[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Aug 2 21:11:04 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3ad6017e by security tracker role at 2019-08-02T20:10:44Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2019-14535
+	RESERVED
+CVE-2019-14534
+	RESERVED
+CVE-2019-14533
+	RESERVED
+CVE-2019-14532 (An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off ...)
+	TODO: check
+CVE-2019-14531 (An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out ...)
+	TODO: check
+CVE-2019-14530
+	RESERVED
+CVE-2019-14529 (OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/s ...)
+	TODO: check
+CVE-2019-14528 (GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/ ...)
+	TODO: check
+CVE-2019-14527
+	RESERVED
+CVE-2019-14526
+	RESERVED
+CVE-2019-14525
+	RESERVED
+CVE-2019-14524 (An issue was discovered in Schism Tracker through 20190722. There is a ...)
+	TODO: check
+CVE-2019-14523 (An issue was discovered in Schism Tracker through 20190722. There is a ...)
+	TODO: check
 CVE-2019-14522
 	RESERVED
 CVE-2019-14521
@@ -350,170 +376,170 @@ CVE-2017-18465
 	RESERVED
 CVE-2017-18464
 	RESERVED
-CVE-2017-18463
-	RESERVED
+CVE-2017-18463 (cPanel before 62.0.17 allows code execution in the context of the root ...)
+	TODO: check
 CVE-2017-18462
 	RESERVED
-CVE-2017-18461
-	RESERVED
-CVE-2017-18460
-	RESERVED
-CVE-2017-18459
-	RESERVED
-CVE-2017-18458
-	RESERVED
-CVE-2017-18457
-	RESERVED
-CVE-2017-18456
-	RESERVED
-CVE-2017-18455
-	RESERVED
-CVE-2017-18454
-	RESERVED
-CVE-2017-18453
-	RESERVED
-CVE-2017-18452
-	RESERVED
-CVE-2017-18451
-	RESERVED
-CVE-2017-18450
-	RESERVED
-CVE-2017-18449
-	RESERVED
-CVE-2017-18448
-	RESERVED
-CVE-2017-18447
-	RESERVED
-CVE-2017-18446
-	RESERVED
-CVE-2017-18445
-	RESERVED
-CVE-2017-18444
-	RESERVED
-CVE-2017-18443
-	RESERVED
-CVE-2017-18442
-	RESERVED
-CVE-2017-18441
-	RESERVED
-CVE-2017-18440
-	RESERVED
-CVE-2017-18439
-	RESERVED
-CVE-2017-18438
-	RESERVED
-CVE-2017-18437
-	RESERVED
-CVE-2017-18436
-	RESERVED
-CVE-2017-18435
-	RESERVED
-CVE-2017-18434
-	RESERVED
-CVE-2017-18433
-	RESERVED
-CVE-2017-18432
-	RESERVED
-CVE-2017-18431
-	RESERVED
-CVE-2017-18430
-	RESERVED
-CVE-2017-18429
-	RESERVED
-CVE-2017-18428
-	RESERVED
-CVE-2017-18427
-	RESERVED
-CVE-2017-18426
-	RESERVED
-CVE-2017-18425
-	RESERVED
-CVE-2017-18424
-	RESERVED
-CVE-2017-18423
-	RESERVED
-CVE-2017-18422
-	RESERVED
-CVE-2017-18421
-	RESERVED
-CVE-2017-18420
-	RESERVED
-CVE-2017-18419
-	RESERVED
-CVE-2017-18418
-	RESERVED
-CVE-2017-18417
-	RESERVED
-CVE-2017-18416
-	RESERVED
-CVE-2017-18415
-	RESERVED
-CVE-2017-18414
-	RESERVED
-CVE-2017-18413
-	RESERVED
-CVE-2017-18412
-	RESERVED
-CVE-2017-18411
-	RESERVED
-CVE-2017-18410
-	RESERVED
-CVE-2017-18409
-	RESERVED
-CVE-2017-18408
-	RESERVED
-CVE-2017-18407
-	RESERVED
-CVE-2017-18406
-	RESERVED
-CVE-2017-18405
-	RESERVED
-CVE-2017-18404
-	RESERVED
-CVE-2017-18403
-	RESERVED
