[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Aug 16 09:10:29 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
76462ed7 by security tracker role at 2019-08-16T08:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,166 @@
-CVE-2019-15099 [Fix a NULL-ptr-deref bug in ath10k_usb_alloc_urb_from_pipe]
+CVE-2019-15116
+	RESERVED
+CVE-2019-15115
+	RESERVED
+CVE-2019-15114
+	RESERVED
+CVE-2019-15113
+	RESERVED
+CVE-2019-15112
+	RESERVED
+CVE-2019-15111
+	RESERVED
+CVE-2019-15110
+	RESERVED
+CVE-2019-15109
+	RESERVED
+CVE-2019-15108 (An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-P ...)
+	TODO: check
+CVE-2019-15107 (An issue was discovered in Webmin through 1.920. The parameter old in  ...)
+	TODO: check
+CVE-2019-15106 (An issue was discovered in Zoho ManageEngine OpManager through 12.4x.  ...)
+	TODO: check
+CVE-2019-15105 (An issue was discovered in Zoho ManageEngine Application Manager throu ...)
+	TODO: check
+CVE-2019-15104 (An issue was discovered in Zoho ManageEngine OpManager through 12.4x.  ...)
+	TODO: check
+CVE-2019-15103
+	RESERVED
+CVE-2019-15102
+	RESERVED
+CVE-2019-15101
+	RESERVED
+CVE-2019-15100
+	RESERVED
+CVE-2019-15097
+	RESERVED
+CVE-2019-15096
+	RESERVED
+CVE-2019-15095 (DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi- ...)
+	TODO: check
+CVE-2019-15094
+	RESERVED
+CVE-2019-15093
+	RESERVED
+CVE-2019-15092
+	RESERVED
+CVE-2019-15091
+	RESERVED
+CVE-2019-15089
+	RESERVED
+CVE-2019-15088
+	RESERVED
+CVE-2019-15087
+	RESERVED
+CVE-2019-15086
+	RESERVED
+CVE-2019-15085
+	RESERVED
+CVE-2019-15084 (Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, insta ...)
+	TODO: check
+CVE-2019-15083
+	RESERVED
+CVE-2018-20974
+	RESERVED
+CVE-2018-20973
+	RESERVED
+CVE-2018-20972
+	RESERVED
+CVE-2018-20971
+	RESERVED
+CVE-2018-20970
+	RESERVED
+CVE-2018-20969 (do_ed_script in pch.c in GNU patch through 2.7.6 does not block string ...)
+	TODO: check
+CVE-2017-18548
+	RESERVED
+CVE-2017-18547
+	RESERVED
+CVE-2017-18546
+	RESERVED
+CVE-2017-18545
+	RESERVED
+CVE-2017-18544
+	RESERVED
+CVE-2017-18543
+	RESERVED
+CVE-2017-18542
+	RESERVED
+CVE-2017-18541
+	RESERVED
+CVE-2017-18540
+	RESERVED
+CVE-2017-18539
+	RESERVED
+CVE-2017-18538
+	RESERVED
+CVE-2017-18537
+	RESERVED
+CVE-2017-18536
+	RESERVED
+CVE-2017-18535
+	RESERVED
+CVE-2017-18534
+	RESERVED
+CVE-2017-18533
+	RESERVED
+CVE-2017-18532
+	RESERVED
+CVE-2017-18531
+	RESERVED
+CVE-2017-18530
+	RESERVED
+CVE-2017-18529
+	RESERVED
+CVE-2017-18528
+	RESERVED
+CVE-2017-18527
+	RESERVED
+CVE-2017-18526
+	RESERVED
+CVE-2016-10904
+	RESERVED
+CVE-2016-10903
+	RESERVED
+CVE-2016-10902
+	RESERVED
+CVE-2016-10901
+	RESERVED
+CVE-2016-10900
+	RESERVED
+CVE-2016-10899
+	RESERVED
+CVE-2016-10898
+	RESERVED
+CVE-2016-10897
+	RESERVED
+CVE-2016-10896
+	RESERVED
+CVE-2016-10895
+	RESERVED
+CVE-2015-9326
+	RESERVED
+CVE-2015-9325
+	RESERVED
+CVE-2015-9324
+	RESERVED
+CVE-2015-9323
+	RESERVED
+CVE-2015-9322
+	RESERVED
+CVE-2015-9321
+	RESERVED
+CVE-2015-9320
+	RESERVED
+CVE-2014-10376
+	RESERVED
+CVE-2019-15099 (drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2. ...)
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/linux-wireless/20190804003101.11541-1-benquike@gmail.com/T/#u
-CVE-2019-15098 [Fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe]
+CVE-2019-15098 (drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2. ...)
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike@gmail.com/T/#u
-CVE-2019-15090 [scsi: qedi: remove memset/memcpy to nfunc and use func instead]
+CVE-2019-15090 (An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux k ...)
 	- linux 5.2.6-1
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -67,7 +223,7 @@ CVE-2017-18517
 	RESERVED
 CVE-2017-18516
 	RESERVED
-CVE-2016-10894 [xtrlock does not block multitouch events]
+CVE-2016-10894 (xtrlock through 2.10 does not block multitouch events. Consequently, a ...)
 	- xtrlock <unfixed> (bug #830726)
 CVE-2016-10893
 	RESERVED
@@ -2268,6 +2424,7 @@ CVE-2019-14439 (A Polymorphic Typing issue was discovered in FasterXML jackson-d
 CVE-2018-20871 (In Univa Grid Engine before 8.6.3, when configured for Docker jobs and ...)
