[Git][security-tracker-team/security-tracker][master] automatic update

Mon Apr 15 21:10:27 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a2fdf860 by security tracker role at 2019-04-15T20:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-11236 (In the urllib3 library through 1.24.1 for Python, CRLF injection is po ...)
+	TODO: check
+CVE-2019-11235
+	RESERVED
+CVE-2019-11234
+	RESERVED
 CVE-2019-11233
 	RESERVED
 CVE-2019-11232
@@ -347,6 +353,7 @@ CVE-2019-11070 (WebKitGTK and WPE WebKit prior to version 2.24.1 failed to prope
 CVE-2019-11069 (Sequelize before 5.3.0 does not properly ensure that standard conformi ...)
 	NOT-FOR-US: Sequelize
 CVE-2019-11068 (libxslt through 1.1.33 allows bypass of a protection mechanism because ...)
+	{DLA-1756-1}
 	- libxslt <unfixed> (bug #926895)
 	NOTE: https://gitlab.gnome.org/GNOME/libxslt/issues/12 (not public)
 	NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
@@ -11904,8 +11911,8 @@ CVE-2019-6611
 	RESERVED
 CVE-2019-6610 (On versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11.6.0-11 ...)
 	NOT-FOR-US: F5 BIG-IP
-CVE-2019-6609
-	RESERVED
+CVE-2019-6609 (Platform dependent weakness. This issue only impacts iSeries platforms ...)
+	TODO: check
 CVE-2019-6608 (On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14 ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2019-6607 (On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1 ...)
@@ -12789,7 +12796,8 @@ CVE-2018-20712 (A heap-based buffer over-read exists in the function d_expressio
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24043
 CVE-2018-20711
 	RESERVED
-CVE-2018-20710 (The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibY ...)
+CVE-2018-20710
+	REJECTED
 	- yaml-cpp <unfixed> (low; bug #919432)
 	[buster] - yaml-cpp <no-dsa> (Minor issue)
 	[stretch] - yaml-cpp <no-dsa> (Minor issue)
@@ -14714,16 +14722,16 @@ CVE-2019-5522
 	RESERVED
 CVE-2019-5521
 	RESERVED
-CVE-2019-5520
-	RESERVED
+CVE-2019-5520 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...)
+	TODO: check
 CVE-2019-5519 (VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-20190300 ...)
 	NOT-FOR-US: VMware
 CVE-2019-5518 (VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-20190300 ...)
 	NOT-FOR-US: VMware
-CVE-2019-5517
-	RESERVED
-CVE-2019-5516
-	RESERVED
+CVE-2019-5517 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...)
+	TODO: check
+CVE-2019-5516 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...)
+	TODO: check
 CVE-2019-5515 (VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion ...)
 	NOT-FOR-US: VMware
 CVE-2019-5514 (VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerab ...)
@@ -17386,10 +17394,10 @@ CVE-2019-4205
 	RESERVED
 CVE-2019-4204
 	RESERVED
-CVE-2019-4203
-	RESERVED
-CVE-2019-4202
-	RESERVED
+CVE-2019-4203 (IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited  ...)
+	TODO: check
+CVE-2019-4202 (IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to  ...)
+	TODO: check
 CVE-2019-4201
 	RESERVED
 CVE-2019-4200
@@ -17436,8 +17444,8 @@ CVE-2019-4180
 	RESERVED
 CVE-2019-4179
 	RESERVED
-CVE-2019-4178
-	RESERVED
+CVE-2019-4178 (IBM Cognos Analytics 11 could allow a remote attacker to traverse dire ...)
+	TODO: check
 CVE-2019-4177
 	RESERVED
 CVE-2019-4176
@@ -17768,8 +17776,8 @@ CVE-2019-4014 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
 	NOT-FOR-US: IBM
 CVE-2019-4013 (IBM BigFix Platform 9.5 could allow any authenticated user to upload a ...)
 	NOT-FOR-US: IBM
-CVE-2019-4012
-	RESERVED
+CVE-2019-4012 (IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is  ...)
+	TODO: check
 CVE-2019-4011
 	RESERVED
 CVE-2019-4010
@@ -29814,8 +29822,8 @@ CVE-2019-0234
 	RESERVED
 CVE-2019-0233
 	RESERVED
-CVE-2019-0232
-	RESERVED
+CVE-2019-0232 (When running on Windows with enableCmdLineArguments enabled, the CGI S ...)
+	TODO: check
 CVE-2019-0231
 	RESERVED
 	NOT-FOR-US: Apache MINA
@@ -77780,8 +77788,8 @@ CVE-2018-1927 (IBM StoredIQ 7.6 is vulnerable to cross-site request forgery whic
 	NOT-FOR-US: IBM
 CVE-2018-1926 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console  ...)
 	NOT-FOR-US: IBM
-CVE-2018-1925
-	RESERVED
+CVE-2018-1925 (IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryp ...)
+	TODO: check
 CVE-2018-1924
 	RESERVED
 CVE-2018-1923 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2fdf86066fd94af6e77c9e2012c1eb107c604ca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2fdf86066fd94af6e77c9e2012c1eb107c604ca
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190415/16ba048e/attachment.html>
