[Git][security-tracker-team/security-tracker][master] Claim debian-lan-config
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: bfa17ea0 by Utkarsh Gupta at 2019-12-31T23:12:03Z Claim debian-lan-config - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -20,7 +20,7 @@ apache-log4j1.2 (Markus Koschany) clamav (Hugo Lefeuvre) NOTE: 20191227: waiting for 0.102.1 to enter stretch/buster. -- -debian-lan-config +debian-lan-config (Utkarsh Gupta) -- git (Roberto C. Sánchez) NOTE: 20191226: Patches integrated for 4 of 5 CVEs. The last, CVE-2019-1387, View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bfa17ea08b9c2c51e0f2b3e9bedf379f33450130 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bfa17ea08b9c2c51e0f2b3e9bedf379f33450130 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1d1f96e2 by security tracker role at 2019-12-31T20:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,147 @@
+CVE-2020-5178
+ RESERVED
+CVE-2020-5177
+ RESERVED
+CVE-2020-5176
+ RESERVED
+CVE-2020-5175
+ RESERVED
+CVE-2020-5174
+ RESERVED
+CVE-2020-5173
+ RESERVED
+CVE-2020-5172
+ RESERVED
+CVE-2020-5171
+ RESERVED
+CVE-2020-5170
+ RESERVED
+CVE-2020-5169
+ RESERVED
+CVE-2020-5168
+ RESERVED
+CVE-2020-5167
+ RESERVED
+CVE-2020-5166
+ RESERVED
+CVE-2020-5165
+ RESERVED
+CVE-2020-5164
+ RESERVED
+CVE-2020-5163
+ RESERVED
+CVE-2020-5162
+ RESERVED
+CVE-2020-5161
+ RESERVED
+CVE-2020-5160
+ RESERVED
+CVE-2020-5159
+ RESERVED
+CVE-2020-5158
+ RESERVED
+CVE-2020-5157
+ RESERVED
+CVE-2020-5156
+ RESERVED
+CVE-2020-5155
+ RESERVED
+CVE-2020-5154
+ RESERVED
+CVE-2020-5153
+ RESERVED
+CVE-2020-5152
+ RESERVED
+CVE-2020-5151
+ RESERVED
+CVE-2020-5150
+ RESERVED
+CVE-2020-5149
+ RESERVED
+CVE-2020-5148
+ RESERVED
+CVE-2020-5147
+ RESERVED
+CVE-2020-5146
+ RESERVED
+CVE-2020-5145
+ RESERVED
+CVE-2020-5144
+ RESERVED
+CVE-2020-5143
+ RESERVED
+CVE-2020-5142
+ RESERVED
+CVE-2020-5141
+ RESERVED
+CVE-2020-5140
+ RESERVED
+CVE-2020-5139
+ RESERVED
+CVE-2020-5138
+ RESERVED
+CVE-2020-5137
+ RESERVED
+CVE-2020-5136
+ RESERVED
+CVE-2020-5135
+ RESERVED
+CVE-2020-5134
+ RESERVED
+CVE-2020-5133
+ RESERVED
+CVE-2020-5132
+ RESERVED
+CVE-2020-5131
+ RESERVED
+CVE-2020-5130
+ RESERVED
+CVE-2020-5129
+ RESERVED
+CVE-2019-20197 (In Nagios XI 5.6.9, an authenticated user is able to execute
arbitrary ...)
+ TODO: check
+CVE-2019-20196
+ RESERVED
+CVE-2019-20195
+ RESERVED
+CVE-2019-20194
+ RESERVED
+CVE-2019-20193
+ RESERVED
+CVE-2019-20192
+ RESERVED
+CVE-2019-20191
+ RESERVED
+CVE-2019-20190
+ RESERVED
+CVE-2019-20189
+ RESERVED
+CVE-2019-20188
+ RESERVED
+CVE-2019-20187
+ RESERVED
+CVE-2019-20186
+ RESERVED
+CVE-2019-20185
+ RESERVED
+CVE-2019-20184
+ RESERVED
+CVE-2019-20183
+ RESERVED
+CVE-2019-20182
+ RESERVED
+CVE-2019-20181
+ RESERVED
+CVE-2019-20180
+ RESERVED
+CVE-2019-20179
+ RESERVED
+CVE-2019-20178
+ RESERVED
+CVE-2019-20177
+ RESERVED
+CVE-2019-20176 (In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered
in the li ...)
