[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 13 21:11:53 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a658d9a4 by security tracker role at 2019-08-13T20:11:31Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,77 @@
-CVE-2019-14992
+CVE-2019-15024
RESERVED
-CVE-2019-14991
+CVE-2019-15023
RESERVED
-CVE-2019-14990
+CVE-2019-15022
RESERVED
-CVE-2019-14989
+CVE-2019-15021
RESERVED
-CVE-2019-14988
+CVE-2019-15020
+ RESERVED
+CVE-2019-15019
+ RESERVED
+CVE-2019-15018
+ RESERVED
+CVE-2019-15017
+ RESERVED
+CVE-2019-15016
+ RESERVED
+CVE-2019-15015
+ RESERVED
+CVE-2019-15014
+ RESERVED
+CVE-2019-15013
+ RESERVED
+CVE-2019-15012
+ RESERVED
+CVE-2019-15011
+ RESERVED
+CVE-2019-15010
+ RESERVED
+CVE-2019-15009
+ RESERVED
+CVE-2019-15008
+ RESERVED
+CVE-2019-15007
RESERVED
+CVE-2019-15006
+ RESERVED
+CVE-2019-15005
+ RESERVED
+CVE-2019-15004
+ RESERVED
+CVE-2019-15003
+ RESERVED
+CVE-2019-15002
+ RESERVED
+CVE-2019-15001
+ RESERVED
+CVE-2019-15000
+ RESERVED
+CVE-2019-14999
+ RESERVED
+CVE-2019-14998
+ RESERVED
+CVE-2019-14997
+ RESERVED
+CVE-2019-14996
+ RESERVED
+CVE-2019-14995
+ RESERVED
+CVE-2019-14994
+ RESERVED
+CVE-2019-14993 (Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressi ...)
+ TODO: check
+CVE-2019-14992
+ REJECTED
+CVE-2019-14991
+ REJECTED
+CVE-2019-14990
+ REJECTED
+CVE-2019-14989
+ REJECTED
+CVE-2019-14988
+ REJECTED
CVE-2019-14987 (Adive Framework through 2.0.7 is affected by XSS in the Create New Tab ...)
NOT-FOR-US: Adive Framework
CVE-2019-14986
@@ -130,14 +194,14 @@ CVE-2018-20966 (The woocommerce-jetpack plugin before 3.8.0 for WordPress has XS
NOT-FOR-US: woocommerce-jetpack plugin for WordPress
CVE-2018-20965 (The ultimate-member plugin before 2.0.4 for WordPress has XSS. ...)
NOT-FOR-US: ultimate-member plugin for WordPress
-CVE-2018-20964
- RESERVED
-CVE-2018-20963
- RESERVED
+CVE-2018-20964 (The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. ...)
+ TODO: check
+CVE-2018-20963 (The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. ...)
+ TODO: check
CVE-2017-18508 (The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS. ...)
NOT-FOR-US: wp-live-chat-support plugin for WordPress
-CVE-2017-18507
- RESERVED
+CVE-2017-18507 (The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS. ...)
+ TODO: check
CVE-2017-18506 (The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for Wo ...)
NOT-FOR-US: woocommerce-pdf-invoices-packing-slips plugin for WordPress
CVE-2017-18505 (The twitter-plugin plugin before 2.55 for WordPress has XSS. ...)
@@ -154,30 +218,30 @@ CVE-2017-18500 (The social-buttons-pack plugin before 1.1.1 for WordPress has mu
NOT-FOR-US: social-buttons-pack plugin for WordPress
CVE-2017-18499 (The simple-membership plugin before 3.5.7 for WordPress has XSS. ...)
NOT-FOR-US: simple-membership plugin for WordPress
-CVE-2017-18498
- RESERVED
-CVE-2017-18497
- RESERVED
-CVE-2017-18496
- RESERVED
-CVE-2017-18495
- RESERVED
-CVE-2017-18494
- RESERVED
-CVE-2017-18493
- RESERVED
-CVE-2017-18492
- RESERVED
-CVE-2017-18491
- RESERVED
-CVE-2017-18490
- RESERVED
-CVE-2017-18489
- RESERVED
-CVE-2017-18488
- RESERVED
-CVE-2017-18487
- RESERVED
+CVE-2017-18498 (The simple-job-board plugin before 2.4.4 for WordPress has reflected X ...)
