[Git][security-tracker-team/security-tracker][master] automatic update

Sun Apr 28 21:10:35 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a4dabd74 by security tracker role at 2019-04-28T20:10:26Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,12 +1,12 @@
-CVE-2019-11577 [DHCPv6: Fix a potential buffer overflow reading NA/TA addresses]
+CVE-2019-11577 (dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp ...)
 	- dhcpcd5 <unfixed> (bug #928105)
 	[stretch] - dhcpcd5 <not-affected> (Vulnerable code not present)
 	[jessie] - dhcpcd5 <not-affected> (Vulnerable code not present)
 	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6
-CVE-2019-11579 [DHCP: Fix a potential 1 byte read overflow with DHO_OPTSOVERLOADED]
+CVE-2019-11579 (dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO ...)
 	- dhcpcd5 <unfixed> (bug #928104)
 	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8
-CVE-2019-11578 [auth: Use consttime_memequal to avoid latency attack]
+CVE-2019-11578 (auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by pe ...)
 	- dhcpcd5 <unfixed> (bug #928056)
 	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233
 	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da
@@ -2295,6 +2295,7 @@ CVE-2019-10652 (An issue was discovered in flatCore 1.4.7. acp/acp.php allows re
 CVE-2019-10651
 	RESERVED
 CVE-2019-10650 (In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in ...)
+	{DSA-4436-1}
 	- imagemagick <unfixed> (bug #926091)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1532
 CVE-2019-10649 (In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SV ...)
@@ -3790,6 +3791,7 @@ CVE-2019-9958
 CVE-2019-9957
 	RESERVED
 CVE-2019-9956 (In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in ...)
+	{DSA-4436-1}
 	- imagemagick <unfixed> (bug #925395)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1523
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/34a6a5a45e83a4af852090b4e43f168a380df979
@@ -5291,6 +5293,7 @@ CVE-2019-9660 (Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html
 CVE-2019-9659 (The Chuango 433 MHz burglar-alarm product line uses static codes in th ...)
 	NOT-FOR-US: Chuango
 CVE-2019-9658 (Checkstyle before 8.18 loads external DTDs by default. ...)
+	{DLA-1768-1}
 	- checkstyle <unfixed> (low; bug #924598)
 	[buster] - checkstyle <no-dsa> (Minor issue)
 	[stretch] - checkstyle <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a4dabd746558910bb7b03f09b59ab6ef9ab9165f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a4dabd746558910bb7b03f09b59ab6ef9ab9165f
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190428/78a1923f/attachment.html>