 	TODO: check, might affect src:gridengine as well
 CVE-2015-9290 (In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c ...)
+	{DLA-1887-1}
 	- freetype 2.6.1-0.1
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=e3058617f384cb6709f3878f753fa17aca9e3a30
 	NOTE: https://savannah.nongnu.org/bugs/?45923
@@ -7430,10 +7587,10 @@ CVE-2019-XXXX [security issues fixed in 1.8.5]
 	NOTE: Workaround entry for DSA-4473-1/DLA-1837-1 until CVEs assigned
 CVE-2019-12793
 	RESERVED
-CVE-2019-12792
-	RESERVED
-CVE-2019-12791
-	RESERVED
+CVE-2019-12792 (A command injection vulnerability in UploadHandler.php in Vesta Contro ...)
+	TODO: check
+CVE-2019-12791 (A directory traversal vulnerability in the v-list-user script in Vesta ...)
+	TODO: check
 CVE-2019-12790 (In radare2 through 3.5.1, there is a heap-based buffer over-read in th ...)
 	- radare2 <unfixed> (bug #930344)
 	[buster] - radare2 <no-dsa> (Minor issue)
@@ -8775,15 +8932,15 @@ CVE-2019-12261 (Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow
 	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12260 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP compon ...)
 	NOT-FOR-US: Wind River VxWorks
-CVE-2019-12259 (Wind River VxWorks 6.9 and vx7 has an array index error in the IGMPv3  ...)
+CVE-2019-12259 (Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error ...)
 	NOT-FOR-US: Wind River VxWorks
-CVE-2019-12258 (Wind River VxWorks 6.5 through 6.9 and vx7 has Session Fixation in the ...)
+CVE-2019-12258 (Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP com ...)
 	NOT-FOR-US: Wind River VxWorks
-CVE-2019-12257 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the DHCP clien ...)
+CVE-2019-12257 (Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP c ...)
 	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12256 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 compo ...)
 	NOT-FOR-US: Wind River VxWorks
-CVE-2019-12255 (Wind River VxWorks 6.5 through 6.9.3 has a Buffer Overflow in the TCP  ...)
+CVE-2019-12255 (Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the TCP co ...)
 	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12254
 	RESERVED
@@ -14531,8 +14688,7 @@ CVE-2019-10082 [mod_http2, read-after-free in h2 connection shutdown]
 	RESERVED
 	- apache2 2.4.41-1
 	NOTE: Affects upstream versions 2.4.18 to 2.4.39
-CVE-2019-10081 [mod_http2, memory corruption on early pushes]
-	RESERVED
+CVE-2019-10081 (HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configur ...)
 	- apache2 2.4.41-1
 	NOTE: Affects upstream versions 2.4.20 to 2.4.39
 CVE-2019-10080
@@ -15898,18 +16054,15 @@ CVE-2019-9854
 	RESERVED
 CVE-2019-9853
 	RESERVED
-CVE-2019-9852 [Insufficient URL encoding flaw in allowed script location check]
-	RESERVED
+CVE-2019-9852 (LibreOffice has a feature where documents can specify that pre-install ...)
 	{DSA-4501-1}
 	- libreoffice 1:6.3.0-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9852/
-CVE-2019-9851 [LibreLogo global-event script execution]
-	RESERVED
+CVE-2019-9851 (LibreOffice is typically bundled with LibreLogo, a programmable turtle ...)
 	{DSA-4501-1}
 	- libreoffice 1:6.3.0-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9851/
-CVE-2019-9850 [Insufficient url validation allowing LibreLogo script execution]
-	RESERVED
+CVE-2019-9850 (LibreOffice is typically bundled with LibreLogo, a programmable turtle ...)
 	{DSA-4501-1}
 	- libreoffice 1:6.3.0-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9850/
@@ -33121,7 +33274,7 @@ CVE-2018-1000814 (aio-libs aiohttp-session version 2.6.0 and earlier contains a
 	NOT-FOR-US: aio-libs aiohttp-session
 CVE-2018-1000813 (Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scriptin ...)
 	- backdrop <itp> (bug #914257)
-CVE-2018-1000812 (&#xc1;rtica Soluciones Tecnol&#xf3;gicas Integria IMS version  ...)
+CVE-2018-1000812 (Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versio ...)
 	NOT-FOR-US: Integria IMS
 CVE-2018-1000811 (bludit version 3.0.0 contains a Unrestricted Upload of File with Dange ...)
 	NOT-FOR-US: bludit
@@ -56655,8 +56808,8 @@ CVE-2018-14064 (The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devic
 	NOT-FOR-US: VelotiSmart WiFi B-380 camera devices
 CVE-2018-14063 (The increaseApproval function of a smart contract implementation for T ...)
 	NOT-FOR-US: smart contract
-CVE-2018-14062
-	RESERVED
+CVE-2018-14062 (The COSPAS-SARSAT protocol allows remote attackers to forge messages,  ...)
+	TODO: check
 CVE-2018-14061
 	RESERVED
 CVE-2018-14060 (OS command injection in the AP mode settings feature in /cgi-bin/luci  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/76462ed7d4605f04cbba62d3ee399fe3c88c0858

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/76462ed7d4605f04cbba62d3ee399fe3c88c0858
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190816/fcf8eab5/attachment.html>

More information about the debian-security-tracker-commits mailing list