+ TODO: check
+CVE-2017-18497 (The liveforms plugin before 3.4.0 for WordPress has XSS. ...)
+ TODO: check
+CVE-2017-18496 (The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues ...)
+ TODO: check
+CVE-2017-18495 (The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress ...)
+ TODO: check
+CVE-2017-18494 (The custom-search-plugin plugin before 1.36 for WordPress has multiple ...)
+ TODO: check
+CVE-2017-18493 (The custom-admin-page plugin before 0.1.2 for WordPress has multiple X ...)
+ TODO: check
+CVE-2017-18492 (The contact-form-to-db plugin before 1.5.7 for WordPress has multiple ...)
+ TODO: check
+CVE-2017-18491 (The contact-form-plugin plugin before 4.0.6 for WordPress has multiple ...)
+ TODO: check
+CVE-2017-18490 (The contact-form-multi plugin before 1.2.1 for WordPress has multiple ...)
+ TODO: check
+CVE-2017-18489 (The contact-form-7-sms-addon plugin before 2.4.0 for WordPress has XSS ...)
+ TODO: check
+CVE-2017-18488 (The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS i ...)
+ TODO: check
+CVE-2017-18487 (The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPre ...)
+ TODO: check
CVE-2016-10879 (The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS. ...)
NOT-FOR-US: wp-live-chat-support plugin for WordPress
CVE-2016-10878 (The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS. ...)
@@ -194,18 +258,18 @@ CVE-2016-10873 (The wp-database-backup plugin before 4.3.3 for WordPress has XSS
NOT-FOR-US: wp-database-backup plugin for WordPress
CVE-2016-10872 (The ultimate-member plugin before 1.3.40 for WordPress has XSS on the ...)
NOT-FOR-US: ultimate-member plugin for WordPress
-CVE-2016-10871
- RESERVED
-CVE-2016-10870
- RESERVED
-CVE-2016-10869
- RESERVED
-CVE-2016-10868
- RESERVED
-CVE-2016-10867
- RESERVED
-CVE-2016-10866
- RESERVED
+CVE-2016-10871 (The mailchimp-for-wp plugin before 4.0.11 for WordPress has XSS on the ...)
+ TODO: check
+CVE-2016-10870 (The google-language-translator plugin before 5.0.06 for WordPress has ...)
+ TODO: check
+CVE-2016-10869 (The contact-form-plugin plugin before 4.0.2 for WordPress has XSS. ...)
+ TODO: check
+CVE-2016-10868 (The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPr ...)
+ TODO: check
+CVE-2016-10867 (The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPr ...)
+ TODO: check
+CVE-2016-10866 (The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPr ...)
+ TODO: check
CVE-2015-9306 (The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS ...)
NOT-FOR-US: wp-ultimate-csv-importer plugin for WordPress
CVE-2015-9305 (The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS rel ...)
@@ -214,30 +278,30 @@ CVE-2015-9304 (The ultimate-member plugin before 1.3.18 for WordPress has XSS vi
NOT-FOR-US: ultimate-member plugin for WordPress
CVE-2015-9303 (The simple-share-buttons-adder plugin before 6.0.0 for WordPress has X ...)
NOT-FOR-US: simple-share-buttons-adder plugin for WordPress
-CVE-2015-9302
- RESERVED
-CVE-2015-9301
- RESERVED
-CVE-2015-9300
- RESERVED
-CVE-2015-9299
- RESERVED
-CVE-2015-9298
- RESERVED
-CVE-2015-9297
- RESERVED
-CVE-2015-9296
- RESERVED
-CVE-2015-9295
- RESERVED
-CVE-2015-9294
- RESERVED
-CVE-2015-9293
- RESERVED
-CVE-2013-7475
- RESERVED
-CVE-2012-6713
- RESERVED
+CVE-2015-9302 (The simple-fields plugin before 1.4.11 for WordPress has XSS. ...)