-CVE-2017-18402
-	RESERVED
-CVE-2017-18401
-	RESERVED
-CVE-2017-18400
-	RESERVED
-CVE-2017-18399
-	RESERVED
-CVE-2017-18398
-	RESERVED
-CVE-2017-18397
-	RESERVED
-CVE-2017-18396
-	RESERVED
-CVE-2017-18395
-	RESERVED
-CVE-2017-18394
-	RESERVED
-CVE-2017-18393
-	RESERVED
-CVE-2017-18392
-	RESERVED
-CVE-2017-18391
-	RESERVED
-CVE-2017-18390
-	RESERVED
-CVE-2017-18389
-	RESERVED
-CVE-2017-18388
-	RESERVED
-CVE-2017-18387
-	RESERVED
-CVE-2017-18386
-	RESERVED
-CVE-2017-18385
-	RESERVED
-CVE-2017-18384
-	RESERVED
-CVE-2017-18383
-	RESERVED
-CVE-2017-18382
-	RESERVED
+CVE-2017-18461 (cPanel before 62.0.17 allows does not preserve security policy questio ...)
+	TODO: check
+CVE-2017-18460 (cPanel before 62.0.17 allows arbitrary code execution during automatic ...)
+	TODO: check
+CVE-2017-18459 (cPanel before 62.0.17 allows arbitrary code execution during account m ...)
+	TODO: check
+CVE-2017-18458 (cPanel before 62.0.17 allows file overwrite when renaming an account ( ...)
+	TODO: check
+CVE-2017-18457 (cPanel before 62.0.17 allows arbitrary file-read operations via WHM /s ...)
+	TODO: check
+CVE-2017-18456 (cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity ...)
+	TODO: check
+CVE-2017-18455 (In cPanel before 62.0.17, addon domain conversion did not require a pa ...)
+	TODO: check
+CVE-2017-18454 (cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install in ...)
+	TODO: check
+CVE-2017-18453 (cPanel before 64.0.21 does not preserve supplemental groups across acc ...)
+	TODO: check
+CVE-2017-18452 (cPanel before 64.0.21 allows code execution via Rails configuration fi ...)
+	TODO: check
+CVE-2017-18451 (cPanel before 64.0.21 allows attackers to read a user's crontab file d ...)
+	TODO: check
+CVE-2017-18450 (cPanel before 64.0.21 allows certain file-chmod operations via /script ...)
+	TODO: check
+CVE-2017-18449 (cPanel before 64.0.21 allows certain file-rename operations in the con ...)
+	TODO: check
+CVE-2017-18448 (cPanel before 64.0.21 allows certain file-read operations via a Server ...)
+	TODO: check
+CVE-2017-18447 (cPanel before 64.0.21 allows demo accounts to execute code via the Cla ...)
+	TODO: check
+CVE-2017-18446 (cPanel before 64.0.21 allows file-read and file-write operations for d ...)
+	TODO: check
+CVE-2017-18445 (cPanel before 64.0.21 does not enforce demo restrictions for SSL API c ...)
+	TODO: check
+CVE-2017-18444 (cPanel before 64.0.21 allows demo accounts to execute SSH API commands ...)
+	TODO: check
+CVE-2017-18443 (cPanel before 64.0.21 allows demo and suspended accounts to use SSH po ...)
+	TODO: check
+CVE-2017-18442 (cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI AP ...)
+	TODO: check
+CVE-2017-18441 (cPanel before 64.0.21 allows demo accounts to redirect web traffic (SE ...)
+	TODO: check
+CVE-2017-18440 (cPanel before 64.0.21 allows demo users to execute traceroute via api2 ...)
