[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 9 09:10:20 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e7e16f99 by security tracker role at 2019-04-09T08:10:10Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2019-11027
+ RESERVED
+CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infini ...)
+ TODO: check
+CVE-2019-11025 (In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping o ...)
+ TODO: check
+CVE-2019-11024 (The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has ...)
+ TODO: check
+CVE-2019-11023 (The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39. ...)
+ TODO: check
+CVE-2019-11022
+ RESERVED
+CVE-2019-11021
+ RESERVED
+CVE-2019-11020
+ RESERVED
+CVE-2019-11019
+ RESERVED
+CVE-2019-11018 (application\admin\controller\User.php in ThinkAdmin V4.0 does not prev ...)
+ TODO: check
+CVE-2019-11017
+ RESERVED
+CVE-2019-11016 (Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. ...)
+ TODO: check
+CVE-2019-11015
+ RESERVED
+CVE-2019-11014 (The VStarCam vstc.vscam.client library and vstc.vscam shared object, a ...)
+ TODO: check
+CVE-2019-11013
+ RESERVED
+CVE-2019-11012
+ RESERVED
CVE-2019-11011
RESERVED
CVE-2019-11010 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in ...)
@@ -239,26 +271,26 @@ CVE-2019-10904 (Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi
NOTE: https://github.com/python/bugs.python.org/issues/34
NOTE: https://issues.roundup-tracker.org/issue2551035
NOTE: https://bitbucket.org/python/roundup/commits/51682dc2cd7e28421d749117c25bec58f632ee5f
-CVE-2019-10903
- RESERVED
-CVE-2019-10902
- RESERVED
-CVE-2019-10901
- RESERVED
-CVE-2019-10900
- RESERVED
-CVE-2019-10899
- RESERVED
-CVE-2019-10898
- RESERVED
-CVE-2019-10897
- RESERVED
-CVE-2019-10896
- RESERVED
-CVE-2019-10895
- RESERVED
-CVE-2019-10894
- RESERVED
+CVE-2019-10903 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SP ...)
+ TODO: check
+CVE-2019-10902 (In Wireshark 3.0.0, the TSDNS dissector could crash. This was addresse ...)
+ TODO: check
+CVE-2019-10901 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS diss ...)
+ TODO: check
+CVE-2019-10900 (In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. ...)
+ TODO: check
+CVE-2019-10899 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC di ...)
+ TODO: check
+CVE-2019-10898 (In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. ...)
+ TODO: check
+CVE-2019-10897 (In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinit ...)
+ TODO: check
+CVE-2019-10896 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF disse ...)
+ TODO: check
+CVE-2019-10895 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler ...)
+ TODO: check
+CVE-2019-10894 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API d ...)
+ TODO: check
CVE-2019-10893
RESERVED
CVE-2019-10892
@@ -924,16 +956,16 @@ CVE-2019-10636
RESERVED
CVE-2019-10635
RESERVED
-CVE-2019-10634
- RESERVED
-CVE-2019-10633
- RESERVED
-CVE-2019-10632
- RESERVED
-CVE-2019-10631
- RESERVED
-CVE-2019-10630
- RESERVED
+CVE-2019-10634 (An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allow ...)
+ TODO: check
+CVE-2019-10633 (An eval injection vulnerability in the Python web server routing on th ...)
+ TODO: check
+CVE-2019-10632 (A directory traversal vulnerability in the file browser component on t ...)
+ TODO: check
+CVE-2019-10631 (Shell Metacharacter Injection in the package installer on Zyxel NAS 32 ...)
+ TODO: check
+CVE-2019-10630 (A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 a ...)
+ TODO: check
CVE-2019-10629
RESERVED
CVE-2019-10628
@@ -4012,6 +4044,7 @@ CVE-2019-9633 (gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a p
CVE-2019-9632 (ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability vi ...)
NOT-FOR-US: ESAFENET CDG
CVE-2019-9631 (Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBo ...)