+ TODO: check
CVE-2019-20175 (** DISPUTED ** An issue was discovered in ide_dma_cb() in
hw/ide/core. ...)
- qemu (unimportant)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg01651.html
@@ -15243,6 +15387,7 @@ CVE-2019-18180 (Improper Check for filenames with
overly long extensions in Post
NOTE:
https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/
CVE-2019-18179
RESERVED
+ {DLA-2053-1}
- otrs2 6.0.24-1 (bug #945251)
[buster] - otrs2 (Non-free not supported)
[stretch] - otrs2 (Non-free not supported)
@@ -19675,7 +19820,7 @@ CVE-2019-16407 (JetBrains ReSharper installers for
versions before 2019.2 had a
NOT-FOR-US: JetBrains ReSharper installer
CVE-2019-16406 (Centreon Web 19.04.4 has weak permissions within the OVA (aka
VMware v ...)
- centreon-web (bug #913903)
-CVE-2019-16405 (Centreon Web 19.04.4 allows Remote Code Execution by an
administrator ...)
+CVE-2019-16405 (Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x
before 19. ...)
- centreon-web (bug #913903)
CVE-2019-16404 (Authenticated SQL Injection in
interface/forms/eye_mag/js/eye_base.php ...)
NOT-FOR-US: OpenEMR
@@ -25722,8 +25867,7 @@ CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in
cb_push_op in cobc/field.c
NOTE: https://sourceforge.net/p/open-cobol/bugs/581/
CVE-2019-14467 (The Social Photo Gallery plugin 1.0 for WordPress allows
Remote Code E ...)
NOT-FOR-US: Social Photo Gallery plugin for WordPress
-CVE-2019-14466 [GOsa <= 2.7.5.2 uses unserialize to restore filter settings
from a cookie. Since this cookie is supplied by the client, authenticated users
can pass arbitrary content to unserialized, which opens GOsa up to a potential
PHP object injection.]
- RESERVED
+CVE-2019-14466 (The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is
vulnerable ...)
{DLA-1905-1}
- gosa 2.7.4+reloaded3-10
NOTE:
https://github.com/gosa-project/gosa-core/commit/e1504e9765db2adde8b4685b5c93fbba57df868b
(fix)
@@ -31649,8 +31793,8 @@ CVE-2019-12838 (SchedMD
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2054-1 for jhead
Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a118a2b6 by Adrian Bunk at 2019-12-31T18:13:22Z
Reserve DLA-2054-1 for jhead
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[31 Dec 2019] DLA-2054-1 jhead - security update
+ {CVE-2018-16554 CVE-2018-17088 CVE-2019-1010301 CVE-2019-1010302}
+ [jessie] - jhead 1:2.97-1+deb8u2
[31 Dec 2019] DLA-2053-1 otrs2 - security update
{CVE-2019-18179}
[jessie] - otrs2 3.3.18-1+deb8u12
=
data/dla-needed.txt
=
@@ -33,9 +33,6 @@ ibus (Emilio)
NOTE: 20191210: See https://bugs.debian.org/941018
NOTE: 20191210: See https://gitlab.gnome.org/GNOME/glib/merge_requests/1176
--
-jhead (Adrian Bunk)
- NOTE: 20191230: work is ongoing
---
libexif (Hugo Lefeuvre)
NOTE: 2019: Contacted upstream for relevant commits of CVE-2019-9278.
(utkarsh2102)
NOTE: 20191114: Pinged upstream; just have the Android patch yet.
