[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 26 21:10:28 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2d70ed20 by security tracker role at 2019-04-26T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -134,8 +134,8 @@ CVE-2019-11495
RESERVED
CVE-2019-11494
RESERVED
-CVE-2019-11493
- RESERVED
+CVE-2019-11493 (VeryPDF 4.1 has a Memory Overflow leading to Code Execution because pd ...)
+ TODO: check
CVE-2019-11492
RESERVED
CVE-2019-11491
@@ -795,10 +795,10 @@ CVE-2019-11221 (GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in
[stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/f4616202e5578e65746cf7e7ceeba63bee1b094b
NOTE: https://github.com/gpac/gpac/issues/1203
-CVE-2019-11220
- RESERVED
-CVE-2019-11219
- RESERVED
+CVE-2019-11220 (An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows rem ...)
+ TODO: check
+CVE-2019-11219 (The algorithm used to generate device IDs (UIDs) for devices that util ...)
+ TODO: check
CVE-2019-11218 (Improper handling of extra parameters in the AccountController (User P ...)
NOT-FOR-US: Bonobo Git Server
CVE-2019-11217 (The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 a ...)
@@ -1224,8 +1224,8 @@ CVE-2019-11029
RESERVED
CVE-2019-11028 (GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing ...)
NOT-FOR-US: GAT-Ship Web Module
-CVE-2015-9284
- RESERVED
+CVE-2015-9284 (The request phase of the OmniAuth Ruby gem is vulnerable to Cross-Site ...)
+ TODO: check
CVE-2019-11027
RESERVED
CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infini ...)
@@ -4774,8 +4774,7 @@ CVE-2019-9815
RESERVED
CVE-2019-9814
RESERVED
-CVE-2019-9813
- RESERVED
+CVE-2019-9813 (Incorrect handling of __proto__ mutations may lead to type confusion i ...)
{DSA-4417-1 DLA-1727-1}
- firefox 66.0.1-1
- firefox-esr 60.6.1esr-1
@@ -4785,47 +4784,37 @@ CVE-2019-9812
RESERVED
CVE-2019-9811
RESERVED
-CVE-2019-9810
- RESERVED
+CVE-2019-9810 (Incorrect alias information in IonMonkey JIT compiler for Array.protot ...)
{DSA-4417-1 DLA-1727-1}
- firefox 66.0.1-1
- firefox-esr 60.6.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9810
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/#CVE-2019-9810
-CVE-2019-9809
- RESERVED
+CVE-2019-9809 (If the source for resources on a page is through an FTP connection, it ...)
- firefox 66.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9809
-CVE-2019-9808
- RESERVED
+CVE-2019-9808 (If WebRTC permission is requested from documents with data: or blob: U ...)
- firefox 66.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9808
-CVE-2019-9807
- RESERVED
+CVE-2019-9807 (When arbitrary text is sent over an FTP connection and a page reload i ...)
- firefox 66.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9807
-CVE-2019-9806
- RESERVED
+CVE-2019-9806 (A vulnerability exists during authorization prompting for FTP transact ...)
- firefox 66.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9806
-CVE-2019-9805
- RESERVED
+CVE-2019-9805 (A latent vulnerability exists in the Prio library where data may be re ...)
- firefox 66.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9805
-CVE-2019-9804
- RESERVED
+CVE-2019-9804 (In Firefox Developer Tools it is possible that pasting the result of t ...)
- firefox <not-affected> (MacOS-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9804
-CVE-2019-9803
- RESERVED
+CVE-2019-9803 (The Upgrade-Insecure-Requests (UIR) specification states that if UIR i ...)
- firefox 66.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9803
-CVE-2019-9802
- RESERVED
+CVE-2019-9802 (If a Sandbox content process is compromised, it can initiate an FTP do ...)
- firefox 66.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9802
-CVE-2019-9801
- RESERVED
+CVE-2019-9801 (Firefox will accept any registered Program ID as an external protocol ...)