+ {DLA-1752-1}
- poppler <unfixed> (bug #926673)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/736
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8122f6d6d409b53151a20c5578fc525ee97315e8
@@ -17558,6 +17591,7 @@ CVE-2019-3843
RESERVED
CVE-2019-3842 [unsafe environment usage in pam_systemd]
RESERVED
+ {DSA-4428-1}
- systemd 241-3
NOTE: https://bugs.launchpad.net/bugs/1812316
NOTE: https://github.com/systemd/systemd/commit/83d4ab55336ff8a0643c6aa627b31e351a24040a
@@ -24170,8 +24204,7 @@ CVE-2019-1800
RESERVED
CVE-2019-1799
RESERVED
-CVE-2019-1798 [A use-after-free condition may occur when scanning nested RAR archives]
- RESERVED
+CVE-2019-1798 (A vulnerability in the Portable Executable (PE) file scanning function ...)
- libclamunrar 0.101.2-1
[stretch] - libclamunrar <not-affected> (Vulnerable code only present in 0.101.1 and 0.101.0)
[jessie] - libclamunrar <not-affected> (Vulnerable code only present in 0.101.1 and 0.101.0)
@@ -24200,13 +24233,11 @@ CVE-2019-1789 [An out-of-bounds heap read condition when scanning PE files]
- clamav 0.101.2+dfsg-1
[stretch] - clamav <no-dsa> (Already fixed via SUA, pending inclusion in next point release)
NOTE: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
-CVE-2019-1788 [An out-of-bounds heap write condition when scanning OLE2 files]
- RESERVED
+CVE-2019-1788 (A vulnerability in the Object Linking & Embedding (OLE2) file scan ...)
- clamav 0.101.2+dfsg-1
[stretch] - clamav <no-dsa> (Already fixed via SUA, pending inclusion in next point release)
NOTE: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
-CVE-2019-1787 [An out-of-bounds heap read condition when scanning PDF documents]
- RESERVED
+CVE-2019-1787 (A vulnerability in the Portable Document Format (PDF) scanning functio ...)
- clamav 0.101.2+dfsg-1
[stretch] - clamav <no-dsa> (Already fixed via SUA, pending inclusion in next point release)
NOTE: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
@@ -27057,8 +27088,8 @@ CVE-2019-0823
RESERVED
CVE-2019-0822
RESERVED
-CVE-2019-0821
- RESERVED
+CVE-2019-0821 (An information disclosure vulnerability exists in the way that the Win ...)
+ TODO: check
CVE-2019-0820
RESERVED
CVE-2019-0819
@@ -27067,8 +27098,7 @@ CVE-2019-0818
RESERVED
CVE-2019-0817
RESERVED
-CVE-2019-0816 [extra ssh keys added to authorized_keys]
- RESERVED
+CVE-2019-0816 (A security feature bypass exists in Azure SSH Keypairs, due to a chang ...)
- cloud-init <unfixed> (low; bug #926043)
[buster] - cloud-init <no-dsa> (Doesn't affect default provisioning for Azure, only limited use cases)
[stretch] - cloud-init <no-dsa> (Doesn't affect default provisioning for Azure, only limited use cases)
@@ -27087,18 +27117,17 @@ CVE-2019-0811
RESERVED
CVE-2019-0810
RESERVED
-CVE-2019-0809
- RESERVED
-CVE-2019-0808
- RESERVED
+CVE-2019-0809 (A remote code execution vulnerability exists when the Visual Studio C+ ...)
+ TODO: check
+CVE-2019-0808 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ TODO: check
CVE-2019-0807
RESERVED
CVE-2019-0806
RESERVED
CVE-2019-0805
RESERVED
-CVE-2019-0804
- RESERVED
+CVE-2019-0804 (An information disclosure vulnerability exists in the way Azure WaLinu ...)
{DSA-4406-1 DLA-1709-1}
- waagent 2.2.34-3
CVE-2019-0803
@@ -27111,10 +27140,10 @@ CVE-2019-0800
RESERVED
CVE-2019-0799
RESERVED
-CVE-2019-0798
- RESERVED
-CVE-2019-0797
- RESERVED
+CVE-2019-0798 (A spoofing vulnerability exists when a Lync Server or Skype for Busine ...)
