[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Aug 1 09:10:31 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7f3b4ffc by security tracker role at 2019-08-01T08:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2019-14467
+	RESERVED
+CVE-2019-14466
+	RESERVED
+CVE-2019-14465 (fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-b ...)
+	TODO: check
+CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a  ...)
+	TODO: check
+CVE-2019-14463 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...)
+	TODO: check
+CVE-2019-14462 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...)
+	TODO: check
+CVE-2019-14461
+	RESERVED
+CVE-2019-14460
+	RESERVED
+CVE-2019-14459 (nfdump 1.6.17 and earlier is affected by an integer overflow in the fu ...)
+	TODO: check
+CVE-2019-14458
+	RESERVED
+CVE-2019-14457
+	RESERVED
+CVE-2019-14456 (Opengear console server firmware releases prior to 4.5.0 have a stored ...)
+	TODO: check
+CVE-2019-14455
+	RESERVED
+CVE-2019-14454
+	RESERVED
+CVE-2013-7474
+	RESERVED
+CVE-2013-7473
+	RESERVED
 CVE-2019-14453
 	RESERVED
 CVE-2018-20953
@@ -9393,7 +9425,7 @@ CVE-2019-11347
 CVE-2018-20817 (SV_SteamAuthClient in various Activision Infinity Ward Call of Duty ga ...)
 	NOT-FOR-US: Activision
 CVE-2019-11555 (The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_ ...)
-	{DSA-4450-1}
+	{DSA-4450-1 DLA-1867-1}
 	- wpa 2:2.7+git20190128+0c1e29f-5 (bug #927463)
 	NOTE: https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt
 	NOTE: Patches: https://w1.fi/security/2019-5/
@@ -12244,8 +12276,7 @@ CVE-2019-10200
 	NOT-FOR-US: OpenShift
 CVE-2019-10199
 	RESERVED
-CVE-2019-10198
-	RESERVED
+CVE-2019-10198 (An authentication bypass vulnerability was discovered in foreman-tasks ...)
 	- foreman <itp> (bug #663101)
 CVE-2019-10197
 	RESERVED
@@ -12284,18 +12315,15 @@ CVE-2019-10190 (A vulnerability was discovered in DNS resolver component of knot
 	NOTE: https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html
 	NOTE: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/827
 	NOTE: https://www.openwall.com/lists/oss-security/2019/07/14/1
-CVE-2019-10189
-	RESERVED
-CVE-2019-10188
-	RESERVED
-CVE-2019-10187
-	RESERVED
+CVE-2019-10189 (A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teache ...)
+	TODO: check
+CVE-2019-10188 (A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teache ...)
+	TODO: check
+CVE-2019-10187 (A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users  ...)
 	- moodle <removed>
-CVE-2019-10186
-	RESERVED
+CVE-2019-10186 (A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sess ...)
 	- moodle <removed>
-CVE-2019-10185
-	RESERVED
+CVE-2019-10185 (It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was  ...)
 	- icedtea-web <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2
 	NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344
@@ -12306,13 +12334,11 @@ CVE-2019-10184 (undertow before version 2.0.23.Final is vulnerable to an informa
 CVE-2019-10183 (Virt-install(1) utility used to provision new virtual machines has int ...)
 	- virt-manager <not-affected> (Vulnerable code introduced in v2.2.0)
 	NOTE: https://www.redhat.com/archives/virt-tools-list/2019-July/msg00014.html
-CVE-2019-10182
-	RESERVED
+CVE-2019-10182 (It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly  ...)
 	- icedtea-web <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2
 	NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344
-CVE-2019-10181
-	RESERVED
+CVE-2019-10181 (It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 e ...)
 	- icedtea-web <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2
 	NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344
@@ -15142,17 +15168,17 @@ CVE-2019-9500 [brcmfmac: assure SSID length from firmware is limited]
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff (5.1-rc1)
 CVE-2019-9499 (The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built  ...)
-	{DSA-4430-1}
+	{DSA-4430-1 DLA-1867-1}
 	- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
 	NOTE: https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
 	NOTE: Patches: https://w1.fi/security/2019-4/
 CVE-2019-9498 (The implementations of EAP-PWD in hostapd EAP Server, when built again ...)
