[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Aug 16 21:10:33 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c384f9f4 by security tracker role at 2019-08-16T20:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,17 @@
-CVE-2019-15118 [ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term]
+CVE-2019-15123
+	RESERVED
+CVE-2019-15122
+	RESERVED
+CVE-2019-15121
+	RESERVED
+CVE-2019-15120 (The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode. ...)
+	TODO: check
+CVE-2019-15119 (lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permission ...)
+	TODO: check
+CVE-2019-15118 (check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2. ...)
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/19bce474c45be69a284ecee660aa12d8f1e88f18
-CVE-2019-15117 [ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit]
+CVE-2019-15117 (parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel throug ...)
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/daac07156b330b18eb5071aec4b3ddca1c377f2c
 CVE-2019-15116
@@ -50,8 +60,8 @@ CVE-2019-15093
 	RESERVED
 CVE-2019-15092
 	RESERVED
-CVE-2019-15091
-	RESERVED
+CVE-2019-15091 (filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&am ...)
+	TODO: check
 CVE-2019-15089
 	RESERVED
 CVE-2019-15088
@@ -77,10 +87,11 @@ CVE-2018-20971
 CVE-2018-20970
 	RESERVED
 CVE-2018-20969 (do_ed_script in pch.c in GNU patch through 2.7.6 does not block string ...)
+	{DSA-4489-1 DLA-1864-1}
 	- patch 2.7.6-5
 	NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0
-CVE-2017-18548
-	RESERVED
+CVE-2017-18548 (The note-press plugin before 0.1.2 for WordPress has SQL injection. ...)
+	TODO: check
 CVE-2017-18547
 	RESERVED
 CVE-2017-18546
@@ -125,8 +136,8 @@ CVE-2017-18527
 	RESERVED
 CVE-2017-18526
 	RESERVED
-CVE-2016-10904
-	RESERVED
+CVE-2016-10904 (The olimometer plugin before 2.57 for WordPress has SQL injection. ...)
+	TODO: check
 CVE-2016-10903
 	RESERVED
 CVE-2016-10902
@@ -145,10 +156,10 @@ CVE-2016-10896
 	RESERVED
 CVE-2016-10895
 	RESERVED
-CVE-2015-9326
-	RESERVED
-CVE-2015-9325
-	RESERVED
+CVE-2015-9326 (The wp-business-intelligence-lite plugin before 1.6.3 for WordPress ha ...)
+	TODO: check
+CVE-2015-9325 (The visitors-online plugin before 0.4 for WordPress has SQL injection. ...)
+	TODO: check
 CVE-2015-9324
 	RESERVED
 CVE-2015-9323
@@ -729,8 +740,8 @@ CVE-2019-14925
 	RESERVED
 CVE-2019-14924 (An issue was discovered in GCDWebServer before 3.5.3. The method moveI ...)
 	NOT-FOR-US: GCDWebServer
-CVE-2019-14923
-	RESERVED
+CVE-2019-14923 (EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharac ...)
+	TODO: check
 CVE-2019-14922
 	RESERVED
 CVE-2019-14921
@@ -6150,6 +6161,7 @@ CVE-2019-13307 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at Mag
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6d26d4e2f07375ddbf46a857d309d51eeff7ee1
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/643921ca69a20b203faebd0b287d8b7012dc749d
 CVE-2019-13306 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...)
+	{DLA-1888-1}
 	- imagemagick <unfixed> (bug #931449)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1612
 	NOTE: initial fix:
@@ -6157,10 +6169,12 @@ CVE-2019-13306 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at co
 	NOTE: later reverted by the CVE-2019-13305 fix which is the right one:
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
 CVE-2019-13305 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...)
+	{DLA-1888-1}
 	- imagemagick <unfixed> (bug #931452)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1613
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
 CVE-2019-13304 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...)
+	{DLA-1888-1}
 	- imagemagick <unfixed> (bug #931453)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1614
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/bfa3b9610c83227894c92b0d312ad327fceb6241
@@ -6190,6 +6204,7 @@ CVE-2019-13298 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at Mag
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1611
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d4fc44b58a14f76b1ac997517d742ee12c9dc5d3
 CVE-2019-13297 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...)
