[Git][security-tracker-team/security-tracker][master] automatic update

Sat Apr 13 09:10:29 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3e50c3d8 by security tracker role at 2019-04-13T08:10:21Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2019-11227
+	RESERVED
+CVE-2019-11226
+	RESERVED
+CVE-2019-11225
+	RESERVED
+CVE-2019-11224
+	RESERVED
+CVE-2019-11223
+	RESERVED
+CVE-2017-18366 (Subrion CMS 4.1.5 has CSRF in blog/delete/. ...)
+	TODO: check
 CVE-2019-11222 (gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overfl ...)
 	- gpac <unfixed> (bug #926961)
 	[stretch] - gpac <no-dsa> (Minor issue)
@@ -12039,8 +12051,8 @@ CVE-2019-6528 (PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Un
 	NOT-FOR-US: PSI GridConnect GmbH
 CVE-2019-6527 (PR100088 Modbus gateway versions prior to Release R02 (or Software Ver ...)
 	NOT-FOR-US: PR100088 Modbus
-CVE-2019-6526
-	RESERVED
+CVE-2019-6526 (Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version ...)
+	TODO: check
 CVE-2019-6525 (AVEVA Wonderware System Platform 2017 Update 2 and prior uses an Arche ...)
 	NOT-FOR-US: AVEVA Wonderware System Platform
 CVE-2019-6524 (Moxa IKS and EDS do not implement sufficient measures to prevent multi ...)
@@ -17993,8 +18005,7 @@ CVE-2019-3892 [fix race condition between mmget_not_zero()/get_task_mm() and cor
 	RESERVED
 	- linux <unfixed>
 	NOTE: https://marc.info/?l=linux-mm&m=155355419911404&w=2
-CVE-2019-3891
-	RESERVED
+CVE-2019-3891 (It was discovered that a world-readable log file belonging to Candlepi ...)
 	NOT-FOR-US: Candlepin
 CVE-2019-3890
 	RESERVED
@@ -32861,7 +32872,8 @@ CVE-2019-0036 (When configuring a stateless firewall filter in Junos OS, terms n
 	NOT-FOR-US: Juniper
 CVE-2019-0035 (When "set system ports console insecure" is enabled, root login is dis ...)
 	NOT-FOR-US: Juniper
-CVE-2019-0034 (Starting with Junos OS Release 16.1R3, the Junos Telemetry Interface s ...)
+CVE-2019-0034
+	REJECTED
 	NOT-FOR-US: Juniper
 CVE-2019-0033 (A firewall bypass vulnerability in the proxy ARP service of Juniper Ne ...)
 	NOT-FOR-US: Juniper
@@ -112200,8 +112212,7 @@ CVE-2017-7778 (A number of security vulnerabilities in the Graphite 2 library in
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7778
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7778
-CVE-2017-7777
-	RESERVED
+CVE-2017-7777 (Use of uninitialized memory in Graphite2 library in Firefox before 54  ...)
 	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
 	- graphite2 1.3.10-1
 	- firefox 54.0-1
@@ -112209,8 +112220,7 @@ CVE-2017-7777
 	- icedove 1:52.2.0-1
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1349310
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1358551
-CVE-2017-7776
-	RESERVED
+CVE-2017-7776 (Heap-based Buffer Overflow read in Graphite2 library in Firefox before ...)
 	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
 	- graphite2 1.3.10-1
 	- firefox 54.0-1
@@ -112219,16 +112229,14 @@ CVE-2017-7776
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1356607
 CVE-2017-7775
 	REJECTED
-CVE-2017-7774
-	RESERVED
+CVE-2017-7774 (Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphi ...)
 	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
 	- graphite2 1.3.10-1
 	- firefox 54.0-1
 	- firefox-esr 52.2.0esr-1
 	- icedove 1:52.2.0-1
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1355174
-CVE-2017-7773
-	RESERVED
+CVE-2017-7773 (Heap-based Buffer Overflow write in Graphite2 library in Firefox befor ...)
 	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
 	- graphite2 1.3.10-1
 	- firefox 54.0-1
@@ -112242,8 +112250,7 @@ CVE-2017-7772 (Heap-based Buffer Overflow in Graphite2 library in Firefox before
 	- firefox-esr 52.2.0esr-1
 	- icedove 1:52.2.0-1
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352745
-CVE-2017-7771
-	RESERVED
+CVE-2017-7771 (Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphi ...)
 	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
 	- graphite2 1.3.10-1
 	- firefox 54.0-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3e50c3d841d6d75b92300085e6caad077845e83c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3e50c3d841d6d75b92300085e6caad077845e83c
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190413/6e38c092/attachment.html>