- firefox-esr <not-affected> (Windows-specific)
- firefox <not-affected> (Windows-specific)
- thunderbird <not-affected> (Windows-specific)
@@ -4834,20 +4823,16 @@ CVE-2019-9801
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9801
CVE-2019-9800
RESERVED
-CVE-2019-9799
- RESERVED
+CVE-2019-9799 (Insufficient bounds checking of data during inter-process communicatio ...)
- firefox 66.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9799
-CVE-2019-9798
- RESERVED
+CVE-2019-9798 (On Android systems, Firefox can load a library from APITRACE_LIB, whic ...)
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9798
-CVE-2019-9797
- RESERVED
+CVE-2019-9797 (Cross-origin images can be read in violation of the same-origin policy ...)
- firefox 66.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9797
-CVE-2019-9796
- RESERVED
+CVE-2019-9796 (A use-after-free vulnerability can occur when the SMIL animation contr ...)
{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
@@ -4855,8 +4840,7 @@ CVE-2019-9796
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9796
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9796
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9796
-CVE-2019-9795
- RESERVED
+CVE-2019-9795 (A vulnerability where type-confusion in the IonMonkey just-in-time (JI ...)
{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
@@ -4864,16 +4848,14 @@ CVE-2019-9795
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9795
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9795
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9795
-CVE-2019-9794
- RESERVED
+CVE-2019-9794 (A vulnerability was discovered where specific command line arguments a ...)
- firefox-esr <not-affected> (Windows-specific)
- firefox <not-affected> (Windows-specific)
- thunderbird <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9794
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9794
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9794
-CVE-2019-9793
- RESERVED
+CVE-2019-9793 (A mechanism was discovered that removes some bounds checking for strin ...)
{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
@@ -4881,8 +4863,7 @@ CVE-2019-9793
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9793
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9793
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9793
-CVE-2019-9792
- RESERVED
+CVE-2019-9792 (The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTI ...)
{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
@@ -4890,8 +4871,7 @@ CVE-2019-9792
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9792
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9792
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9792
-CVE-2019-9791
- RESERVED
+CVE-2019-9791 (The type inference system allows the compilation of functions that can ...)
{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
@@ -4899,8 +4879,7 @@ CVE-2019-9791
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9791
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9791
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9791
-CVE-2019-9790
- RESERVED
+CVE-2019-9790 (A use-after-free vulnerability can occur when a raw pointer to a DOM e ...)
{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
@@ -4908,12 +4887,10 @@ CVE-2019-9790
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9790
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9790
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9790
-CVE-2019-9789
- RESERVED
+CVE-2019-9789 (Mozilla developers and community members reported memory safety bugs p ...)
- firefox 66.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9789
-CVE-2019-9788
- RESERVED
+CVE-2019-9788 (Mozilla developers and community members reported memory safety bugs p ...)
{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
@@ -12556,8 +12533,8 @@ CVE-2019-6690 (python-gnupg 0.4.3 allows context-dependent attackers to trick gn
NOTE: https://github.com/vsajip/python-gnupg/commit/3003b654ca1c29b0510a54b9848571b3ad57df19#diff-88b99bb28683bd5b7e3a204826ead112
CVE-2018-1000997 (A path traversal vulnerability exists in the Stapler web framework use ...)
NOT-FOR-US: Jenkins
-CVE-2019-6689
- RESERVED
+CVE-2019-6689 (An issue was discovered in Dillon Kane Tidal Workload Automation Agent ...)
+ TODO: check
CVE-2019-6688
RESERVED
CVE-2019-6687
@@ -19439,12 +19416,12 @@ CVE-2019-3709 (IsilonSD Management Server 1.1.0 contains a cross-site scripting
NOT-FOR-US: IsilonSD Management Server
CVE-2019-3708 (IsilonSD Management Server 1.1.0 contains a cross-site scripting vulne ...)
NOT-FOR-US: IsilonSD Management Server
-CVE-2019-3707
- RESERVED
-CVE-2019-3706
- RESERVED
-CVE-2019-3705
- RESERVED
+CVE-2019-3707 (Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication ...)
+ TODO: check
+CVE-2019-3706 (Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 a ...)
+ TODO: check
+CVE-2019-3705 (Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior t ...)
+ TODO: check
CVE-2019-3704 (VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1 ...)