+ TODO: check
+CVE-2019-0797 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ TODO: check
CVE-2019-0796
RESERVED
CVE-2019-0795
@@ -27139,73 +27168,72 @@ CVE-2019-0786
RESERVED
CVE-2019-0785
RESERVED
-CVE-2019-0784
- RESERVED
-CVE-2019-0783
- RESERVED
-CVE-2019-0782
- RESERVED
+CVE-2019-0784 (A remote code execution vulnerability exists in the way that the Activ ...)
+ TODO: check
+CVE-2019-0783 (A remote code execution vulnerability exists in the way that the scrip ...)
+ TODO: check
+CVE-2019-0782 (An information disclosure vulnerability exists when the Windows kernel ...)
+ TODO: check
CVE-2019-0781
RESERVED
-CVE-2019-0780
- RESERVED
-CVE-2019-0779
- RESERVED
-CVE-2019-0778
- RESERVED
-CVE-2019-0777
- RESERVED
-CVE-2019-0776
- RESERVED
-CVE-2019-0775
- RESERVED
-CVE-2019-0774
- RESERVED
-CVE-2019-0773
- RESERVED
-CVE-2019-0772
- RESERVED
-CVE-2019-0771
- RESERVED
-CVE-2019-0770
- RESERVED
-CVE-2019-0769
- RESERVED
-CVE-2019-0768
- RESERVED
-CVE-2019-0767
- RESERVED
-CVE-2019-0766
- RESERVED
-CVE-2019-0765
- RESERVED
+CVE-2019-0780 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ TODO: check
+CVE-2019-0779 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
+ TODO: check
+CVE-2019-0778 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ TODO: check
+CVE-2019-0777 (A Cross-site Scripting (XSS) vulnerability exists when Team Foundation ...)
+ TODO: check
+CVE-2019-0776 (An information disclosure vulnerability exists when the win32k compone ...)
+ TODO: check
+CVE-2019-0775 (An information disclosure vulnerability exists when the Windows kernel ...)
+ TODO: check
+CVE-2019-0774 (An information disclosure vulnerability exists when the Windows GDI co ...)
+ TODO: check
+CVE-2019-0773 (A remote code execution vulnerability exists in the way that the scrip ...)
+ TODO: check
+CVE-2019-0772 (A remote code execution vulnerability exists in the way that the VBScr ...)
+ TODO: check
+CVE-2019-0771 (A remote code execution vulnerability exists in the way that the scrip ...)
+ TODO: check
+CVE-2019-0770 (A remote code execution vulnerability exists in the way that the scrip ...)
+ TODO: check
+CVE-2019-0769 (A remote code execution vulnerability exists in the way that the scrip ...)
+ TODO: check
+CVE-2019-0768 (A security feature bypass vulnerability exists when Internet Explorer ...)
+ TODO: check
+CVE-2019-0767 (An information disclosure vulnerability exists when the Windows kernel ...)
+ TODO: check
+CVE-2019-0766 (An elevation of privilege vulnerability exists in Windows AppX Deploym ...)
+ TODO: check
+CVE-2019-0765 (A remote code execution vulnerability exists in the way that comctl32. ...)
+ TODO: check
CVE-2019-0764
RESERVED
-CVE-2019-0763
- RESERVED
-CVE-2019-0762
- RESERVED
-CVE-2019-0761
- RESERVED
+CVE-2019-0763 (A remote code execution vulnerability exists when Internet Explorer im ...)
+ TODO: check
+CVE-2019-0762 (A security feature bypass vulnerability exists when Microsoft browsers ...)
+ TODO: check
+CVE-2019-0761 (A security feature bypass vulnerability exists when Internet Explorer ...)
+ TODO: check
CVE-2019-0760
RESERVED
-CVE-2019-0759
- RESERVED
+CVE-2019-0759 (An information disclosure vulnerability exists when the Windows Print ...)
+ TODO: check
CVE-2019-0758
RESERVED
-CVE-2019-0757
- RESERVED
+CVE-2019-0757 (A tampering vulnerability exists in the NuGet Package Manager for Linu ...)
- nuget <not-affected> (NuGet older than 4.3 is not affected, bug #926122)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1685475
NOTE: https://github.com/NuGet/Home/issues/7673
NOTE: https://github.com/NuGet/NuGet.Client/commit/d62db666c710bf95121fe8f5c6a6cbe01985456f?w=1
NOTE: https://github.com/NuGet/Home/issues/7673#issuecomment-478738369
-CVE-2019-0756
- RESERVED
-CVE-2019-0755
- RESERVED
-CVE-2019-0754
- RESERVED
+CVE-2019-0756 (A remote code execution vulnerability exists when the Microsoft XML Co ...)
+ TODO: check
+CVE-2019-0755 (An information disclosure vulnerability exists when the Windows kernel ...)
+ TODO: check
+CVE-2019-0754 (A denial of service vulnerability exists when Windows improperly handl ...)
+ TODO: check
CVE-2019-0753
RESERVED
CVE-2019-0752
@@ -27216,12 +27244,12 @@ CVE-2019-0750
RESERVED
CVE-2019-0749
RESERVED
-CVE-2019-0748
- RESERVED
+CVE-2019-0748 (A remote code execution vulnerability exists when the Microsoft Office ...)
+ TODO: check
CVE-2019-0747
RESERVED
-CVE-2019-0746
- RESERVED
+CVE-2019-0746 (An information disclosure vulnerability exists when the scripting engi ...)
+ TODO: check
CVE-2019-0745
RESERVED
CVE-2019-0744
@@ -27260,8 +27288,8 @@ CVE-2019-0728 (A remote code execution vulnerability exists in Visual Studio Cod
NOT-FOR-US: Microsoft
CVE-2019-0727
RESERVED
-CVE-2019-0726
- RESERVED
+CVE-2019-0726 (A memory corruption vulnerability exists in the Windows DHCP client wh ...)
+ TODO: check
CVE-2019-0725
RESERVED
CVE-2019-0724 (An elevation of privilege vulnerability exists in Microsoft Exchange S ...)
@@ -27304,38 +27332,38 @@ CVE-2019-0706
RESERVED
CVE-2019-0705
RESERVED
-CVE-2019-0704
- RESERVED
-CVE-2019-0703
- RESERVED
-CVE-2019-0702
- RESERVED
-CVE-2019-0701
- RESERVED
+CVE-2019-0704 (An information disclosure vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2019-0703 (An information disclosure vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2019-0702 (An information disclosure vulnerability exists when the Windows kernel ...)
+ TODO: check
+CVE-2019-0701 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
+ TODO: check
CVE-2019-0700
RESERVED
CVE-2019-0699
RESERVED
-CVE-2019-0698
- RESERVED
-CVE-2019-0697
- RESERVED
-CVE-2019-0696
- RESERVED
-CVE-2019-0695
- RESERVED
-CVE-2019-0694
- RESERVED
-CVE-2019-0693
- RESERVED
-CVE-2019-0692
- RESERVED
+CVE-2019-0698 (A memory corruption vulnerability exists in the Windows DHCP client wh ...)
+ TODO: check
+CVE-2019-0697 (A memory corruption vulnerability exists in the Windows DHCP client wh ...)
+ TODO: check
+CVE-2019-0696 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ TODO: check
+CVE-2019-0695 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
+ TODO: check
+CVE-2019-0694 (An elevation of privilege vulnerability exists due to an integer overf ...)
+ TODO: check
+CVE-2019-0693 (An elevation of privilege vulnerability exists due to an integer overf ...)
+ TODO: check
+CVE-2019-0692 (An elevation of privilege vulnerability exists due to an integer overf ...)
+ TODO: check
CVE-2019-0691
RESERVED
-CVE-2019-0690
- RESERVED
-CVE-2019-0689
- RESERVED
+CVE-2019-0690 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
+ TODO: check
+CVE-2019-0689 (An elevation of privilege vulnerability exists due to an integer overf ...)
+ TODO: check
CVE-2019-0688
RESERVED
CVE-2019-0687
@@ -27346,18 +27374,18 @@ CVE-2019-0685
RESERVED
CVE-2019-0684
RESERVED
-CVE-2019-0683
- RESERVED
-CVE-2019-0682
- RESERVED
+CVE-2019-0683 (An elevation of privilege vulnerability exists in Active Directory For ...)
+ TODO: check
+CVE-2019-0682 (An elevation of privilege vulnerability exists due to an integer overf ...)
+ TODO: check
CVE-2019-0681
RESERVED
-CVE-2019-0680
- RESERVED
+CVE-2019-0680 (A remote code execution vulnerability exists in the way that the scrip ...)
+ TODO: check
CVE-2019-0679
RESERVED
-CVE-2019-0678
- RESERVED
+CVE-2019-0678 (An elevation of privilege vulnerability exists when Microsoft Edge doe ...)
+ TODO: check
CVE-2019-0677
RESERVED
CVE-2019-0676 (An information disclosure vulnerability exists when Internet Explorer ...)
@@ -27378,12 +27406,12 @@ CVE-2019-0669 (An information disclosure vulnerability exists when Microsoft Exc
NOT-FOR-US: Microsoft
CVE-2019-0668 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
NOT-FOR-US: Microsoft
-CVE-2019-0667
- RESERVED
-CVE-2019-0666
- RESERVED
-CVE-2019-0665
- RESERVED
+CVE-2019-0667 (A remote code execution vulnerability exists in the way that the VBScr ...)
+ TODO: check
+CVE-2019-0666 (A remote code execution vulnerability exists in the way that the VBScr ...)
+ TODO: check
+CVE-2019-0665 (A remote code execution vulnerability exists in the way that the VBScr ...)
+ TODO: check
CVE-2019-0664 (An information disclosure vulnerability exists when the Windows GDI co ...)
NOT-FOR-US: Microsoft
CVE-2019-0663 (An information disclosure vulnerability exists when the Windows kernel ...)
@@ -27434,8 +27462,8 @@ CVE-2019-0641 (A security feature bypass vulnerability exists in Microsoft Edge
NOT-FOR-US: Microsoft
CVE-2019-0640 (A remote code execution vulnerability exists in the way that the scrip ...)
NOT-FOR-US: Microsoft
-CVE-2019-0639
- RESERVED
+CVE-2019-0639 (A remote code execution vulnerability exists in the way that the Chakr ...)
+ TODO: check
CVE-2019-0638
RESERVED
CVE-2019-0637 (A security feature bypass vulnerability exists when Windows Defender F ...)
@@ -27478,24 +27506,24 @@ CVE-2019-0619 (An information disclosure vulnerability exists when the Windows G
NOT-FOR-US: Microsoft
CVE-2019-0618 (A remote code execution vulnerability exists in the way that the Windo ...)
NOT-FOR-US: Microsoft
-CVE-2019-0617
- RESERVED
+CVE-2019-0617 (A remote code execution vulnerability exists when the Windows Jet Data ...)
+ TODO: check
CVE-2019-0616 (An information disclosure vulnerability exists when the Windows GDI co ...)
NOT-FOR-US: Microsoft
CVE-2019-0615 (An information disclosure vulnerability exists when the Windows GDI co ...)
NOT-FOR-US: Microsoft
-CVE-2019-0614
- RESERVED
+CVE-2019-0614 (An information disclosure vulnerability exists when the Windows GDI co ...)
+ TODO: check
CVE-2019-0613 (A remote code execution vulnerability exists in .NET Framework and Vis ...)
NOT-FOR-US: Microsoft
-CVE-2019-0612
- RESERVED
-CVE-2019-0611
- RESERVED
+CVE-2019-0612 (A security feature bypass vulnerability exists when Click2Play protect ...)
+ TODO: check
+CVE-2019-0611 (A remote code execution vulnerability exists in the way that the Chakr ...)
+ TODO: check
CVE-2019-0610 (A remote code execution vulnerability exists in the way that the scrip ...)
NOT-FOR-US: Microsoft
-CVE-2019-0609
- RESERVED
+CVE-2019-0609 (A remote code execution vulnerability exists in the way the scripting ...)
+ TODO: check
CVE-2019-0608
RESERVED
CVE-2019-0607 (A remote code execution vulnerability exists in the way that the scrip ...)
@@ -27506,8 +27534,8 @@ CVE-2019-0605 (A remote code execution vulnerability exists in the way that the
NOT-FOR-US: Microsoft
CVE-2019-0604 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
NOT-FOR-US: Microsoft
-CVE-2019-0603
- RESERVED
+CVE-2019-0603 (A remote code execution vulnerability exists in the way that Windows D ...)
+ TODO: check
CVE-2019-0602 (An information disclosure vulnerability exists when the Windows GDI co ...)
NOT-FOR-US: Microsoft
CVE-2019-0601 (An information disclosure vulnerability exists when the Human Interfac ...)
@@ -27528,8 +27556,8 @@ CVE-2019-0594 (A remote code execution vulnerability exists in Microsoft SharePo
NOT-FOR-US: Microsoft
CVE-2019-0593 (A remote code execution vulnerability exists in the way that the scrip ...)
NOT-FOR-US: Microsoft
-CVE-2019-0592
- RESERVED
+CVE-2019-0592 (A remote code execution vulnerability exists in the way that the Chakr ...)
+ TODO: check
CVE-2019-0591 (A remote code execution vulnerability exists in the way that the scrip ...)
NOT-FOR-US: Microsoft
CVE-2019-0590 (A remote code execution vulnerability exists in the way that the scrip ...)
@@ -29212,16 +29240,14 @@ CVE-2019-0219
RESERVED
CVE-2019-0218
RESERVED
-CVE-2019-0217 [mod_auth_digest access control bypass]
- RESERVED
+CVE-2019-0217 (In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition i ...)
{DSA-4422-1 DLA-1748-1}
- apache2 2.4.38-3
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0217
NOTE: https://svn.apache.org/r1855298
CVE-2019-0216
RESERVED
-CVE-2019-0215 [mod_ssl access control bypass]
- RESERVED
+CVE-2019-0215 (In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl ...)
- apache2 2.4.38-3
[stretch] - apache2 <not-affected> (Vulnerable code introduced later)
[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
@@ -29232,8 +29258,7 @@ CVE-2019-0213
RESERVED
CVE-2019-0212 (In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1 ...)
NOT-FOR-US: Apache HBase
-CVE-2019-0211 [Apache HTTP Server privilege escalation from modules' scripts]
- RESERVED
+CVE-2019-0211 (In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, w ...)
{DSA-4422-1}
- apache2 2.4.38-3
[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
@@ -53464,6 +53489,7 @@ CVE-2018-10244 (Suricata version 4.0.4 incorrectly handles the parsing of an Eth
NOTE: https://github.com/OISF/suricata/commit/f68bf3301ad4d25f0a5ecb13405f4e26316cdf8d
NOTE: https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/
CVE-2018-10243 (htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allow ...)
+ {DLA-1751-1}
- libhtp 1:0.5.28-1
- suricata 1:4.0.0-1
NOTE: suricata used the embedded copy of libhtp up to before 1:4.0.0-1.
@@ -53471,6 +53497,7 @@ CVE-2018-10243 (htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26
NOTE: https://github.com/OISF/libhtp/commit/eefd4b7d2be663f6067362f29c81e6edf909145a
NOTE: https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/
CVE-2018-10242 (Suricata version 4.0.4 incorrectly handles the parsing of the SSH bann ...)
+ {DLA-1751-1}
- suricata 1:4.0.5-1
NOTE: https://redmine.openinfosecfoundation.org/issues/2544
NOTE: https://redmine.openinfosecfoundation.org/issues/2542
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e7e16f99ca3995370406f2569e4af56bb9c720b4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e7e16f99ca3995370406f2569e4af56bb9c720b4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190409/941ccde1/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list