CVE-2019-19720/yabasic - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1199,7 +1199,8 @@ CVE-2020-2511 CVE-2020-2510 RESERVED CVE-2019-19720 (Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() functio ...) - TODO: check + - yabasic + NOTE: https://github.com/marcIhm/yabasic/issues/36 CVE-2019-19719 (Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via ...) TODO: check CVE-2019-19718 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9937e768fd4f55ebb651c06d4c72796178ad951e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9937e768fd4f55ebb651c06d4c72796178ad951e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-15681/libvncserver fixed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a257db70 by Salvatore Bonaccorso at 2019-12-11T19:39:50Z CVE-2019-15681/libvncserver fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16551,7 +16551,7 @@ CVE-2019-15682 (RDesktop version 1.8.4 contains multiple out-of-bound access rea CVE-2019-15681 (LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains ...) {DLA-2014-1 DLA-1979-1 DLA-1977-1} [experimental] - libvncserver 0.9.12+dfsg-1 - - libvncserver (low; bug #943793) + - libvncserver 0.9.12+dfsg-3 (low; bug #943793) [buster] - libvncserver (Minor issue) [stretch] - libvncserver (Minor issue) - italc View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a257db7005a7bf6ec6c59866bb3c2851c1202fa3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a257db7005a7bf6ec6c59866bb3c2851c1202fa3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Three davical issues fixed in unstable (CVE-2019-1834{5,6,7})
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 08799b08 by Salvatore Bonaccorso at 2019-12-11T19:34:18Z Three davical issues fixed in unstable (CVE-2019-1834{5,6,7}) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8601,18 +8601,18 @@ CVE-2019-18348 (An issue was discovered in urllib2 in Python 2.x through 2.7.17 NOTE: not the case in all suites, but the issue is minor in general and would NOTE: tend to a no-dsa/ignored tag in those suites. CVE-2019-18347 (A stored XSS issue was discovered in DAViCal through 1.1.8. It does no ...) - - davical (bug #946343) + - davical 1.1.9.2-1 (bug #946343) NOTE: https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability/ NOTE: https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b NOTE: https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19 CVE-2019-18346 (A CSRF issue was discovered in DAViCal through 1.1.8. If an authentica ...) - - davical (bug #946343) + - davical 1.1.9.2-1 (bug #946343) NOTE: https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability/ NOTE: https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b NOTE: https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19 CVE-2019-18345 RESERVED - - davical (bug #946343) + - davical 1.1.9.2-1 (bug #946343) NOTE: https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability/ NOTE: https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b NOTE: https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/08799b083f9abe063bffeb0a666bbce869b8e51a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/08799b083f9abe063bffeb0a666bbce869b8e51a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] heimdal no-dsa
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b1450dc3 by Moritz Muehlenhoff at 2019-12-11T18:00:06Z heimdal no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19128,6 +19128,8 @@ CVE-2019-14870 (All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 an [buster] - samba (Minor issue) [stretch] - samba (Minor issue) - heimdal + [buster] - heimdal (Minor issue) + [stretch] - heimdal (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2019-14870.html NOTE: https://github.com/heimdal/heimdal/pull/663 NOTE: https://github.com/heimdal/heimdal/pull/664 (port to 7.1 branch) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1450dc31d71650e66a0f3c94b7ddec1143854bc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1450dc31d71650e66a0f3c94b7ddec1143854bc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 4 commits: Remove doubled note