+ TODO: check
+CVE-2015-9301 (The liveforms plugin before 3.2.0 for WordPress has SQL injection. ...)
+ TODO: check
+CVE-2015-9300 (The events-manager plugin before 5.5.7 for WordPress has multiple XSS ...)
+ TODO: check
+CVE-2015-9299 (The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS. ...)
+ TODO: check
+CVE-2015-9298 (The events-manager plugin before 5.6 for WordPress has code injection. ...)
+ TODO: check
+CVE-2015-9297 (The events-manager plugin before 5.6 for WordPress has XSS. ...)
+ TODO: check
+CVE-2015-9296 (The download-monitor plugin before 1.7.1 for WordPress has XSS related ...)
+ TODO: check
+CVE-2015-9295 (The contact-form-plugin plugin before 3.96 for WordPress has XSS. ...)
+ TODO: check
+CVE-2015-9294 (The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPr ...)
+ TODO: check
+CVE-2015-9293 (The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPr ...)
+ TODO: check
+CVE-2013-7475 (The contact-form-plugin plugin before 3.52 for WordPress has XSS. ...)
+ TODO: check
+CVE-2012-6713 (The job-manager plugin before 0.7.19 for WordPress has multiple XSS is ...)
+ TODO: check
CVE-2019-14931
RESERVED
CVE-2019-14930
@@ -858,7 +922,7 @@ CVE-2019-14661
CVE-2019-14660
RESERVED
CVE-2019-14659
- RESERVED
+ REJECTED
CVE-2019-14658
RESERVED
CVE-2019-14657
@@ -1077,9 +1141,8 @@ CVE-2019-14553
RESERVED
CVE-2019-14552
RESERVED
-CVE-2017-18509 [IPv6 mroute missing type check]
- RESERVED
- {DSA-4497-1}
+CVE-2017-18509 (An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before ...)
+ {DSA-4497-1 DLA-1885-1 DLA-1884-1}
- linux 4.11.6-1
NOTE: https://git.kernel.org/linus/99253eb750fda6a644d5188fb26c43bad8d5a745
NOTE: https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-inetcsklistenstop-gpf
@@ -1140,8 +1203,8 @@ CVE-2019-14531 (An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is
- sleuthkit <unfixed> (unimportant)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1576
NOTE: Negligible security impact
-CVE-2019-14530
- RESERVED
+CVE-2019-14530 (An issue was discovered in custom/ajax_download.php in OpenEMR before ...)
+ TODO: check
CVE-2019-14529 (OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/s ...)
NOT-FOR-US: OpenEMR
CVE-2019-14528 (GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/ ...)
@@ -1181,8 +1244,8 @@ CVE-2019-14518
RESERVED
CVE-2019-14517 (pandao Editor.md 1.5.0 allows XSS via the Javascript: string. ...)
NOT-FOR-US: pandao Editor.md
-CVE-2019-14516
- RESERVED
+CVE-2019-14516 (The mAadhaar application 1.2.7 for Android lacks SSL Certificate Valid ...)
+ TODO: check
CVE-2019-14515
RESERVED
CVE-2019-14514
@@ -2365,11 +2428,11 @@ CVE-2015-9288 (The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2
CVE-2019-1000033
REJECTED
CVE-2019-14284 (In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a deni ...)
- {DSA-4497-1 DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1}
- linux 5.2.6-1
NOTE: Fixed by: https://git.kernel.org/linus/f3554aeb991214cbfafd17d55e2bfddb50282e32
CVE-2019-14283 (In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy ...)
- {DSA-4497-1 DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1}
- linux 5.2.6-1
NOTE: Fixed by: https://git.kernel.org/linus/da99466ac243f15fbba65bd261bfc75ffa1532b6
CVE-2019-1020019 (invenio-previewer before 1.0.0a12 allows XSS. ...)