(utkarsh2102)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a118a2b69fbd5f20f35611b27dbc4d664d48c158
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a118a2b69fbd5f20f35611b27dbc4d664d48c158
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add xerces-c to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 868ff32c by Markus Koschany at 2019-12-31T17:54:54Z Add xerces-c to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -141,6 +141,9 @@ xcftools (Hugo Lefeuvre) -- xen -- +xerces-c + NOTE: 20191231: There is no upstream patch yet. (apo) +-- yara NOTE: 20191212: no upstream fix yet -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/868ff32cf8796da89b64bf4dd924e2375466d5f0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/868ff32cf8796da89b64bf4dd924e2375466d5f0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add debian-lan-config to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 4d75f063 by Markus Koschany at 2019-12-31T17:44:38Z Add debian-lan-config to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -20,6 +20,8 @@ apache-log4j1.2 (Markus Koschany) clamav (Hugo Lefeuvre) NOTE: 20191227: waiting for 0.102.1 to enter stretch/buster. -- +debian-lan-config +-- git (Roberto C. Sánchez) NOTE: 20191226: Patches integrated for 4 of 5 CVEs. The last, CVE-2019-1387, NOTE: 20191226: is proving rather difficult. (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d75f0638f2c52421cfbee8705136b448f27d60e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d75f0638f2c52421cfbee8705136b448f27d60e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add graphicsmagick to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: c8dc22b5 by Markus Koschany at 2019-12-31T17:34:46Z Add graphicsmagick to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -24,6 +24,8 @@ git (Roberto C. Sánchez) NOTE: 20191226: Patches integrated for 4 of 5 CVEs. The last, CVE-2019-1387, NOTE: 20191226: is proving rather difficult. (roberto) -- +graphicsmagick +-- ibus (Emilio) NOTE: 20191210: Requires glib2.0 to be patched also. NOTE: 20191210: See https://bugs.debian.org/941018 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c8dc22b5297f95e4f2ab098eeaeb409ae78ea257 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c8dc22b5297f95e4f2ab098eeaeb409ae78ea257 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage libsixel for Jessie
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 4cd34447 by Markus Koschany at 2019-12-31T16:46:07Z Triage libsixel for Jessie - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2470,6 +2470,7 @@ CVE-2019-20140 (An issue was discovered in libsixel 1.8.4. There is a heap-based - libsixel [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) + [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/122 CVE-2019-20139 (In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgrou ...) NOT-FOR-US: Nagios XI @@ -2571,6 +2572,7 @@ CVE-2019-20094 (An issue was discovered in libsixel 1.8.4. There is a heap-based - libsixel [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) + [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/125 CVE-2019-20093 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...) - libpodofo @@ -2655,6 +2657,7 @@ CVE-2019-20056 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel - libsixel [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) + [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/126 CVE-2019-20055 (LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substri ...) NOT-FOR-US: LuquidPixels LiquiFire OS @@ -2725,18 +2728,21 @@ CVE-2019-20024 (A heap-based buffer overflow was discovered in image_buffer_resi - libsixel [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) + [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/121 NOTE: https://github.com/saitoha/libsixel/commit/6367d2fc8c365c5841d05697200e90c73c4b3c4b CVE-2019-20023 (A memory leak was discovered in image_buffer_resize in fromsixel.c in ...) - libsixel [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) + [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/120 NOTE: Proposed fix: https://github.com/saitoha/libsixel/commit/b9a4175c803b50a863b0fbd8b8b49058ca725ea6 CVE-2019-20022 (An invalid memory address dereference was discovered in load_pnm in fr ...) - libsixel [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) + [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/108 NOTE: https://github.com/saitoha/libsixel/commit/e17c0765ed708186865f0f8badfed44181063776 CVE-2019-20021 (A heap-based buffer over-read was discovered in canUnpack in p_mach.cp ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4cd3444716a32f2ccb15d2b059f9c57385274f22 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4cd3444716a32f2ccb15d2b059f9c57385274f22 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2053-1 for otrs2
Abhijith PA pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dd8730bc by Abhijith PA at 2019-12-31T15:34:05Z
Reserve DLA-2053-1 for otrs2
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[31 Dec 2019] DLA-2053-1 otrs2 - security update
+ {CVE-2019-18179}
+ [jessie] - otrs2 3.3.18-1+deb8u12
[30 Dec 2019] DLA-2052-1 libbsd - security update
{CVE-2016-2090}