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 56d58f45 by Salvatore Bonaccorso at 2019-12-11T12:20:03Z Remove doubled note - - - - - b2d2a69b by Salvatore Bonaccorso at 2019-12-11T12:20:54Z Add CVE-2019-19578/xen - - - - - afdb8a4d by Salvatore Bonaccorso at 2019-12-11T12:25:52Z Add CVE-2019-19580/xen - - - - - ce630709 by Salvatore Bonaccorso at 2019-12-11T12:26:27Z Add CVE-2019-19577/xen - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2599,7 +2599,7 @@ CVE-2019-19584 CVE-2019-19583 [VMX: VMentry failure with debug exceptions and blocked states] RESERVED - xen - NOTE: NOTE: https://xenbits.xen.org/xsa/advisory-308.html + NOTE: https://xenbits.xen.org/xsa/advisory-308.html CVE-2019-19582 RESERVED - xen @@ -2610,10 +2610,16 @@ CVE-2019-19581 NOTE: https://xenbits.xen.org/xsa/advisory-307.html CVE-2019-19580 RESERVED + - xen + NOTE: https://xenbits.xen.org/xsa/advisory-310.html CVE-2019-19578 RESERVED + - xen + NOTE: https://xenbits.xen.org/xsa/advisory-309.html CVE-2019-19577 RESERVED + - xen + NOTE: https://xenbits.xen.org/xsa/advisory-311.html CVE-2019-19579 (An issue was discovered in Xen through 4.12.x allowing attackers to ga ...) - xen NOTE: https://xenbits.xen.org/xsa/advisory-306.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/23c08ac14863020e07980698186990173aad022b...ce6307095f848e25aea73b498bdc649463733247 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/23c08ac14863020e07980698186990173aad022b...ce6307095f848e25aea73b498bdc649463733247 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-1958{1,2}/xen
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 23c08ac1 by Salvatore Bonaccorso at 2019-12-11T12:19:24Z Add CVE-2019-1958{1,2}/xen - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2602,8 +2602,12 @@ CVE-2019-19583 [VMX: VMentry failure with debug exceptions and blocked states] NOTE: NOTE: https://xenbits.xen.org/xsa/advisory-308.html CVE-2019-19582 RESERVED + - xen + NOTE: https://xenbits.xen.org/xsa/advisory-307.html CVE-2019-19581 RESERVED + - xen + NOTE: https://xenbits.xen.org/xsa/advisory-307.html CVE-2019-19580 RESERVED CVE-2019-19578 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23c08ac14863020e07980698186990173aad022b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23c08ac14863020e07980698186990173aad022b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19583/xen
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a70deac by Salvatore Bonaccorso at 2019-12-11T12:17:18Z Add CVE-2019-19583/xen - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2596,8 +2596,10 @@ CVE-2019-19585 RESERVED CVE-2019-19584 RESERVED -CVE-2019-19583 +CVE-2019-19583 [VMX: VMentry failure with debug exceptions and blocked states] RESERVED + - xen + NOTE: NOTE: https://xenbits.xen.org/xsa/advisory-308.html CVE-2019-19582 RESERVED CVE-2019-19581 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a70deac7068dca12e69ebd1183ae635d36bbabd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a70deac7068dca12e69ebd1183ae635d36bbabd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/DLA/list: Correct reference to CVE-2019-17358 in cacti.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 62510cf2 by Chris Lamb at 2019-12-11T11:48:55Z data/DLA/list: Correct reference to CVE-2019-17358 in cacti. - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,5 +1,5 @@ [11 Dec 2019] DLA-2032-1 cacti - security update - {CVE-2019-17357} + {CVE-2019-17358} [jessie] - cacti 0.8.8b+dfsg-8+deb8u8 [10 Dec 2019] DLA-2031-1 freeimage - security update {CVE-2019-12211 CVE-2019-12213} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62510cf28890db6c82136e894e86aeb44c6dce3d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62510cf28890db6c82136e894e86aeb44c6dce3d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2032-1 for cacti