+	TODO: check
+CVE-2017-18439 (cPanel before 64.0.21 allows demo accounts to execute code via an Imag ...)
+	TODO: check
+CVE-2017-18438 (cPanel before 64.0.21 allows demo accounts to execute code via Encodin ...)
+	TODO: check
+CVE-2017-18437 (cPanel before 64.0.21 allows a Webmail account to execute code via for ...)
+	TODO: check
+CVE-2017-18436 (cPanel before 64.0.21 allows demo accounts to read files via a Fileman ...)
+	TODO: check
+CVE-2017-18435 (cPanel before 64.0.21 allows demo accounts to execute code via the Box ...)
+	TODO: check
+CVE-2017-18434 (cPanel before 64.0.21 allows code execution in the context of the root ...)
+	TODO: check
+CVE-2017-18433 (cPanel before 64.0.21 allows code execution by webmail and demo accoun ...)
+	TODO: check
+CVE-2017-18432 (In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a  ...)
+	TODO: check
+CVE-2017-18431 (cPanel before 66.0.1 does not reliably perform suspend/unsuspend opera ...)
+	TODO: check
+CVE-2017-18430 (In cPanel before 66.0.2, user and group ownership may be incorrectly s ...)
+	TODO: check
+CVE-2017-18429 (In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persis ...)
+	TODO: check
+CVE-2017-18428 (In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily ...)
+	TODO: check
+CVE-2017-18427 (In cPanel before 66.0.2, weak log-file permissions can occur after acc ...)
+	TODO: check
+CVE-2017-18426 (cPanel before 66.0.2 allows resellers to read other accounts' domain l ...)
+	TODO: check
+CVE-2017-18425 (In cPanel before 66.0.2, the cpdavd_error_log file can be created with ...)
+	TODO: check
+CVE-2017-18424 (In cPanel before 66.0.2, the Apache HTTP Server configuration file is  ...)
+	TODO: check
+CVE-2017-18423 (In cPanel before 66.0.2, domain log files become readable after log pr ...)
+	TODO: check
+CVE-2017-18422 (In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog owne ...)
+	TODO: check
+CVE-2017-18421 (cPanel before 66.0.2 allows demo accounts to create databases and user ...)
+	TODO: check
+CVE-2017-18420 (cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing  ...)
+	TODO: check
+CVE-2017-18419 (cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallat ...)
+	TODO: check
+CVE-2017-18418 (cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operat ...)
+	TODO: check
+CVE-2017-18417 (cPanel before 66.0.2 allows stored XSS during WHM cPAddons installatio ...)
+	TODO: check
+CVE-2017-18416 (cPanel before 67.9999.103 allows arbitrary file-overwrite operations d ...)
+	TODO: check
+CVE-2017-18415 (cPanel before 67.9999.103 allows code execution in the context of the  ...)
+	TODO: check
+CVE-2017-18414 (cPanel before 67.9999.103 allows an open redirect in /unprotected/redi ...)
+	TODO: check
+CVE-2017-18413 (In cPanel before 67.9999.103, the backup system overwrites root's home ...)
+	TODO: check
+CVE-2017-18412 (cPanel before 67.9999.103 allows Apache HTTP Server log files to becom ...)
+	TODO: check
+CVE-2017-18411 (The "addon domain conversion" feature in cPanel before 67.9999.103 can ...)
+	TODO: check
+CVE-2017-18410 (In cPanel before 67.9999.103, a user account's backup archive could co ...)
+	TODO: check
+CVE-2017-18409 (In cPanel before 67.9999.103, the backup interface could return a back ...)
+	TODO: check
+CVE-2017-18408 (cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Chan ...)
+	TODO: check
+CVE-2017-18407 (cPanel before 67.9999.103 does not enforce SSL hostname verification f ...)
+	TODO: check
+CVE-2017-18406 (cPanel before 67.9999.103 allows SQL injection during eximstats proces ...)
+	TODO: check
+CVE-2017-18405 (cPanel before 68.0.15 allows arbitrary file-read operations because of ...)
