[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Aug 12 09:10:30 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a9810454 by security tracker role at 2019-08-12T08:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,153 @@
+CVE-2019-14950
+ RESERVED
+CVE-2019-14949
+ RESERVED
+CVE-2019-14948
+ RESERVED
+CVE-2019-14947
+ RESERVED
+CVE-2019-14946
+ RESERVED
+CVE-2019-14945
+ RESERVED
+CVE-2019-14944
+ RESERVED
+CVE-2019-14943
+ RESERVED
+CVE-2019-14942
+ RESERVED
+CVE-2019-14941
+ RESERVED
+CVE-2019-14940 (In Storage Performance Development Kit (SPDK) before 19.07, a user of ...)
+ TODO: check
+CVE-2019-14939 (An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for N ...)
+ TODO: check
+CVE-2019-14938
+ RESERVED
+CVE-2019-14937
+ RESERVED
+CVE-2019-14936
+ RESERVED
+CVE-2019-14935 (3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA% ...)
+ TODO: check
+CVE-2019-14934 (An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_ki ...)
+ TODO: check
+CVE-2019-14933 (Bagisto 0.1.5 allows CSRF under /admin URIs. ...)
+ TODO: check
+CVE-2019-14932
+ RESERVED
+CVE-2018-20966
+ RESERVED
+CVE-2018-20965
+ RESERVED
+CVE-2018-20964
+ RESERVED
+CVE-2018-20963
+ RESERVED
+CVE-2017-18508
+ RESERVED
+CVE-2017-18507
+ RESERVED
+CVE-2017-18506
+ RESERVED
+CVE-2017-18505
+ RESERVED
+CVE-2017-18504
+ RESERVED
+CVE-2017-18503
+ RESERVED
+CVE-2017-18502
+ RESERVED
+CVE-2017-18501
+ RESERVED
+CVE-2017-18500
+ RESERVED
+CVE-2017-18499
+ RESERVED
+CVE-2017-18498
+ RESERVED
+CVE-2017-18497
+ RESERVED
+CVE-2017-18496
+ RESERVED
+CVE-2017-18495
+ RESERVED
+CVE-2017-18494
+ RESERVED
+CVE-2017-18493
+ RESERVED
+CVE-2017-18492
+ RESERVED
+CVE-2017-18491
+ RESERVED
+CVE-2017-18490
+ RESERVED
+CVE-2017-18489
+ RESERVED
+CVE-2017-18488
+ RESERVED
+CVE-2017-18487
+ RESERVED
+CVE-2016-10879
+ RESERVED
+CVE-2016-10878
+ RESERVED
+CVE-2016-10877
+ RESERVED
+CVE-2016-10876
+ RESERVED
+CVE-2016-10875
+ RESERVED
+CVE-2016-10874
+ RESERVED
+CVE-2016-10873
+ RESERVED
+CVE-2016-10872
+ RESERVED
+CVE-2016-10871
+ RESERVED
+CVE-2016-10870
+ RESERVED
+CVE-2016-10869
+ RESERVED
+CVE-2016-10868
+ RESERVED
+CVE-2016-10867
+ RESERVED
+CVE-2016-10866
+ RESERVED
+CVE-2015-9306
+ RESERVED
+CVE-2015-9305
+ RESERVED
+CVE-2015-9304
+ RESERVED
+CVE-2015-9303
+ RESERVED
+CVE-2015-9302
+ RESERVED
+CVE-2015-9301
+ RESERVED
+CVE-2015-9300
+ RESERVED
+CVE-2015-9299
+ RESERVED
+CVE-2015-9298
+ RESERVED
+CVE-2015-9297
+ RESERVED
+CVE-2015-9296
+ RESERVED
+CVE-2015-9295
+ RESERVED
+CVE-2015-9294
+ RESERVED
+CVE-2015-9293
+ RESERVED
+CVE-2013-7475
+ RESERVED
+CVE-2012-6713
+ RESERVED
CVE-2019-14931
RESERVED
CVE-2019-14930
@@ -2120,11 +2270,11 @@ CVE-2015-9288 (The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2
CVE-2019-1000033
REJECTED
CVE-2019-14284 (In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a deni ...)
- {DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1}
- linux 5.2.6-1
NOTE: Fixed by: https://git.kernel.org/linus/f3554aeb991214cbfafd17d55e2bfddb50282e32
CVE-2019-14283 (In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy ...)
- {DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1}
- linux 5.2.6-1
NOTE: Fixed by: https://git.kernel.org/linus/da99466ac243f15fbba65bd261bfc75ffa1532b6
CVE-2019-1020019 (invenio-previewer before 1.0.0a12 allows XSS. ...)
@@ -3553,10 +3703,11 @@ CVE-2019-13650
CVE-2019-13649
RESERVED
CVE-2019-13648 (In the Linux kernel through 5.2.1 on the powerpc platform, when hardwa ...)
- {DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1}
- linux 5.2.6-1
NOTE: https://patchwork.ozlabs.org/patch/1133904/
CVE-2018-20856 (An issue was discovered in the Linux kernel before 4.18.7. In block/bl ...)
+ {DSA-4497-1}
- linux 4.18.8-1
[jessie] - linux <not-affected> (Vulnerability introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/54648cf1ec2d7f4b6a71767799c45676a138ca24
@@ -3613,7 +3764,7 @@ CVE-2019-13633
CVE-2019-13632
RESERVED
CVE-2019-13631 (In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the L ...)