NOT-FOR-US: EMC
CVE-2019-3703
@@ -23100,8 +23077,8 @@ CVE-2019-2727
RESERVED
CVE-2019-2726
RESERVED
-CVE-2019-2725
- RESERVED
+CVE-2019-2725 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
CVE-2019-2724
RESERVED
CVE-2019-2723 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
@@ -30834,8 +30811,8 @@ CVE-2019-0188
CVE-2019-0187 (Unauthenticated RCE is possible when JMeter is used in distributed mod ...)
- jakarta-jmeter <undetermined>
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62743
-CVE-2019-0186
- RESERVED
+CVE-2019-0186 (The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 an ...)
+ TODO: check
CVE-2018-19277 (securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypa ...)
NOT-FOR-US: PHPOffice
CVE-2018-19276 (OpenMRS before 2.24.0 is affected by an Insecure Object Deserializatio ...)
@@ -32922,19 +32899,17 @@ CVE-2018-18515
RESERVED
CVE-2018-18514
RESERVED
-CVE-2018-18513
- RESERVED
-CVE-2018-18512
- RESERVED
-CVE-2018-18511
- RESERVED
+CVE-2018-18513 (A crash can occur when processing a crafted S/MIME message or an XPI p ...)
+ TODO: check
+CVE-2018-18512 (A use-after-free vulnerability can occur while playing a sound notific ...)
+ TODO: check
+CVE-2018-18511 (Cross-origin images can be read from a canvas element in violation of ...)
- firefox 65.0.1-1
- skia <itp> (bug #818180)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2018-18511
-CVE-2018-18510
- RESERVED
-CVE-2018-18509
- RESERVED
+CVE-2018-18510 (The about:crashcontent and about:crashparent pages can be triggered by ...)
+ TODO: check
+CVE-2018-18509 (A flaw during verification of certain S/MIME signatures causes emails ...)
{DSA-4392-1 DLA-1678-1}
- thunderbird 1:60.5.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18511
@@ -40688,6 +40663,7 @@ CVE-2018-15589
CVE-2018-15588 (MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in ...)
NOT-FOR-US: MailMate
CVE-2018-15587 (GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being sp ...)
+ {DLA-1766-1}
- evolution <unfixed> (bug #924616)
NOTE: https://gitlab.gnome.org/GNOME/evolution/issues/120
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=796424
@@ -40770,14 +40746,14 @@ CVE-2003-1605 (curl 7.x before 7.10.7 sends CONNECT proxy credentials to the rem
NOTE: https://curl.haxx.se/docs/CVE-2003-1605.html
CVE-2018-15585 (Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD ...)
NOT-FOR-US: GNUBOARD
-CVE-2018-15584
- RESERVED
+CVE-2018-15584 (Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update ...)
+ TODO: check
CVE-2018-15583 (Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD ...)
NOT-FOR-US: GNUBOARD
CVE-2018-15582
RESERVED
-CVE-2018-15581
- RESERVED
+CVE-2018-15581 (Cross-Site Scripting (XSS) vulnerability in adm/faqmasterformupdate.ph ...)
+ TODO: check
CVE-2018-15580
RESERVED
CVE-2018-15579
@@ -69679,8 +69655,7 @@ CVE-2018-5181 (If a URL using the "file:" protocol is dragged and dropped onto a
CVE-2018-5180 (A use-after-free vulnerability can occur during WebGL operations. Whil ...)
- firefox 60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5180
-CVE-2018-5179
- RESERVED
+CVE-2018-5179 (A service worker can send the activate event on itself periodically wh ...)
{DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -69930,8 +69905,7 @@ CVE-2018-5125 (Memory safety bugs were reported in Firefox 58 and Firefox ESR 52
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
-CVE-2018-5124
- RESERVED
+CVE-2018-5124 (Unsanitized output in the browser UI leaves HTML tags in place and can ...)
- firefox 58.0.1-1
- firefox-esr <not-affected> (Vulnerable code introduced later than 52)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d70ed2082f95f0214d111bfbb6cd57484a8c757
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d70ed2082f95f0214d111bfbb6cd57484a8c757
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190426/8b54fc08/attachment.html>
More information about the debian-security-tracker-commits
mailing list