@@ -3800,11 +3863,11 @@ CVE-2019-13650
CVE-2019-13649
RESERVED
CVE-2019-13648 (In the Linux kernel through 5.2.1 on the powerpc platform, when hardwa ...)
- {DSA-4497-1 DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1 DLA-1885-1}
- linux 5.2.6-1
NOTE: https://patchwork.ozlabs.org/patch/1133904/
CVE-2018-20856 (An issue was discovered in the Linux kernel before 4.18.7. In block/bl ...)
- {DSA-4497-1}
+ {DSA-4497-1 DLA-1885-1}
- linux 4.18.8-1
[jessie] - linux <not-affected> (Vulnerability introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/54648cf1ec2d7f4b6a71767799c45676a138ca24
@@ -3861,7 +3924,7 @@ CVE-2019-13633
CVE-2019-13632
RESERVED
CVE-2019-13631 (In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the L ...)
- {DSA-4497-1 DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1}
- linux 5.2.6-1
NOTE: https://patchwork.kernel.org/patch/11040813/
CVE-2019-13630
@@ -5389,18 +5452,18 @@ CVE-2019-13422
RESERVED
CVE-2019-13421
RESERVED
-CVE-2019-13420
- RESERVED
-CVE-2019-13419
- RESERVED
+CVE-2019-13420 (Search Guard versions before 21.0 had an timing side channel issue whe ...)
+ TODO: check
+CVE-2019-13419 (Search Guard versions before 23.1 had an issue that for aggregations c ...)
+ TODO: check
CVE-2019-13418 (Search Guard versions before 24.0 had an issue that values of string a ...)
TODO: check
CVE-2019-13417 (Search Guard versions before 24.0 had an issue that field caps and map ...)
TODO: check
-CVE-2019-13416
- RESERVED
-CVE-2019-13415
- RESERVED
+CVE-2019-13416 (Search Guard versions before 24.3 had an issue when Cross Cluster Sear ...)
+ TODO: check
+CVE-2019-13415 (Search Guard versions before 24.3 had an issue when Cross Cluster Sear ...)
+ TODO: check
CVE-2019-13414 (The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/ren ...)
NOT-FOR-US: Wordpress plugin
CVE-2019-13413 (The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection v ...)
@@ -9543,7 +9606,7 @@ CVE-2019-11810 (An issue was discovered in the Linux kernel before 5.0.7. A NULL
CVE-2019-11809 (An issue was discovered in Joomla! before 3.9.6. The debug views of co ...)
NOT-FOR-US: Joomla!
CVE-2018-20836 (An issue was discovered in the Linux kernel before 4.20. There is a ra ...)
- {DSA-4497-1 DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1}
- linux 5.2.6-1
NOTE: Fixed by: https://git.kernel.org/linus/b90cd6f2b905905fb42671009dc0e27c310a16ae
CVE-2019-11808 (Ratpack versions before 1.6.1 generate a session ID using a cryptograp ...)
@@ -10612,6 +10675,7 @@ CVE-2019-11460 (An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3
[jessie] - gnome-desktop3 <not-affected> (Vulnerable embedded gnome-desktop thumbnail script introduced later)
NOTE: https://gitlab.gnome.org/GNOME/gnome-desktop/issues/112
CVE-2019-11459 (The tiff_document_render() and tiff_document_get_thumbnail() functions ...)
+ {DLA-1882-1 DLA-1881-1}
- atril <unfixed> (unimportant; bug #927821)
- evince <unfixed> (unimportant; bug #927820)
NOTE: https://gitlab.gnome.org/GNOME/evince/issues/1129
@@ -11922,10 +11986,10 @@ CVE-2019-10945 (An issue was discovered in Joomla! before 3.9.5. The Media Manag
NOT-FOR-US: Joomla!
CVE-2019-10944
RESERVED
-CVE-2019-10943
- RESERVED
-CVE-2019-10942
- RESERVED
+CVE-2019-10943 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
+ TODO: check
+CVE-2019-10942 (A vulnerability has been identified in SCALANCE X-200 (All versions), ...)