+	TODO: check
+CVE-2017-18404 (cPanel before 68.0.15 allows domain data to be deleted for domains wit ...)
+	TODO: check
+CVE-2017-18403 (cPanel before 68.0.15 allows code execution in the context of the nobo ...)
+	TODO: check
+CVE-2017-18402 (cPanel before 68.0.15 allows stored XSS during a cpaddons moderated up ...)
+	TODO: check
+CVE-2017-18401 (cPanel before 68.0.15 allows user accounts to be partially created wit ...)
+	TODO: check
+CVE-2017-18400 (cPanel before 68.0.15 allows local root code execution via cpdavd (SEC ...)
+	TODO: check
+CVE-2017-18399 (cPanel before 68.0.15 allows attackers to read root's crontab file dur ...)
+	TODO: check
+CVE-2017-18398 (DnsUtils in cPanel before 68.0.15 allows zone creation for hostname an ...)
+	TODO: check
+CVE-2017-18397 (cPanel before 68.0.15 does not preserve permissions for local backup t ...)
+	TODO: check
+CVE-2017-18396 (cPanel before 68.0.15 allows arbitrary file-read operations via Exim v ...)
+	TODO: check
+CVE-2017-18395 (cPanel before 68.0.15 does not block a username of ssl (SEC-328). ...)
+	TODO: check
+CVE-2017-18394 (cPanel before 68.0.15 does not have a sufficient list of reserved user ...)
+	TODO: check
+CVE-2017-18393 (cPanel before 68.0.15 does not block a username of postmaster, which m ...)
+	TODO: check
+CVE-2017-18392 (cPanel before 68.0.15 allows collisions because PostgreSQL databases c ...)
+	TODO: check
+CVE-2017-18391 (cPanel before 68.0.15 allows attackers to read backup files because th ...)
+	TODO: check
+CVE-2017-18390 (cPanel before 68.0.15 allows code execution in the context of the root ...)
+	TODO: check
+CVE-2017-18389 (cPanel before 68.0.15 allows string format injection in dovecot-xaps-p ...)
+	TODO: check
+CVE-2017-18388 (cPanel before 68.0.15 can perform unsafe file operations because Jails ...)
+	TODO: check
+CVE-2017-18387 (cPanel before 68.0.15 allows arbitrary code execution via Maketext inj ...)
+	TODO: check
+CVE-2017-18386 (cPanel before 68.0.15 allows arbitrary code execution via Maketext inj ...)
+	TODO: check
+CVE-2017-18385 (cPanel before 68.0.15 allows unprivileged users to access restricted d ...)
+	TODO: check
+CVE-2017-18384 (cPanel before 68.0.15 allows jailed accounts to restore files that are ...)
+	TODO: check
+CVE-2017-18383 (cPanel before 68.0.15 writes home-directory backups to an incorrect lo ...)
+	TODO: check
+CVE-2017-18382 (cPanel before 68.0.15 allows use of an unreserved e-mail address in DN ...)
+	TODO: check
 CVE-2016-10860 (cPanel before 11.54.0.0 allows unauthorized zone modification via the  ...)
 	NOT-FOR-US: cPanel
 CVE-2016-10859 (cPanel before 11.54.0.0 allows unauthorized password changes via Webma ...)
@@ -1305,8 +1331,7 @@ CVE-2019-14237
 	RESERVED
 CVE-2019-14236
 	RESERVED
-CVE-2019-14235 [Potential memory exhaustion in django.utils.encoding.uri_to_iri()]
-	RESERVED
+CVE-2019-14235 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before  ...)
 	- python-django <unfixed>
 	NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
 	NOTE: https://github.com/django/django/commit/cf694e6852b0da7799f8b53f1fb2f7d20cf17534 (2.2.x)
@@ -1317,14 +1342,12 @@ CVE-2019-14234 [SQL injection possibility in key and index lookups for JSONField
 	NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
 	NOTE: https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387 (2.2.x)
 	NOTE: https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef (1.11.x)
-CVE-2019-14233 [the behavior of the underlying HTMLParser leading to DoS]
-	RESERVED
+CVE-2019-14233 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before  ...)
