[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Aug 10 09:10:30 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c9608d11 by security tracker role at 2019-08-10T08:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2019-14808
 	RESERVED
-CVE-2019-14807
-	RESERVED
+CVE-2019-14807 (In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS e ...)
+	TODO: check
 CVE-2019-14806 (Pallets Werkzeug before 0.15.3, when used with Docker, has insufficien ...)
 	- python-werkzeug <unfixed> (low)
 	[buster] - python-werkzeug <no-dsa> (Minor issue)
@@ -7945,20 +7945,20 @@ CVE-2019-12263 (Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TC
 	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12262
 	RESERVED
-CVE-2019-12261
-	RESERVED
-CVE-2019-12260
-	RESERVED
+CVE-2019-12261 (Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the ...)
+	TODO: check
+CVE-2019-12260 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP compon ...)
+	TODO: check
 CVE-2019-12259 (Wind River VxWorks 6.9 and vx7 has an array index error in the IGMPv3  ...)
 	NOT-FOR-US: Wind River VxWorks
-CVE-2019-12258
-	RESERVED
+CVE-2019-12258 (Wind River VxWorks 6.5 through 6.9 and vx7 has Session Fixation in the ...)
+	TODO: check
 CVE-2019-12257 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the DHCP clien ...)
 	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12256 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 compo ...)
 	NOT-FOR-US: Wind River VxWorks
-CVE-2019-12255
-	RESERVED
+CVE-2019-12255 (Wind River VxWorks 6.5 through 6.9.3 has a Buffer Overflow in the TCP  ...)
+	TODO: check
 CVE-2019-12254
 	RESERVED
 CVE-2019-12253 (my little forum before 2.4.20 allows CSRF to delete posts, as demonstr ...)
@@ -9668,10 +9668,10 @@ CVE-2018-20829
 	RESERVED
 CVE-2018-20828
 	RESERVED
-CVE-2018-20827
-	RESERVED
-CVE-2018-20826
-	RESERVED
+CVE-2018-20827 (The activity stream gadget in Jira before version 7.13.1 allows remote ...)
+	TODO: check
+CVE-2018-20826 (The inline-create rest resource in Jira before version 7.12.3 allows a ...)
+	TODO: check
 CVE-2018-20825
 	RESERVED
 CVE-2018-20824 (The WallboardServlet resource in Jira before version 7.13.1 allows rem ...)
@@ -9736,8 +9736,8 @@ CVE-2019-11583 (The issue searching component in Jira before version 8.1.0 allow
 	NOT-FOR-US: issue searching component in Jira
 CVE-2019-11582 (An argument injection vulnerability in Atlassian Sourcetree for Window ...)
 	NOT-FOR-US: Atlassian Sourcetree
-CVE-2019-11581
-	RESERVED
+CVE-2019-11581 (There was a server-side template injection vulnerability in Jira Serve ...)
+	TODO: check
 CVE-2019-11580 (Atlassian Crowd and Crowd Data Center had the pdkinstall development p ...)
 	NOT-FOR-US: Atlassian Crowd and Crowd Data Center
 CVE-2015-9285 (esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI. ...)
@@ -10547,8 +10547,8 @@ CVE-2019-11276
 	RESERVED
 CVE-2019-11275
 	RESERVED
-CVE-2019-11274
-	RESERVED
+CVE-2019-11274 (Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS a ...)
+	TODO: check
 CVE-2019-11273 (Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and ve ...)
 	NOT-FOR-US: Pivotal Container Services
 CVE-2019-11272 (Spring Security, versions 4.2.x up to 4.2.12, and older unsupported ve ...)
@@ -10779,6 +10779,7 @@ CVE-2019-11188
 	RESERVED
 CVE-2019-11187 [Perform stricter check on LDAP success/failure]
 	RESERVED
+	{DLA-1876-1 DLA-1875-1}
 	- fusiondirectory 1.2.3-5
 	[buster] - fusiondirectory <no-dsa> (Minor issue)
 	[stretch] - fusiondirectory <no-dsa> (Minor issue)
@@ -11122,15 +11123,13 @@ CVE-2019-11044
 	RESERVED
 CVE-2019-11043
 	RESERVED
-CVE-2019-11042 [heap-buffer-overflow on exif_process_user_comment]
-	RESERVED
+CVE-2019-11042 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
 	- php7.3 7.3.8-1
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in 7.1.31, 7.2.21, 7.3.8
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78256
-CVE-2019-11041 [heap-buffer-overflow on exif_scan_thumbnail]
-	RESERVED
+CVE-2019-11041 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
 	- php7.3 7.3.8-1
 	- php7.0 <removed>
 	- php5 <removed>
@@ -30154,12 +30153,12 @@ CVE-2019-3746
 	RESERVED
 CVE-2019-3745
 	RESERVED
-CVE-2019-3744
-	RESERVED
+CVE-2019-3744 (Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a pri ...)
+	TODO: check
 CVE-2019-3743
 	RESERVED
-CVE-2019-3742
-	RESERVED
+CVE-2019-3742 (Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a p ...)
+	TODO: check
 CVE-2019-3741 (Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a  ...)
 	NOT-FOR-US: EMC
 CVE-2019-3740



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c9608d118e43d564cc25b33f523c0667e0d15f1b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c9608d118e43d564cc25b33f523c0667e0d15f1b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190810/77576bc3/attachment.html>

More information about the debian-security-tracker-commits mailing list