+ TODO: check
CVE-2019-10941
RESERVED
CVE-2019-10940
@@ -11950,12 +12014,12 @@ CVE-2019-10931 (A vulnerability has been identified in SIPROTEC 5 device types 6
NOT-FOR-US: Siemens
CVE-2019-10930 (A vulnerability has been identified in SIPROTEC 5 device types 6MD85, ...)
NOT-FOR-US: Siemens
-CVE-2019-10929
- RESERVED
-CVE-2019-10928
- RESERVED
-CVE-2019-10927
- RESERVED
+CVE-2019-10929 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
+ TODO: check
+CVE-2019-10928 (A vulnerability has been identified in SCALANCE SC-600 (V2.0). An auth ...)
+ TODO: check
+CVE-2019-10927 (A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANC ...)
+ TODO: check
CVE-2019-10926 (A vulnerability has been identified in SIMATIC Ident MV420 family (All ...)
NOT-FOR-US: Siemens
CVE-2019-10925 (A vulnerability has been identified in SIMATIC Ident MV420 family (All ...)
@@ -12801,11 +12865,11 @@ CVE-2019-10640 (An issue was discovered in GitLab Community and Enterprise Editi
- gitlab 11.8.6+dfsg-1 (bug #926482)
NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10639 (The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows I ...)
- {DSA-4497-1 DLA-1862-1}
+ {DSA-4497-1 DLA-1885-1 DLA-1862-1}
- linux 4.19.37-1
NOTE: https://arxiv.org/pdf/1906.10478.pdf
CVE-2019-10638 (In the Linux kernel before 5.1.7, a device can be tracked by an attack ...)
- {DSA-4497-1 DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1}
- linux 5.2.6-1
NOTE: https://arxiv.org/pdf/1906.10478.pdf
CVE-2019-10637 (Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS10 ...)
@@ -13722,7 +13786,7 @@ CVE-2019-10217
NOTE: https://github.com/ansible/ansible/pull/59427
CVE-2019-10216 [-dSAFER escape via .buildfont1]
RESERVED
- {DSA-4499-1}
+ {DSA-4499-1 DLA-1880-1}
- ghostscript 9.27~dfsg-3.1 (bug #934638)
NOTE: https://www.openwall.com/lists/oss-security/2019/08/12/4
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701394
@@ -13758,7 +13822,7 @@ CVE-2019-10208 [postgres: Require schema qualification to cast to a temporary ty
NOTE: https://www.postgresql.org/about/news/1960/
CVE-2019-10207 [bluetooth: hci_uart: 0x0 address execution as nonprivileged user]
RESERVED
- {DSA-4497-1 DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1}
- linux 5.2.6-1
NOTE: https://www.openwall.com/lists/oss-security/2019/07/25/1
NOTE: https://lore.kernel.org/linux-bluetooth/20190725120909.31235-1-vdronov@redhat.com/T/#u
@@ -15466,6 +15530,7 @@ CVE-2019-1010008 (OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross
CVE-2019-1010007
RESERVED
CVE-2019-1010006 (Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Pos ...)
+ {DLA-1882-1 DLA-1881-1}
- atril <unfixed>
- evince 3.27.92-1
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=788980
@@ -19356,8 +19421,8 @@ CVE-2019-8450
RESERVED
CVE-2019-8449
RESERVED
-CVE-2019-8448
- RESERVED
+CVE-2019-8448 (The login.jsp resource in Jira before version 7.13.4, and from version ...)
+ TODO: check
CVE-2019-8447
RESERVED
CVE-2019-8446
@@ -30182,7 +30247,7 @@ CVE-2019-3901 (A race condition in perf_event_open() allows local attackers to l
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=807
NOTE: Fixed by: https://git.kernel.org/linus/79c9ce57eb2d5f1497546a3946b4ae21b6fdc438
CVE-2019-3900 (An infinite loop issue was found in the vhost_net kernel module in Lin ...)
- {DSA-4497-1}
+ {DSA-4497-1 DLA-1885-1 DLA-1884-1}
- linux 5.2.6-1
CVE-2019-3899 (It was found that default configuration of Heketi does not require any ...)