- {DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1}
- linux 5.2.6-1
NOTE: https://patchwork.kernel.org/patch/11040813/
CVE-2019-13630
@@ -5033,6 +5184,7 @@ CVE-2019-13459
RESERVED
CVE-2019-13458
RESERVED
+ {DLA-1877-1}
- otrs2 6.0.20-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -6991,6 +7143,7 @@ CVE-2019-12747 (TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserializ
NOT-FOR-US: Typo3
CVE-2019-12746
RESERVED
+ {DLA-1877-1}
- otrs2 6.0.20-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -9289,7 +9442,7 @@ CVE-2019-11810 (An issue was discovered in the Linux kernel before 5.0.7. A NULL
CVE-2019-11809 (An issue was discovered in Joomla! before 3.9.6. The debug views of co ...)
NOT-FOR-US: Joomla!
CVE-2018-20836 (An issue was discovered in the Linux kernel before 4.20. There is a ra ...)
- {DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1}
- linux 5.2.6-1
NOTE: Fixed by: https://git.kernel.org/linus/b90cd6f2b905905fb42671009dc0e27c310a16ae
CVE-2019-11808 (Ratpack versions before 1.6.1 generate a session ID using a cryptograp ...)
@@ -12545,11 +12698,11 @@ CVE-2019-10640 (An issue was discovered in GitLab Community and Enterprise Editi
- gitlab 11.8.6+dfsg-1 (bug #926482)
NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10639 (The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows I ...)
- {DLA-1862-1}
+ {DSA-4497-1 DLA-1862-1}
- linux 4.19.37-1
NOTE: https://arxiv.org/pdf/1906.10478.pdf
CVE-2019-10638 (In the Linux kernel before 5.1.7, a device can be tracked by an attack ...)
- {DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1}
- linux 5.2.6-1
NOTE: https://arxiv.org/pdf/1906.10478.pdf
CVE-2019-10637 (Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS10 ...)
@@ -13497,7 +13650,7 @@ CVE-2019-10208 [postgres: Require schema qualification to cast to a temporary ty
NOTE: https://www.postgresql.org/about/news/1960/
CVE-2019-10207 [bluetooth: hci_uart: 0x0 address execution as nonprivileged user]
RESERVED
- {DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1}
- linux 5.2.6-1
NOTE: https://www.openwall.com/lists/oss-security/2019/07/25/1
NOTE: https://lore.kernel.org/linux-bluetooth/20190725120909.31235-1-vdronov@redhat.com/T/#u
@@ -29861,6 +30014,7 @@ CVE-2019-3901 (A race condition in perf_event_open() allows local attackers to l
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=807
NOTE: Fixed by: https://git.kernel.org/linus/79c9ce57eb2d5f1497546a3946b4ae21b6fdc438
CVE-2019-3900 (An infinite loop issue was found in the vhost_net kernel module in Lin ...)
+ {DSA-4497-1}
- linux 5.2.6-1
CVE-2019-3899 (It was found that default configuration of Heketi does not require any ...)
- heketi <itp> (bug #903384)
@@ -29937,7 +30091,7 @@ CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by wor
NOTE: https://pagure.io/389-ds-base/c/fcf2b5ddb (389-ds-base-1.4.0)
NOTE: https://pagure.io/389-ds-base/c/dd4b69b55 (389-ds-base-1.3.9)
CVE-2019-3882 (A flaw was found in the Linux kernel's vfio interface implementation t ...)
- {DLA-1799-1}
+ {DSA-4497-1 DLA-1799-1}
- linux 4.19.37-1
NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/1
NOTE: https://lore.kernel.org/lkml/155414977872.12780.13728555131525362206.stgit@gimli.home/T/#u
@@ -39150,7 +39304,7 @@ CVE-2019-1126 (A security feature bypass vulnerability exists in Active Director
NOT-FOR-US: Microsoft
CVE-2019-1125 [Spectre v1 SWAPGS]
RESERVED
- {DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1}
- linux 5.2.7-1
NOTE: https://access.redhat.com/articles/4329821
CVE-2019-1124 (A remote code execution vulnerability exists in the way that DirectWri ...)
@@ -62588,6 +62742,7 @@ CVE-2018-11565 (Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 b
CVE-2018-11564 (Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upl ...)
NOT-FOR-US: Pagekit CMS
CVE-2018-11563 (An issue was discovered in Open Ticket Request System (OTRS) 6.0.x thr ...)
+ {DLA-1877-1}
- otrs2 6.0.8-1
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2018-02-security-update-for-otrs-framework/
@@ -78627,7 +78782,7 @@ CVE-2018-5996 (Insufficient exception handling in the method NCompress::NRar3::C
[wheezy] - p7zip-rar <no-dsa> (Non-free not supported)
NOTE: https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
CVE-2018-5995 (The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel ...)
- {DLA-1799-1}
+ {DSA-4497-1 DLA-1799-1}
- linux 4.15.4-1
[stretch] - linux <ignored> (kernel log restricted to root by default)
CVE-2018-5994 (SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via th ...)
@@ -176160,6 +176315,7 @@ CVE-2015-8554 (Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when usi
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-164.html
CVE-2015-8553 (Xen allows guest OS users to obtain sensitive information from uniniti ...)
+ {DSA-4497-1}
- linux 4.19.37-1
[stretch] - linux <ignored> (Intrusive; breaks qemu as used in Jessie; cf. kernel-sec for more details)
[jessie] - linux <ignored> (Intrusive; breaks qemu as used in Jessie; cf. kernel-sec for more details)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a98104540fc2c12bfb8aa51f8bfb306e505930ac
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a98104540fc2c12bfb8aa51f8bfb306e505930ac
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190812/706f6b57/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list