[Git][security-tracker-team/security-tracker][master] automatic update

Fri Apr 19 09:10:27 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1ec40fd8 by security tracker role at 2019-04-19T08:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,36 @@
-CVE-2019-11324 [mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates]
+CVE-2019-11339 (The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 ...)
+	TODO: check
+CVE-2019-11338 (libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate ...)
+	TODO: check
+CVE-2019-11337
+	RESERVED
+CVE-2019-11336
+	RESERVED
+CVE-2019-11335
+	RESERVED
+CVE-2019-11334
+	RESERVED
+CVE-2019-11333
+	RESERVED
+CVE-2019-11332 (MKCMS 5.0 allows remote attackers to take over arbitrary user accounts ...)
+	TODO: check
+CVE-2019-11331 (Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 e ...)
+	TODO: check
+CVE-2019-11330
+	RESERVED
+CVE-2019-11329
+	RESERVED
+CVE-2019-11328
+	RESERVED
+CVE-2019-11327
+	RESERVED
+CVE-2019-11326
+	RESERVED
+CVE-2019-11325
+	RESERVED
+CVE-2019-11323
+	RESERVED
+CVE-2019-11324 (The urllib3 library before 1.24.2 for Python mishandles certain cases  ...)
 	- python-urllib3 <unfixed>
 	NOTE: https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4
 	NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/3
@@ -540,7 +572,7 @@ CVE-2019-11070 (WebKitGTK and WPE WebKit prior to version 2.24.1 failed to prope
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 	NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
-CVE-2019-11069 (Sequelize before 5.3.0 does not properly ensure that standard conformi ...)
+CVE-2019-11069 (Sequelize version 5 before 5.3.0 does not properly ensure that standar ...)
 	NOT-FOR-US: Sequelize
 CVE-2019-11068 (libxslt through 1.1.33 allows bypass of a protection mechanism because ...)
 	{DLA-1756-1}
@@ -691,8 +723,8 @@ CVE-2019-11017 (On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected
 	NOT-FOR-US: D-Link
 CVE-2019-11016 (Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. ...)
 	NOT-FOR-US: Elgg
-CVE-2019-11015
-	RESERVED
+CVE-2019-11015 (A vulnerability was found in the MIUI OS version 10.1.3.0 that allows  ...)
+	TODO: check
 CVE-2019-11014 (The VStarCam vstc.vscam.client library and vstc.vscam shared object, a ...)
 	NOT-FOR-US: VStarCam
 CVE-2019-11013
@@ -1025,8 +1057,8 @@ CVE-2019-10894 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15613
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b20e5d8aae2580e29c83ddaf0b6b2e640603e4aa
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-14.html
-CVE-2019-10893
-	RESERVED
+CVE-2019-10893 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open So ...)
+	TODO: check
 CVE-2019-10892
 	RESERVED
 CVE-2019-10891
@@ -5918,10 +5950,10 @@ CVE-2019-9164 (Command injection in Nagios XI before 5.5.11 allows an authentica
 	NOT-FOR-US: Nagios XI
 CVE-2019-9163
 	RESERVED
-CVE-2019-9161
-	RESERVED
-CVE-2019-9160
-	RESERVED
+CVE-2019-9161 (WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier ...)
+	TODO: check
+CVE-2019-9160 (WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier ...)
+	TODO: check
 CVE-2019-9159
 	RESERVED
 CVE-2019-9158
@@ -18796,10 +18828,10 @@ CVE-2019-3721
 	RESERVED
 CVE-2019-3720
 	RESERVED
-CVE-2019-3719
-	RESERVED
-CVE-2019-3718
-	RESERVED
+CVE-2019-3719 (Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote  ...)
+	TODO: check
+CVE-2019-3718 (Dell SupportAssist Client versions prior to 3.2.0.90 contain an improp ...)
+	TODO: check
 CVE-2019-3717
 	RESERVED
 CVE-2019-3716 (RSA Archer versions, prior to 6.5 SP2, contain an information exposure ...)
@@ -18814,7 +18846,7 @@ CVE-2019-3712 (Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wy
 	NOT-FOR-US: Dell
 CVE-2019-3711 (RSA Authentication Manager versions prior to 8.4 P1 contain an Insecur ...)
 	NOT-FOR-US: RSA
-CVE-2019-3710 (Dell Networking OS10 has been updated to address a vulnerability which ...)
+CVE-2019-3710 (Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptograp ...)
 	NOT-FOR-US: Dell Networking OS10
 CVE-2019-3709 (IsilonSD Management Server 1.1.0 contains a cross-site scripting vulne ...)
 	NOT-FOR-US: IsilonSD Management Server
@@ -20431,7 +20463,7 @@ CVE-2018-20343
 	RESERVED
 CVE-2018-20342 (The Floureon IP Camera SP012 provides a root terminal on a UART serial ...)
 	NOT-FOR-US: Floureon IP Camera SP012
-CVE-2018-20341 (WINMAGIC SecureDoc Disk Encryption before 8.3 has an Unquoted Search P ...)
+CVE-2018-20341 (WINMAGIC SecureDoc Disk Encryption software before 8.3 has an Unquoted ...)
 	NOT-FOR-US: WINMAGIC SecureDoc Disk Encryption
 CVE-2018-20340 (Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which c ...)
 	{DSA-4389-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ec40fd869a5f527f11e71c71b7a4d09ad3895ae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ec40fd869a5f527f11e71c71b7a4d09ad3895ae
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190419/86afe820/attachment.html>