[jessie] - libbsd 0.7.0-2+deb8u1
=
data/dla-needed.txt
=
@@ -81,10 +81,6 @@ nss (Markus Koschany)
opendmarc (Thorsten Alteholz)
NOTE: 20191222: still testing package, original patch does not seem to be
enough, still ongoing
--
-otrs2 (Abhijith PA)
- NOTE: otrs2 is in jessie/main so it should be taken care off
- NOTE: 20191208: CVE-2019-18180 seems not affected (abhijith)
---
python-reportlab (Hugo Lefeuvre)
NOTE: 20191227: still no upstream fix
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd8730bc008803cfd2315ccf654d4640910e1479
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd8730bc008803cfd2315ccf654d4640910e1479
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2019-7733 via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d88553f by Salvatore Bonaccorso at 2019-12-31T13:56:33Z Track fixed version for CVE-2019-7733 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -46487,7 +46487,7 @@ CVE-2019-7734 RESERVED CVE-2019-7733 (In Live555 0.95, there is a buffer overflow via a large integer in a C ...) [experimental] - liblivemedia 2019.05.12-1 - - liblivemedia (low; bug #929948) + - liblivemedia 2019.10.11-2 (low; bug #929948) [buster] - liblivemedia (Minor issue) [stretch] - liblivemedia (Minor issue) [jessie] - liblivemedia (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d88553f5df98956e5442051f658d95dda30965e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d88553f5df98956e5442051f658d95dda30965e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add proposed update for cups via stretch-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 48dc75d1 by Salvatore Bonaccorso at 2019-12-31T13:54:04Z Add proposed update for cups via stretch-pu - - - - - 1 changed file: - data/next-oldstable-point-update.txt Changes: = data/next-oldstable-point-update.txt = @@ -116,3 +116,5 @@ CVE-2019-15680 [stretch] - tightvnc 1:1.3.9-9+deb9u1 CVE-2019-15681 [stretch] - tightvnc 1:1.3.9-9+deb9u1 +CVE-2019-2228 + [stretch] - cups 2.2.1-8+deb9u5 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/48dc75d15004c80035a8da1a18bdf4b688cfe1f5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/48dc75d15004c80035a8da1a18bdf4b688cfe1f5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark for now CVE-2019-19921 as undetermined
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3940da91 by Salvatore Bonaccorso at 2019-12-31T13:44:12Z Mark for now CVE-2019-19921 as undetermined - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3003,7 +3003,7 @@ CVE-2019-19922 (kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.c NOTE: https://git.kernel.org/linus/de53fd7aedb100f03e5d2231cfce0e4993282425 CVE-2019-19921 RESERVED - - runc + - runc NOTE: https://github.com/opencontainers/runc/pull/2190 TODO: check for details CVE-2019-19919 (Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Poll ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3940da91c51b623afb8c845301261f6ee10da322 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3940da91c51b623afb8c845301261f6ee10da322 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19921/runc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 024e0b65 by Salvatore Bonaccorso at 2019-12-31T13:42:30Z Add CVE-2019-19921/runc Details on the issue seem not present. The CVE was mentioned in https://lore.kernel.org/stable/20191230052036.8765-2-cyp...@cyphar.com/ and cross checking with containers https://github.com/opencontainers/runc/pull/2190 is found, but without information on the vulnerability. It seems to be related to an audit performed by Cure53 as per https://github.com/opencontainers/runc/pull/2190/commits/36268ea7e4a7bb02c9df1954a1d3d912e568ba69 .. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3003,6 +3003,9 @@ CVE-2019-19922 (kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.c NOTE: https://git.kernel.org/linus/de53fd7aedb100f03e5d2231cfce0e4993282425 CVE-2019-19921 RESERVED + - runc + NOTE: https://github.com/opencontainers/runc/pull/2190 + TODO: check for details CVE-2019-19919 (Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Poll ...) - node-handlebars 3:4.5.3-1 [buster] - node-handlebars (Minor issue; will be fixed via point release) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/024e0b655e468e49a250f20a211b52e303e7c723 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/024e0b655e468e49a250f20a211b52e303e7c723 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] cups spu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c99a8cbc by Moritz Muehlenhoff at 2019-12-31T13:38:04Z
cups spu
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=
data/CVE/list
=
@@ -61772,6 +61772,8 @@ CVE-2019-2229 (In updateWidget of
BaseWidgetProvider.java, there is a possible l
CVE-2019-2228 (In array_find of array.c, there is a possible out-of-bounds
read due t ...)
{DLA-2047-1}
- cups 2.3.1-1 (bug #946782)
+ [buster] - cups (Minor issue)
+ [stretch] - cups (Minor issue)
NOTE:
https://github.com/apple/cups/commit/b018978c278d42c7abf78941251b887c95dfdb07
(master, v2.3.1)
NOTE:
https://github.com/apple/cups/commit/8c9b3606cca99e5dfc51784a9de1634345db7579
(v2.2.13)
CVE-2019-2227 (In DeepCopy of btif_av.cc, there is a possible out of bounds
read due ...)
=
data/next-point-update.txt
=
@@ -177,3 +177,5 @@ CVE-2019-19060
[buster] - linux 4.19.87-1
CVE-2019-19075
[buster] - linux 4.19.87-1
+CVE-2019-2228
+ [buster] - cups 2.2.10-6+deb10u2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c99a8cbc1aaad9b911435a48f747dd33ed5ca913
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c99a8cbc1aaad9b911435a48f747dd33ed5ca913
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] liblivemedia fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5c659f0c by Moritz Muehlenhoff at 2019-12-31T13:34:35Z liblivemedia fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23103,7 +23103,7 @@ CVE-2019-15233 (The Live:Text Box macro in the Old Street Live Input Macros app NOT-FOR-US: Old Street Live Input Macros app for Confluence CVE-2019-15232 (Live555 before 2019.08.16 has a Use-After-Free because GenericMediaSer ...) [experimental] - liblivemedia 2019.08.16-1 - - liblivemedia (low) + - liblivemedia 2019.10.11-2 (low) [buster] - liblivemedia (Can be fixed along in future update) [stretch] - liblivemedia (Can be fixed along in future update) [jessie] - liblivemedia (Can be fixed along with more important patches) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5c659f0cc0a3a12be4938987ba50c0cb33b04bf8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5c659f0cc0a3a12be4938987ba50c0cb33b04bf8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Re-add libgcrypt20 for jessie LTS as I think the fix for...
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 558465c5 by Chris Lamb at 2019-12-31T12:28:18Z data/dla-needed.txt: Re-add libgcrypt20 for jessie LTS as I think the fix for CVE-2019-13627 was incomplete. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -40,6 +40,9 @@ libexif (Hugo Lefeuvre) NOTE: 20191216: The android patch does not apply but is easy to manually apply. (ola) NOTE: 20191216: The problem is the file to trigger the fault is not known. (ola) -- +libgcrypt20 (lamby) + NOTE: 20191231: I think the fix for CVE-2019-13627 was incomplete. (lamby) +-- libjackson-json-java (Adrian Bunk) NOTE: 20191230: work is ongoing -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/558465c5e18e169c7c7d5799f3af7a1268384153 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/558465c5e18e169c7c7d5799f3af7a1268384153 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track several new gpac issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f3896ca9 by Salvatore Bonaccorso at 2019-12-31T10:06:07Z Track several new gpac issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14,31 +14,44 @@ CVE-2019-20173 CVE-2019-20172 (Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not r ...) NOT-FOR-US: SerenityOS CVE-2019-20171 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1337 CVE-2019-20170 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1328 CVE-2019-20169 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1329 CVE-2019-20168 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1333 CVE-2019-20167 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1330 CVE-2019-20166 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1331 CVE-2019-20165 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1338 CVE-2019-20164 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1332 CVE-2019-20163 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1335 CVE-2019-20162 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1327 CVE-2019-20161 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1320 CVE-2019-20160 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1334 CVE-2019-20159 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1321 CVE-2019-20158 RESERVED CVE-2019-20157 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3896ca97e982fe61eb71bdd4391ce7741dd5ba0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3896ca97e982fe61eb71bdd4391ce7741dd5ba0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-20056/libsixel
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 397dbe86 by Salvatore Bonaccorso at 2019-12-31T08:43:59Z Add CVE-2019-20056/libsixel - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2639,7 +2639,10 @@ CVE-2019-20058 (** DISPUTED ** Bolt 3.7.0, if Symfony Web Profiler is used, allo CVE-2019-20057 (com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman ...) NOT-FOR-US: Proxyman for macOS CVE-2019-20056 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel and o ...) - TODO: check + - libsixel + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) + NOTE: https://github.com/saitoha/libsixel/issues/126 CVE-2019-20055 (LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substri ...) NOT-FOR-US: LuquidPixels LiquiFire OS CVE-2019-20053 (An invalid memory address dereference was discovered in the canUnpack ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/397dbe865863142cffb909db6466bab1219a04f5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/397dbe865863142cffb909db6466bab1219a04f5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d631d909 by Salvatore Bonaccorso at 2019-12-31T08:43:15Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12,7 +12,7 @@ CVE-2019-20174 CVE-2019-20173 RESERVED CVE-2019-20172 (Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not r ...) - TODO: check + NOT-FOR-US: SerenityOS CVE-2019-20171 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) TODO: check CVE-2019-20170 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) @@ -2461,7 +2461,7 @@ CVE-2019-20140 (An issue was discovered in libsixel 1.8.4. There is a heap-based CVE-2019-20139 (In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgrou ...) NOT-FOR-US: Nagios XI CVE-2019-20138 (The HTTP Authentication library before 2019-12-27 for Nim has weak pas ...) - TODO: check + NOT-FOR-US: HTTP Authentication library for Nim CVE-2019-20137 RESERVED CVE-2019-20136 @@ -9825,9 +9825,9 @@ CVE-2019-19034 CVE-2019-19033 (Jalios JCMS 10 allows attackers to access any part of the website and ...) NOT-FOR-US: Jalios JCMS CVE-2019-19032 (XMLBlueprint through 16.191112 is affected by XML External Entity Inje ...) - TODO: check + NOT-FOR-US: XMLBlueprint CVE-2019-19031 (Easy XML Editor through v1.7.8 is affected by: XML External Entity Inj ...) - TODO: check + NOT-FOR-US: Easy XML Editor CVE-2019-19030 RESERVED CVE-2019-19029 @@ -37437,7 +37437,7 @@ CVE-2019-10760 (safer-eval before 1.3.2 are vulnerable to Arbitrary Code Executi CVE-2019-10759 (safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A ...) NOT-FOR-US: safer-eval Node module CVE-2019-10758 (mongo-express before 0.54.0 is vulnerable to Remote Code Execution via ...) - TODO: check + NOT-FOR-US: mongo-express CVE-2019-10757 (knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. ...) NOT-FOR-US: knex.js CVE-2019-10756 (It is possible to inject JavaScript within node-red-dashboard versions ...) @@ -47220,9 +47220,9 @@ CVE-2019-7481 (Vulnerability in SonicWall SMA100 allow unauthenticated user to g CVE-2019-7480 RESERVED CVE-2019-7479 (A vulnerability in SonicOS allow authenticated read-only admin can ele ...) - TODO: check + NOT-FOR-US: SonicOS CVE-2019-7478 (A vulnerability in GMS allow unauthenticated user to SQL injection in ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2019-7477 (A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow ...) NOT-FOR-US: SonicWall CVE-2019-7476 (A vulnerability in SonicWall Global Management System (GMS), allow a r ...) @@ -98728,7 +98728,7 @@ CVE-2018-7861 CVE-2018-7860 RESERVED CVE-2018-7859 (A security vulnerability in D-Link DGS-1510-series switches with firmw ...) - TODO: check + NOT-FOR-US: D-Link CVE-2018-7858 (Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Em ...) - qemu 1:2.12~rc3+dfsg-1 (bug #892497) [stretch] - qemu (Vulnerable code not present) @@ -260784,7 +260784,7 @@ CVE-2013-4869 (Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) CVE-2013-4868 (Karotz API 12.07.19.00: Session Token Information Disclosure ...) TODO: check CVE-2013-4867 (Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module h ...) - TODO: check + NOT-FOR-US: Electronic Arts Karotz Smart Rabbit CVE-2013-4866 (The LIXIL Corporation My SATIS Genius Toilet application for Android h ...) NOT-FOR-US: LIXIL Corporation My SATIS Genius Toilet application for Android CVE-2013-4865 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d631d90901cabb1b294579f8e1db033c257b7072 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d631d90901cabb1b294579f8e1db033c257b7072 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-20175/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 40e3e0ca by Salvatore Bonaccorso at 2019-12-31T08:31:53Z Add CVE-2019-20175/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,12 @@ CVE-2019-20175 (** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core. ...) - TODO: check + - qemu (unimportant) + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg01651.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg03869.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg00597.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg02165.html + NOTE: Marked unimportant, as negligible security impact (a privileged guest + NOTE: can trigger similar issues without triggering the specific assert) and + NOTE: is disputed by QEMU security team. CVE-2019-20174 RESERVED CVE-2019-20173 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/40e3e0ca9def37424ba0ceadb57943049ccf0ac0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/40e3e0ca9def37424ba0ceadb57943049ccf0ac0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19927/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 84d38612 by Salvatore Bonaccorso at 2019-12-31T08:23:17Z Add CVE-2019-19927/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2955,7 +2955,8 @@ CVE-2019-19929 (An Untrusted Search Path vulnerability in Malwarebytes AdwCleane CVE-2019-19928 RESERVED CVE-2019-19927 (In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on k ...) - TODO: check + - linux + TODO: check in kernel-sec CVE-2019-19926 (multiSelect in select.c in SQLite 3.30.1 mishandles certain errors dur ...) - sqlite3 (Incomplete fix for CVE-2019-19880 not applied) NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/84d386121c9db3724ed642881b9b4050c8485048 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/84d386121c9db3724ed642881b9b4050c8485048 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ddc08817 by security tracker role at 2019-12-31T08:10:20Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,55 @@ +CVE-2019-20175 (** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core. ...) + TODO: check +CVE-2019-20174 + RESERVED +CVE-2019-20173 + RESERVED +CVE-2019-20172 (Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not r ...) + TODO: check +CVE-2019-20171 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20170 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20169 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20168 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20167 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20166 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20165 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20164 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20163 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20162 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20161 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20160 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20159 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) + TODO: check +CVE-2019-20158 + RESERVED +CVE-2019-20157 + RESERVED +CVE-2019-20156 + RESERVED +CVE-2019-20155 + RESERVED +CVE-2019-20154 + RESERVED +CVE-2019-20153 + RESERVED +CVE-2019-20152 + RESERVED +CVE-2019-20151 + RESERVED +CVE-2019-20150 + RESERVED CVE-2020-5128 RESERVED CVE-2020-5127 @@ -2902,8 +2954,8 @@ CVE-2019-19929 (An Untrusted Search Path vulnerability in Malwarebytes AdwCleane NOT-FOR-US: Malwarebytes AdwCleaner CVE-2019-19928 RESERVED -CVE-2019-19927 - RESERVED +CVE-2019-19927 (In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on k ...) + TODO: check CVE-2019-19926 (multiSelect in select.c in SQLite 3.30.1 mishandles certain errors dur ...) - sqlite3 (Incomplete fix for CVE-2019-19880 not applied) NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089 @@ -9764,10 +9816,10 @@ CVE-2019-19034 RESERVED CVE-2019-19033 (Jalios JCMS 10 allows attackers to access any part of the website and ...) NOT-FOR-US: Jalios JCMS -CVE-2019-19032 - RESERVED -CVE-2019-19031 - RESERVED +CVE-2019-19032 (XMLBlueprint through 16.191112 is affected by XML External Entity Inje ...) + TODO: check +CVE-2019-19031 (Easy XML Editor through v1.7.8 is affected by: XML External Entity Inj ...) + TODO: check CVE-2019-19030 RESERVED CVE-2019-19029 @@ -18636,8 +18688,8 @@ CVE-2019-16792 RESERVED CVE-2019-16791 RESERVED -CVE-2019-16790 - RESERVED +CVE-2019-16790 (In Tiny File Manager before 2.3.9, there is a remote code execution vi ...) + TODO: check CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used in front ...) - waitress (bug #947433) [buster] - waitress (Minor issue) @@ -47159,10 +47211,10 @@ CVE-2019-7481 (Vulnerability in SonicWall SMA100 allow unauthenticated user to g NOT-FOR-US: SonicWall SMA100 CVE-2019-7480 RESERVED -CVE-2019-7479 - RESERVED -CVE-2019-7478 - RESERVED +CVE-2019-7479 (A vulnerability in SonicOS allow authenticated read-only admin can ele ...) + TODO: check +CVE-2019-7478 (A vulnerability in GMS allow unauthenticated user to SQL injection in ...) + TODO: check CVE-2019-7477 (A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow ...) NOT-FOR-US: SonicWall CVE-2019-7476 (A vulnerability in SonicWall Global Management System (GMS), allow a r ...) @@ -57530,8 +57582,7 @@ CVE-2018-20511 (An issue was discovered in the Linux kernel before 4.18.11. The - linux 4.18.20-1 [stretch] - linux 4.9.130-1 NOTE: Fixed by: https://git.kernel.org/linus/9824dfae5741275473a23a7ed5756c7b6efacc9d (4.19-rc5) -CVE-2018-20507 [Missing authentication for Prometheus alert