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 2485d9de by Chris Lamb at 2019-12-11T11:43:04Z Reserve DLA-2032-1 for cacti - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[11 Dec 2019] DLA-2032-1 cacti - security update + {CVE-2019-17357} + [jessie] - cacti 0.8.8b+dfsg-8+deb8u8 [10 Dec 2019] DLA-2031-1 freeimage - security update {CVE-2019-12211 CVE-2019-12213} [jessie] - freeimage 3.15.4-4.2+deb8u2 = data/dla-needed.txt = @@ -15,8 +15,6 @@ ansible NOTE: CVE-2019-14846 should be an easy fix. NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly. (utkarsh2102) -- -cacti (Chris Lamb) --- clamav (Hugo Lefeuvre) NOTE: waiting for 0.102.1 to enter stretch/buster. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2485d9de517560219efd76e5785bd67aa307a2b7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2485d9de517560219efd76e5785bd67aa307a2b7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim cacti.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: d5b57dd4 by Chris Lamb at 2019-12-11T10:19:34Z data/dla-needed.txt: Claim cacti. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -15,7 +15,7 @@ ansible NOTE: CVE-2019-14846 should be an easy fix. NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly. (utkarsh2102) -- -cacti +cacti (Chris Lamb) -- clamav (Hugo Lefeuvre) NOTE: waiting for 0.102.1 to enter stretch/buster. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5b57dd4bbca975bf7e996c7c1c552dcf535ae30 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5b57dd4bbca975bf7e996c7c1c552dcf535ae30 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2019-17357 in cacti for jessie LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 8b0454a6 by Chris Lamb at 2019-12-11T10:17:30Z Triage CVE-2019-17357 in cacti for jessie LTS. - - - - - 88ea58ce by Chris Lamb at 2019-12-11T10:18:47Z data/dla-needed.txt: Triage cacti for jessie LTS. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -12010,6 +12010,7 @@ CVE-2019-17358 CVE-2019-17357 RESERVED - cacti + [jessie] - cacti (Vulnerable code not present) NOTE: https://github.com/Cacti/cacti/issues/3025 NOTE: https://github.com/Cacti/cacti/commit/d6dc48503bbcde0717e7a93df7638fd4796200f4 CVE-2019-17356 (The Infinite Design application 3.4.12 for Android sends a username an ...) = data/dla-needed.txt = @@ -15,6 +15,8 @@ ansible NOTE: CVE-2019-14846 should be an easy fix. NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly. (utkarsh2102) -- +cacti +-- clamav (Hugo Lefeuvre) NOTE: waiting for 0.102.1 to enter stretch/buster. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/77feac01d2afd62b60b044b1057aaff6d3c1e9b5...88ea58cece9b3a0e21f0c352da0dd4f7a5542add -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/77feac01d2afd62b60b044b1057aaff6d3c1e9b5...88ea58cece9b3a0e21f0c352da0dd4f7a5542add You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 77feac01 by security tracker role at 2019-12-11T08:10:25Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,1245 @@ +CVE-2020-3109 + RESERVED +CVE-2020-3108 + RESERVED +CVE-2020-3107 + RESERVED +CVE-2020-3106 + RESERVED +CVE-2020-3105 + RESERVED +CVE-2020-3104 + RESERVED +CVE-2020-3103 + RESERVED +CVE-2020-3102 + RESERVED +CVE-2020-3101 + RESERVED +CVE-2020-3100 + RESERVED +CVE-2020-3099 + RESERVED +CVE-2020-3098 + RESERVED +CVE-2020-3097 + RESERVED +CVE-2020-3096 + RESERVED +CVE-2020-3095 + RESERVED +CVE-2020-3094 + RESERVED +CVE-2020-3093 + RESERVED +CVE-2020-3092 + RESERVED +CVE-2020-3091 + RESERVED +CVE-2020-3090 + RESERVED +CVE-2020-3089 + RESERVED +CVE-2020-3088 + RESERVED +CVE-2020-3087 + RESERVED +CVE-2020-3086 + RESERVED +CVE-2020-3085 + RESERVED +CVE-2020-3084 + RESERVED +CVE-2020-3083 + RESERVED +CVE-2020-3082 + RESERVED +CVE-2020-3081 + RESERVED +CVE-2020-3080 + RESERVED +CVE-2020-3079 + RESERVED +CVE-2020-3078 + RESERVED +CVE-2020-3077 + RESERVED +CVE-2020-3076 + RESERVED +CVE-2020-3075 + RESERVED +CVE-2020-3074 + RESERVED +CVE-2020-3073 + RESERVED +CVE-2020-3072 + RESERVED +CVE-2020-3071 + RESERVED +CVE-2020-3070 + RESERVED +CVE-2020-3069 + RESERVED +CVE-2020-3068 + RESERVED +CVE-2020-3067 + RESERVED +CVE-2020-3066 + RESERVED +CVE-2020-3065 + RESERVED +CVE-2020-3064 + RESERVED +CVE-2020-3063 + RESERVED +CVE-2020-3062 + RESERVED +CVE-2020-3061 + RESERVED +CVE-2020-3060 + RESERVED +CVE-2020-3059 + RESERVED +CVE-2020-3058 + RESERVED +CVE-2020-3057 + RESERVED +CVE-2020-3056 + RESERVED +CVE-2020-3055 + RESERVED +CVE-2020-3054 + RESERVED +CVE-2020-3053 + RESERVED +CVE-2020-3052 + RESERVED +CVE-2020-3051 + RESERVED +CVE-2020-3050 + RESERVED +CVE-2020-3049 + RESERVED +CVE-2020-3048 + RESERVED +CVE-2020-3047 + RESERVED +CVE-2020-3046 + RESERVED +CVE-2020-3045 + RESERVED +CVE-2020-3044 + RESERVED +CVE-2020-3043 + RESERVED +CVE-2020-3042 + RESERVED +CVE-2020-3041 + RESERVED +CVE-2020-3040 + RESERVED +CVE-2020-3039 + RESERVED +CVE-2020-3038 + RESERVED +CVE-2020-3037 + RESERVED +CVE-2020-3036 + RESERVED +CVE-2020-3035 + RESERVED +CVE-2020-3034 + RESERVED +CVE-2020-3033 + RESERVED +CVE-2020-3032 + RESERVED +CVE-2020-3031 + RESERVED +CVE-2020-3030 + RESERVED +CVE-2020-3029 + RESERVED +CVE-2020-3028 + RESERVED +CVE-2020-3027 + RESERVED +CVE-2020-3026 + RESERVED +CVE-2020-3025 + RESERVED +CVE-2020-3024 + RESERVED +CVE-2020-3023 + RESERVED +CVE-2020-3022 + RESERVED +CVE-2020-3021 + RESERVED +CVE-2020-3020 + RESERVED +CVE-2020-3019 + RESERVED +CVE-2020-3018 + RESERVED +CVE-2020-3017 + RESERVED +CVE-2020-3016 + RESERVED +CVE-2020-3015 + RESERVED +CVE-2020-3014 + RESERVED +CVE-2020-3013 + RESERVED +CVE-2020-3012 + RESERVED +CVE-2020-3011 + RESERVED +CVE-2020-3010 + RESERVED +CVE-2020-3009 + RESERVED +CVE-2020-3008 + RESERVED +CVE-2020-3007 + RESERVED +CVE-2020-3006 + RESERVED +CVE-2020-3005 + RESERVED +CVE-2020-3004 + RESERVED +CVE-2020-3003 + RESERVED +CVE-2020-3002 + RESERVED +CVE-2020-3001 + RESERVED +CVE-2020-3000 + RESERVED +CVE-2020-2999 + RESERVED +CVE-2020-2998 + RESERVED +CVE-2020-2997 + RESERVED +CVE-2020-2996 + RESERVED +CVE-2020-2995 + RESERVED +CVE-2020-2994 + RESERVED +CVE-2020-2993 + RESERVED +CVE-2020-2992 + RESERVED +CVE-2020-2991 + RESERVED +CVE-2020-2990 + RESERVED +CVE-2020-2989 + RESERVED +CVE-2020-2988 + RESERVED +CVE-2020-2987 + RESERVED +CVE-2020-2986 + RESERVED +CVE-2020-2985 + RESERVED +CVE-2020-2984 + RESERVED +CVE-2020-2983 + RESERVED +CVE-2020-2982 + RESERVED +CVE-2020-2981 + RESERVED +CVE-2020-2980 + RESERVED +CVE-2020-2979 + RESERVED +CVE-2020-2978 + RESERVED +CVE-2020-2977 + RESERVED +CVE-2020-2976 + RESERVED +CVE-2020-2975 + RESERVED +CVE-2020-2974 + RESERVED +CVE-2020-2973 + RESERVED +CVE-2020-2972 + RESERVED +CVE-2020-2971 + RESERVED +CVE-2020-2970 + RESERVED +CVE-2020-2969 + RESERVED +CVE-2020-2968 + RESERVED +CVE-2020-2967 + RESERVED +CVE-2020-2966 + RESERVED +CVE-2020-2965 + RESERVED +CVE-2020-29
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-19617/phpmyadmin as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4715c08e by Salvatore Bonaccorso at 2019-12-11T08:01:49Z Mark CVE-2019-19617/phpmyadmin as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -238,6 +238,7 @@ CVE-2019-19618 CVE-2019-19617 (phpMyAdmin before 4.9.2 does not escape certain Git information, relat ...) {DLA-2024-1} - phpmyadmin 4:4.9.2+dfsg1-1 + [stretch] - phpmyadmin (Minor issue) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9 CVE-2019-19616 (An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia ...) NOT-FOR-US: Microsoft Dynamics NAV View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4715c08e131ec220ce93e4abc60162903ab7f0ff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4715c08e131ec220ce93e4abc60162903ab7f0ff You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits