[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Aug 10 21:10:32 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b7ff1282 by security tracker role at 2019-08-10T20:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,235 @@
+CVE-2019-14924 (An issue was discovered in GCDWebServer before 3.5.3. The method moveI ...)
+ TODO: check
+CVE-2019-14923
+ RESERVED
+CVE-2019-14922
+ RESERVED
+CVE-2019-14921
+ RESERVED
+CVE-2019-14920
+ RESERVED
+CVE-2019-14919
+ RESERVED
+CVE-2019-14918
+ RESERVED
+CVE-2019-14917
+ RESERVED
+CVE-2019-14916
+ RESERVED
+CVE-2019-14915
+ RESERVED
+CVE-2019-14914
+ RESERVED
+CVE-2019-14913
+ RESERVED
+CVE-2019-14912
+ RESERVED
+CVE-2019-14911
+ RESERVED
+CVE-2019-14910
+ RESERVED
+CVE-2019-14909
+ RESERVED
+CVE-2019-14908
+ RESERVED
+CVE-2019-14907
+ RESERVED
+CVE-2019-14906
+ RESERVED
+CVE-2019-14905
+ RESERVED
+CVE-2019-14904
+ RESERVED
+CVE-2019-14903
+ RESERVED
+CVE-2019-14902
+ RESERVED
+CVE-2019-14901
+ RESERVED
+CVE-2019-14900
+ RESERVED
+CVE-2019-14899
+ RESERVED
+CVE-2019-14898
+ RESERVED
+CVE-2019-14897
+ RESERVED
+CVE-2019-14896
+ RESERVED
+CVE-2019-14895
+ RESERVED
+CVE-2019-14894
+ RESERVED
+CVE-2019-14893
+ RESERVED
+CVE-2019-14892
+ RESERVED
+CVE-2019-14891
+ RESERVED
+CVE-2019-14890
+ RESERVED
+CVE-2019-14889
+ RESERVED
+CVE-2019-14888
+ RESERVED
+CVE-2019-14887
+ RESERVED
+CVE-2019-14886
+ RESERVED
+CVE-2019-14885
+ RESERVED
+CVE-2019-14884
+ RESERVED
+CVE-2019-14883
+ RESERVED
+CVE-2019-14882
+ RESERVED
+CVE-2019-14881
+ RESERVED
+CVE-2019-14880
+ RESERVED
+CVE-2019-14879
+ RESERVED
+CVE-2019-14878
+ RESERVED
+CVE-2019-14877
+ RESERVED
+CVE-2019-14876
+ RESERVED
+CVE-2019-14875
+ RESERVED
+CVE-2019-14874
+ RESERVED
+CVE-2019-14873
+ RESERVED
+CVE-2019-14872
+ RESERVED
+CVE-2019-14871
+ RESERVED
+CVE-2019-14870
+ RESERVED
+CVE-2019-14869
+ RESERVED
+CVE-2019-14868
+ RESERVED
+CVE-2019-14867
+ RESERVED
+CVE-2019-14866
+ RESERVED
+CVE-2019-14865
+ RESERVED
+CVE-2019-14864
+ RESERVED
+CVE-2019-14863
+ RESERVED
+CVE-2019-14862
+ RESERVED
+CVE-2019-14861
+ RESERVED
+CVE-2019-14860
+ RESERVED
+CVE-2019-14859
+ RESERVED
+CVE-2019-14858
+ RESERVED
+CVE-2019-14857
+ RESERVED
+CVE-2019-14856
+ RESERVED
+CVE-2019-14855
+ RESERVED
+CVE-2019-14854
+ RESERVED
+CVE-2019-14853
+ RESERVED
+CVE-2019-14852
+ RESERVED
+CVE-2019-14851
+ RESERVED
+CVE-2019-14850
+ RESERVED
+CVE-2019-14849
+ RESERVED
+CVE-2019-14848
+ RESERVED
+CVE-2019-14847
+ RESERVED
+CVE-2019-14846
+ RESERVED
+CVE-2019-14845
+ RESERVED
+CVE-2019-14844
+ RESERVED
+CVE-2019-14843
+ RESERVED
+CVE-2019-14842
+ RESERVED
+CVE-2019-14841
+ RESERVED
+CVE-2019-14840
+ RESERVED
+CVE-2019-14839
+ RESERVED
+CVE-2019-14838
+ RESERVED
+CVE-2019-14837
+ RESERVED
+CVE-2019-14836
+ RESERVED
+CVE-2019-14835
+ RESERVED
+CVE-2019-14834
+ RESERVED
+CVE-2019-14833
+ RESERVED
+CVE-2019-14832
+ RESERVED
+CVE-2019-14831
+ RESERVED
+CVE-2019-14830
+ RESERVED
+CVE-2019-14829
+ RESERVED
+CVE-2019-14828
+ RESERVED
+CVE-2019-14827
+ RESERVED
+CVE-2019-14826
+ RESERVED
+CVE-2019-14825
+ RESERVED
+CVE-2019-14824
+ RESERVED
+CVE-2019-14823
+ RESERVED
+CVE-2019-14822
+ RESERVED
+CVE-2019-14821
+ RESERVED
+CVE-2019-14820
+ RESERVED
+CVE-2019-14819
+ RESERVED
+CVE-2019-14818
+ RESERVED
+CVE-2019-14817
+ RESERVED
+CVE-2019-14816
+ RESERVED
+CVE-2019-14815
+ RESERVED
+CVE-2019-14814
+ RESERVED
+CVE-2019-14813
+ RESERVED
+CVE-2019-14812
+ RESERVED
+CVE-2019-14811
+ RESERVED
+CVE-2019-14810
+ RESERVED
+CVE-2019-14809
+ RESERVED
CVE-2019-14808
RESERVED
CVE-2019-14807 (In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS e ...)
@@ -1682,14 +1914,14 @@ CVE-2019-14359
RESERVED
CVE-2019-14358
RESERVED
-CVE-2019-14357
- RESERVED
+CVE-2019-14357 (** DISPUTED ** On Mooltipass Mini devices, a side channel for the row- ...)
+ TODO: check
CVE-2019-14356
RESERVED
-CVE-2019-14355
- RESERVED
-CVE-2019-14354
- RESERVED
+CVE-2019-14355 (** DISPUTED ** On ShapeShift KeepKey devices, a side channel for the r ...)
+ TODO: check
+CVE-2019-14354 (On Ledger Nano S and Nano X devices, a side channel for the row-based ...)
+ TODO: check
CVE-2019-14353 (On Trezor One devices before 1.8.2, a side channel for the row-based O ...)
NOT-FOR-US: Trezor One devices
CVE-2019-14352 (** DISPUTED ** In Joget Workflow 6.0.20, CSV Injection, also known as ...)
@@ -1871,9 +2103,11 @@ CVE-2015-9288 (The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2
CVE-2019-1000033
REJECTED
CVE-2019-14284 (In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a deni ...)
+ {DSA-4495-1}
- linux 5.2.6-1
NOTE: Fixed by: https://git.kernel.org/linus/f3554aeb991214cbfafd17d55e2bfddb50282e32
CVE-2019-14283 (In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy ...)
+ {DSA-4495-1}
- linux 5.2.6-1
NOTE: Fixed by: https://git.kernel.org/linus/da99466ac243f15fbba65bd261bfc75ffa1532b6
CVE-2019-1020019 (invenio-previewer before 1.0.0a12 allows XSS. ...)
@@ -3301,6 +3535,7 @@ CVE-2019-13650
CVE-2019-13649
RESERVED
CVE-2019-13648 (In the Linux kernel through 5.2.1 on the powerpc platform, when hardwa ...)
+ {DSA-4495-1}
- linux 5.2.6-1
NOTE: https://patchwork.ozlabs.org/patch/1133904/
CVE-2018-20856 (An issue was discovered in the Linux kernel before 4.18.7. In block/bl ...)
@@ -3360,6 +3595,7 @@ CVE-2019-13633
CVE-2019-13632
RESERVED
CVE-2019-13631 (In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the L ...)
+ {DSA-4495-1}
- linux 5.2.6-1
NOTE: https://patchwork.kernel.org/patch/11040813/
CVE-2019-13630
@@ -5375,6 +5611,7 @@ CVE-2019-13226 (deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-c
CVE-2018-20850 (Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3. ...)
NOT-FOR-US: Stormshield Network Security
CVE-2019-13233 (In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is ...)
+ {DSA-4495-1}
- linux 5.2.6-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -6049,6 +6286,7 @@ CVE-2019-12986 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x b
CVE-2019-12985 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before ...)
NOT-FOR-US: Citrix and NetScaler SD-WAN
CVE-2019-12984 (A NULL pointer dereference vulnerability in the function nfc_genl_deac ...)
+ {DSA-4495-1}
- linux 5.2.6-1
NOTE: Fixed by: https://git.kernel.org/linus/385097a3675749cbc9e97c085c0e5dfe4269ca51
CVE-2019-12983
@@ -6502,6 +6740,7 @@ CVE-2019-12821 (A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei
CVE-2019-12820 (A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 ro ...)
NOT-FOR-US: app of the Shenzhen Jisiwei i3 robot vacuum cleaner
CVE-2019-12817 (arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1. ...)
+ {DSA-4495-1}
- linux 5.2.6-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -9032,6 +9271,7 @@ CVE-2019-11810 (An issue was discovered in the Linux kernel before 5.0.7. A NULL
CVE-2019-11809 (An issue was discovered in Joomla! before 3.9.6. The debug views of co ...)
NOT-FOR-US: Joomla!
CVE-2018-20836 (An issue was discovered in the Linux kernel before 4.20. There is a ra ...)
+ {DSA-4495-1}
- linux 5.2.6-1
NOTE: Fixed by: https://git.kernel.org/linus/b90cd6f2b905905fb42671009dc0e27c310a16ae
CVE-2019-11808 (Ratpack versions before 1.6.1 generate a session ID using a cryptograp ...)
@@ -12291,6 +12531,7 @@ CVE-2019-10639 (The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 al
- linux 4.19.37-1
NOTE: https://arxiv.org/pdf/1906.10478.pdf
CVE-2019-10638 (In the Linux kernel before 5.1.7, a device can be tracked by an attack ...)
+ {DSA-4495-1}
- linux 5.2.6-1
NOTE: https://arxiv.org/pdf/1906.10478.pdf
CVE-2019-10637 (Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS10 ...)
@@ -13238,6 +13479,7 @@ CVE-2019-10208 [postgres: Require schema qualification to cast to a temporary ty
NOTE: https://www.postgresql.org/about/news/1960/
CVE-2019-10207 [bluetooth: hci_uart: 0x0 address execution as nonprivileged user]
RESERVED
+ {DSA-4495-1}
- linux 5.2.6-1
NOTE: https://www.openwall.com/lists/oss-security/2019/07/25/1
NOTE: https://lore.kernel.org/linux-bluetooth/20190725120909.31235-1-vdronov@redhat.com/T/#u
@@ -35894,6 +36136,7 @@ CVE-2019-2001 (The permissions on /proc/iomem were world-readable. This could le
CVE-2019-2000 (In several functions of binder.c, there is possible memory corruption ...)
NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
CVE-2019-1999 (In binder_alloc_free_page of binder_alloc.c, there is a possible doubl ...)
+ {DSA-4495-1}
- linux 5.2.6-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -38877,6 +39120,7 @@ CVE-2019-1126 (A security feature bypass vulnerability exists in Active Director
NOT-FOR-US: Microsoft
CVE-2019-1125 [Spectre v1 SWAPGS]
RESERVED
+ {DSA-4495-1}
- linux 5.2.7-1
NOTE: https://access.redhat.com/articles/4329821
CVE-2019-1124 (A remote code execution vulnerability exists in the way that DirectWri ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b7ff1282b3bf10586efb9f25ad8cb69c2520fffd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b7ff1282b3bf10586efb9f25ad8cb69c2520fffd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190810/ee9c4a0e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list