- heketi <itp> (bug #903384)
@@ -30259,7 +30324,7 @@ CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by wor
NOTE: https://pagure.io/389-ds-base/c/fcf2b5ddb (389-ds-base-1.4.0)
NOTE: https://pagure.io/389-ds-base/c/dd4b69b55 (389-ds-base-1.3.9)
CVE-2019-3882 (A flaw was found in the Linux kernel's vfio interface implementation t ...)
- {DSA-4497-1 DLA-1799-1}
+ {DSA-4497-1 DLA-1885-1 DLA-1799-1}
- linux 4.19.37-1
NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/1
NOTE: https://lore.kernel.org/lkml/155414977872.12780.13728555131525362206.stgit@gimli.home/T/#u
@@ -39472,7 +39537,7 @@ CVE-2019-1126 (A security feature bypass vulnerability exists in Active Director
NOT-FOR-US: Microsoft
CVE-2019-1125 [Spectre v1 SWAPGS]
RESERVED
- {DSA-4497-1 DSA-4495-1}
+ {DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1}
- linux 5.2.7-1
NOTE: https://access.redhat.com/articles/4329821
CVE-2019-1124 (A remote code execution vulnerability exists in the way that DirectWri ...)
@@ -42230,7 +42295,7 @@ CVE-2019-0222 (In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT fra
[jessie] - activemq <not-affected> (MQTT support not enabled)
NOTE: http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt
CVE-2019-0221 (The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 ...)
- {DLA-1810-1}
+ {DLA-1883-1 DLA-1810-1}
- tomcat9 9.0.16-4 (bug #929895)
- tomcat8 <removed>
- tomcat7 <removed>
@@ -72265,7 +72330,7 @@ CVE-2018-8016 (The default configuration in Apache Cassandra 3.8 through 3.11.1
CVE-2018-8015 (In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endle ...)
NOT-FOR-US: Apache ORC
CVE-2018-8014 (The defaults settings for the CORS filter provided in Apache Tomcat 9. ...)
- {DLA-1400-1}
+ {DLA-1883-1 DLA-1400-1}
- tomcat9 <not-affected> (Fixed before initial upload to Debian)
- tomcat8 8.5.32-1 (bug #898935)
[stretch] - tomcat8 <no-dsa> (Minor issue; user expected to configure filters appropriately)
@@ -78949,7 +79014,7 @@ CVE-2018-5996 (Insufficient exception handling in the method NCompress::NRar3::C
[wheezy] - p7zip-rar <no-dsa> (Non-free not supported)
NOTE: https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
CVE-2018-5995 (The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel ...)
- {DSA-4497-1 DLA-1799-1}
+ {DSA-4497-1 DLA-1885-1 DLA-1799-1}
- linux 4.15.4-1
[stretch] - linux <ignored> (kernel log restricted to root by default)
CVE-2018-5994 (SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via th ...)
@@ -95522,7 +95587,7 @@ CVE-2017-1000214 (GitPHP by xiphux is vulnerable to OS Command Injections ...)
CVE-2017-1000207 (A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger c ...)
NOT-FOR-US: Swagger-Parser
CVE-2017-1000159 (Command injection in evince via filename when printing to PDF. This af ...)
- {DLA-1204-1}
+ {DLA-1882-1 DLA-1881-1 DLA-1204-1}
- atril 1.20.0-1 (low)
[stretch] - atril <no-dsa> (Minor issue)
- evince 3.25.92-1 (low)
@@ -160413,6 +160478,7 @@ CVE-2016-5696 (net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not prop
CVE-2016-5389
REJECTED
CVE-2016-5388 (Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI S ...)
+ {DLA-1883-1}
- tomcat9 <not-affected> (Fixed before initial upload to Debian)
- tomcat8 8.0.37-1
- tomcat7 7.0.72-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a658d9a458abdbe022b827860d3b4e497a487a9c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a658d9a458abdbe022b827860d3b4e497a487a9c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190813/7189e5d9/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list