+	{DLA-1888-1}
 	- imagemagick <unfixed> (bug #931455)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1609
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/35c7032723d85eee7318ff6c82f031fa2666b773
@@ -6200,6 +6215,7 @@ CVE-2019-13296 (ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagic
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ce08a3691a8ac29125e29fc41967b3737fa3f425
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1604
 CVE-2019-13295 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...)
+	{DLA-1888-1}
 	- imagemagick <unfixed> (bug #931457)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1608
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953
@@ -6609,6 +6625,7 @@ CVE-2019-13136 (ImageMagick before 7.0.8-50 has an integer overflow vulnerabilit
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1602
 CVE-2019-13135 (ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnera ...)
+	{DLA-1888-1}
 	- imagemagick <unfixed> (bug #932079)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1599
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1e59b29e520d2beab73e8c78aacd5f1c0d76196d
@@ -7080,6 +7097,7 @@ CVE-2019-12975 (ImageMagick 7.0.8-34 has a memory leak vulnerability in the Writ
 	- imagemagick <unfixed> (unimportant; bug #931193)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1517
 CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in coders/pa ...)
+	{DLA-1888-1}
 	- imagemagick <unfixed> (bug #931196)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1515
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24
@@ -20823,8 +20841,8 @@ CVE-2019-8065
 	RESERVED
 CVE-2019-8064
 	RESERVED
-CVE-2019-8063
-	RESERVED
+CVE-2019-8063 (Creative Cloud Desktop Application 4.6.1 and earlier versions have an  ...)
+	TODO: check
 CVE-2019-8062 (Adobe After Effects versions 16 and earlier have an insecure library l ...)
 	NOT-FOR-US: Adobe
 CVE-2019-8061
@@ -21021,8 +21039,8 @@ CVE-2019-7966
 	RESERVED
 CVE-2019-7965
 	RESERVED
-CVE-2019-7964
-	RESERVED
+CVE-2019-7964 (Adobe Experience Manager versions 6.5, and 6.4 have an authentication  ...)
+	TODO: check
 CVE-2019-7963 (Adobe Bridge CC version 9.0.2 and earlier versions have an out of boun ...)
 	NOT-FOR-US: Adobe Bridge CC
 CVE-2019-7962
@@ -21031,12 +21049,12 @@ CVE-2019-7961 (Adobe Prelude CC versions 8.1 and earlier have an insecure librar
 	NOT-FOR-US: Adobe
 CVE-2019-7960
 	RESERVED
-CVE-2019-7959
-	RESERVED
-CVE-2019-7958
-	RESERVED
-CVE-2019-7957
-	RESERVED
+CVE-2019-7959 (Creative Cloud Desktop Application versions 4.6.1 and earlier have a u ...)
+	TODO: check
+CVE-2019-7958 (Creative Cloud Desktop Application versions 4.6.1 and earlier have an  ...)
+	TODO: check
+CVE-2019-7957 (Creative Cloud Desktop Application versions 4.6.1 and earlier have a s ...)
+	TODO: check
 CVE-2019-7956 (Adobe Dreamweaver direct download installer versions 19.0 and below, 1 ...)
 	NOT-FOR-US: Adobe
 CVE-2019-7955 (Adobe Experience Manager version 6.4 and ealier have a Reflected Cross ...)
@@ -27414,8 +27432,7 @@ CVE-2019-5479
 	RESERVED
 CVE-2019-5478
 	RESERVED
-CVE-2019-5477 [Command Injection Vulnerability]
-	RESERVED
+CVE-2019-5477 (A command injection vulnerability in Nokogiri v1.10.3 and earlier allo ...)
 	- ruby-nokogiri <unfixed> (bug #934802)
 	NOTE: https://github.com/sparklemotion/nokogiri/issues/1915
 	NOTE: Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file
@@ -57309,7 +57326,7 @@ CVE-2018-13886 (Unchecked OTA field in GNSS XTRA3 lead to integer overflow and t
 CVE-2018-13885 (Possible memory overread may be lead to access of sensitive data in Sn ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-13884
-	RESERVED
+	REJECTED
 CVE-2018-13883
 	RESERVED
 CVE-2018-13882



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c384f9f4559a80c707b1f49244ee69332276039c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c384f9f4559a80c707b1f49244ee69332276039c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190816/edc8b4d7/attachment.html>

More information about the debian-security-tracker-commits mailing list