-	{DSA-4430-1}
+	{DSA-4430-1 DLA-1867-1}
 	- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
 	NOTE: https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
 	NOTE: Patches: https://w1.fi/security/2019-4/
 CVE-2019-9497 (The implementations of EAP-PWD in hostapd EAP Server and wpa_supplican ...)
-	{DSA-4430-1}
+	{DSA-4430-1 DLA-1867-1}
 	- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
 	NOTE: https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
 	NOTE: Patches: https://w1.fi/security/2019-4/
@@ -15164,7 +15190,7 @@ CVE-2019-9496 (An invalid authentication sequence could result in the hostapd pr
 	NOTE: Patches: https://w1.fi/security/2019-3/
 	NOTE: CONFIG_SAE=y enabled since 2:2.7~git20180706+420b5dd-1
 CVE-2019-9495 (The implementations of EAP-PWD in hostapd and wpa_supplicant are vulne ...)
-	{DSA-4430-1}
+	{DSA-4430-1 DLA-1867-1}
 	- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
 	NOTE: https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
 	NOTE: Patches: https://w1.fi/security/2019-2/
@@ -21375,8 +21401,8 @@ CVE-2019-7002
 	RESERVED
 CVE-2019-7001 (A SQL injection vulnerability in the WebUI component of IP Office Cont ...)
 	NOT-FOR-US: IP Office Contact Center
-CVE-2019-7000
-	RESERVED
+CVE-2019-7000 (A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura ...)
+	TODO: check
 CVE-2019-6999
 	RESERVED
 CVE-2019-6998
@@ -40593,6 +40619,7 @@ CVE-2019-0204 (A specifically crafted Docker image running under the root user c
 	- apache-mesos <itp> (bug #760315)
 CVE-2019-0203 [Remote unauthenticated denial-of-service in Subversion svnserve]
 	RESERVED
+	{DSA-4490-1}
 	- subversion 1.10.6-1
 	NOTE: https://subversion.apache.org/security/CVE-2019-0203-advisory.txt
 CVE-2019-0202 (The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to ...)
@@ -42645,7 +42672,7 @@ CVE-2018-18557 (LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1697
 	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/38
 	NOTE: https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66
-CVE-2018-20860 [out of bounds memory read in MED files]
+CVE-2018-20860 (libopenmpt before 0.3.13 allows a crash with malformed MED files. ...)
 	- libopenmpt 0.3.13-1 (low; bug #911584)
 	[stretch] - libopenmpt <no-dsa> (Minor issue)
 	NOTE: https://lib.openmpt.org/libopenmpt/2018/10/21/security-updates-0.3.13-0.2.10933-beta36-0.2.7561-beta20.5-p11-0.2.7386-beta20.3-p14/
@@ -60561,6 +60588,7 @@ CVE-2018-11783 (sslheaders plugin extracts information from the client certifica
 	NOTE: https://www.openwall.com/lists/oss-security/2019/02/13/6
 CVE-2018-11782 [Remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev']
 	RESERVED
+	{DSA-4490-1}
 	- subversion 1.10.6-1
 	NOTE: https://subversion.apache.org/security/CVE-2018-11782-advisory.txt
 CVE-2018-11781 (Apache SpamAssassin 3.4.2 fixes a local user code injection in the met ...)
@@ -185738,8 +185766,7 @@ CVE-2015-5298 [Google Login Plugin for Jenkins authentication bypass]
 	RESERVED
 	NOT-FOR-US: Plugin not packaged in Debian
 	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-10-12
-CVE-2015-5297 [general_composite_rect() integer overflow]
-	RESERVED
+CVE-2015-5297 (An integer overflow issue has been reported in the general_composite_r ...)
 	{DLA-1587-1}
 	- pixman 0.33.4-1
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=92027



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f3b4ffcfabdc5cd0e16effcf209a8fb2183c5e3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f3b4ffcfabdc5cd0e16effcf209a8fb2183c5e3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190801/468ee598/attachment.html>

More information about the debian-security-tracker-commits mailing list