 	- python-django <unfixed>
 	NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
 	NOTE: https://github.com/django/django/commit/e34f3c0e9ee5fc9022428fe91640638bafd4cda7 (2.2.x)
 	NOTE: https://github.com/django/django/commit/52479acce792ad80bb0f915f20b835f919993c72 (1.11.x)
-CVE-2019-14232 [backtracking in a regular expression in django.utils.text.Truncator leads to DoS]
-	RESERVED
+CVE-2019-14232 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before  ...)
 	- python-django <unfixed>
 	NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
 	NOTE: https://github.com/django/django/commit/c3289717c6f21a8cf23daff1c78c0c014b94041f (2.2.x)
@@ -8381,7 +8404,7 @@ CVE-2019-11732
 CVE-2019-11731
 	RESERVED
 CVE-2019-11730 (A vulnerability exists where if a user opens a locally saved HTML file ...)
-	{DSA-4482-1 DSA-4479-1}
+	{DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
 	- firefox 68.0-1
 	- firefox-esr 60.8.0esr-1
 	- thunderbird 1:60.8.0-1
@@ -8458,7 +8481,7 @@ CVE-2019-11718 (Activity Stream can display content from sent from the Snippet S
 	- firefox 68.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11718
 CVE-2019-11717 (A vulnerability exists where the caret ("^") character is improperly e ...)
-	{DSA-4482-1 DSA-4479-1}
+	{DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
 	- firefox 68.0-1
 	- firefox-esr 60.8.0esr-1
 	- thunderbird 1:60.8.0-1
@@ -8469,7 +8492,7 @@ CVE-2019-11716 (Until explicitly accessed by script, window.globalThis is not en
 	- firefox 68.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11716
 CVE-2019-11715 (Due to an error while parsing page content, it is possible for properl ...)
-	{DSA-4482-1 DSA-4479-1}
+	{DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
 	- firefox 68.0-1
 	- firefox-esr 60.8.0esr-1
 	- thunderbird 1:60.8.0-1
@@ -8480,7 +8503,7 @@ CVE-2019-11714 (Necko can access a child on the wrong thread during UDP connecti
 	- firefox 68.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11714
 CVE-2019-11713 (A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/ ...)
-	{DSA-4482-1 DSA-4479-1}
+	{DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
 	- firefox 68.0-1
 	- firefox-esr 60.8.0esr-1
 	- thunderbird 1:60.8.0-1
@@ -8488,7 +8511,7 @@ CVE-2019-11713 (A use-after-free vulnerability can occur in HTTP/2 when a cached
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11713
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11713
 CVE-2019-11712 (POST requests made by NPAPI plugins, such as Flash, that receive a sta ...)
-	{DSA-4482-1 DSA-4479-1}
+	{DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
 	- firefox 68.0-1
 	- firefox-esr 60.8.0esr-1
 	- thunderbird 1:60.8.0-1
@@ -8496,7 +8519,7 @@ CVE-2019-11712 (POST requests made by NPAPI plugins, such as Flash, that receive
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11712
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11712
 CVE-2019-11711 (When an inner window is reused, it does not consider the use of docume ...)
-	{DSA-4482-1 DSA-4479-1}
+	{DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
 	- firefox 68.0-1
 	- firefox-esr 60.8.0esr-1
 	- thunderbird 1:60.8.0-1
@@ -8507,7 +8530,7 @@ CVE-2019-11710 (Mozilla developers and community members reported memory safety
 	- firefox 68.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11710
 CVE-2019-11709 (Mozilla developers and community members reported memory safety bugs p ...)
-	{DSA-4482-1 DSA-4479-1}
+	{DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
 	- firefox 68.0-1
 	- firefox-esr 60.8.0esr-1
 	- thunderbird 1:60.8.0-1
@@ -10529,8 +10552,8 @@ CVE-2019-10963
 	RESERVED
 CVE-2019-10962 (BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1. ...)
 	NOT-FOR-US: BD Alaris Gateway
-CVE-2019-10961
-	RESERVED
+CVE-2019-10961 (In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, proces ...)
+	TODO: check
 CVE-2019-10960
 	RESERVED
 CVE-2019-10959 (BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build ...)
@@ -10575,8 +10598,8 @@ CVE-2019-10940
 	RESERVED
 CVE-2019-10939
 	RESERVED
-CVE-2019-10938
-	RESERVED
+CVE-2019-10938 (A vulnerability has been identified in Ethernet plug-in communication  ...)
+	TODO: check
 CVE-2019-10937
 	RESERVED
 CVE-2019-10936
@@ -12490,8 +12513,7 @@ CVE-2019-10178
 	RESERVED
 CVE-2019-10177 (A stored cross-site scripting (XSS) vulnerability was found in the PDF ...)
 	NOT-FOR-US: Red Hat CloudForms
-CVE-2019-10176
-	RESERVED
+CVE-2019-10176 (A flaw was found in OpenShift Container Platform, versions 3.11 and la ...)
 	NOT-FOR-US: OpenShift
 CVE-2019-10175 (A flaw was found in the containerized-data-importer in virt-cdi-cloner ...)
 	NOT-FOR-US: KubeVirt
@@ -12505,30 +12527,26 @@ CVE-2019-10173 (It was found that xstream API version 1.4.10 before 1.4.11 intro
 	NOTE: Regression introduced and present only in 1.4.10.
 CVE-2019-10172
 	RESERVED
-CVE-2019-10171
-	RESERVED
+CVE-2019-10171 (It was found that the fix for CVE-2018-14648 in 389-ds-base, versions  ...)
 	- 389-ds-base <not-affected> (Incomplete RHEL backport)
 CVE-2019-10170
 	RESERVED
 CVE-2019-10169
 	RESERVED
-CVE-2019-10168 [arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs]
-	RESERVED
+CVE-2019-10168 (The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorC ...)
 	- libvirt 5.0.0-4
 	[stretch] - libvirt <not-affected> (Vulnerable code introduced later)
 	[jessie] - libvirt <not-affected> (Vulnerable code introduced later)
 	NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720118
 	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=bf6c2830b6c338b1f5699b095df36f374777b291
-CVE-2019-10167 [arbitrary command execution via virConnectGetDomainCapabilities API]
-	RESERVED
+CVE-2019-10167 (The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x befo ...)
 	{DSA-4469-1 DLA-1832-1}
 	- libvirt 5.0.0-4
 	NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720117
 	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=8afa68bac0cf99d1f8aaa6566685c43c22622f26
-CVE-2019-10166 [virDomainManagedSaveDefineXML API exposed to readonly clients]
-	RESERVED
+CVE-2019-10166 (It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x. ...)
 	- libvirt 5.0.0-4
 	[stretch] - libvirt <not-affected> (Vulnerable code introduced in 3.6.1)
 	[jessie] - libvirt <not-affected> (Vulnerable code introduced in 3.6.1)
@@ -12793,12 +12811,10 @@ CVE-2019-10096
 	RESERVED
 CVE-2019-10095
 	RESERVED
-CVE-2019-10094 [StackOverflow from Crafted Package/Compressed Files in Apache Tika's RecursiveParserWrapper]
-	RESERVED
+CVE-2019-10094 (A carefully crafted package/compressed file that, when unzipped/uncomp ...)
 	- tika <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/4
-CVE-2019-10093 [Denial of Service in Apache Tika's 2003ml and 2006ml Parsers]
-	RESERVED
+CVE-2019-10093 (In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file ...)
 	- tika <unfixed> (bug #933745)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/3
 CVE-2019-10092
@@ -12809,8 +12825,7 @@ CVE-2019-10090
 	RESERVED
 CVE-2019-10089
 	RESERVED
-CVE-2019-10088 [OOM from a crafted Zip File in Apache Tika's RecursiveParserWrapper]
-	RESERVED
+CVE-2019-10088 (A carefully crafted or corrupt zip file can cause an OOM in Apache Tik ...)
 	- tika <unfixed> (bug #933744)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/2
 CVE-2019-10087
@@ -14371,7 +14386,7 @@ CVE-2019-9813 (Incorrect handling of __proto__ mutations may lead to type confus
 CVE-2019-9812
 	RESERVED
 CVE-2019-9811 (As part of a winning Pwn2Own entry, a researcher demonstrated a sandbo ...)
-	{DSA-4482-1 DSA-4479-1}
+	{DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
 	- firefox 68.0-1
 	- firefox-esr 60.8.0esr-1
 	- thunderbird 1:60.8.0-1
@@ -16193,8 +16208,8 @@ CVE-2019-9143 (An issue was discovered in Exiv2 0.27. There is infinite recursio
 	NOTE: https://github.com/Exiv2/exiv2/issues/711
 CVE-2019-9142 (An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS ...)
 	NOT-FOR-US: b3log Symphony (aka Sym)
-CVE-2019-9141
-	RESERVED
+CVE-2019-9141 (ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains  ...)
+	TODO: check
 CVE-2019-9140 (When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earl ...)
 	TODO: check
 CVE-2019-9139 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnera ...)
@@ -25346,8 +25361,8 @@ CVE-2019-5503
 	RESERVED
 CVE-2019-5502
 	RESERVED
-CVE-2019-5501
-	RESERVED
+CVE-2019-5501 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose  ...)
+	TODO: check
 CVE-2019-5500
 	RESERVED
 CVE-2019-5499
@@ -25362,8 +25377,8 @@ CVE-2019-5495 (OnCommand Unified Manager for VMware vSphere, Linux and Windows p
 	NOT-FOR-US: OnCommand Unified Manager for VMware vSphere, Linux and Windows / Netapp
 CVE-2019-5494 (OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped withou ...)
 	NOT-FOR-US: OnCommand Unified Manager 7-Mode / Netapp
-CVE-2019-5493
-	RESERVED
+CVE-2019-5493 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptib ...)
+	TODO: check
 CVE-2019-5492 (Element Plug-in for vCenter Server versions prior to 4.2.3 may disclos ...)
 	NOT-FOR-US: NetApp HCI Compute Node
 CVE-2019-5491 (Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 a ...)
@@ -27911,8 +27926,8 @@ CVE-2019-4277
 	RESERVED
 CVE-2019-4276
 	RESERVED
-CVE-2019-4275
-	RESERVED
+CVE-2019-4275 (IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allo ...)
+	TODO: check
 CVE-2019-4274
 	RESERVED
 CVE-2019-4273
@@ -88595,8 +88610,8 @@ CVE-2018-1989
 	RESERVED
 CVE-2018-1988
 	RESERVED
-CVE-2018-1987
-	RESERVED
+CVE-2018-1987 (IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if  ...)
+	TODO: check
 CVE-2018-1986
 	RESERVED
 CVE-2018-1985
@@ -206013,8 +206028,7 @@ CVE-2014-8186
 	REJECTED
 CVE-2014-8185
 	REJECTED
-CVE-2014-8184 [stack-based buffer overflow in findTable()]
-	RESERVED
+CVE-2014-8184 (A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A  ...)
 	- liblouis 2.6.2-1 (bug #880621)
 	[jessie] - liblouis 2.5.3-3+deb8u1
 	[wheezy] - liblouis <not-affected> (Vulnerable code introduced in 2.5.0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ad6017ecbc0b338dc53d26e798acda828cf9515

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ad6017ecbc0b338dc53d26e798acda828cf9515
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190802/d6278c0d/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list