[Git][security-tracker-team/security-tracker][master] automatic update

Sun Aug 18 21:10:27 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
534880f0 by security tracker role at 2019-08-18T20:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2019-15148 (GoPro GPMF-parser 1.2.2 has an out-of-bounds write in OpenMP4Source in ...)
+	TODO: check
+CVE-2019-15147 (GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GPMF_Nex ...)
+	TODO: check
+CVE-2019-15146 (GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in ...)
+	TODO: check
+CVE-2019-15145 (DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack  ...)
+	TODO: check
+CVE-2019-15144 (In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate< ...)
+	TODO: check
+CVE-2019-15143 (In DjVuLibre 3.5.27, the bitmap reader component allows attackers to c ...)
+	TODO: check
+CVE-2019-15142 (In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows a ...)
+	TODO: check
+CVE-2019-15141 (WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows att ...)
+	TODO: check
+CVE-2019-15140 (coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to ca ...)
+	TODO: check
+CVE-2019-15139 (The XWD image (X Window System window dumping file) parsing component  ...)
+	TODO: check
+CVE-2019-15138
+	RESERVED
+CVE-2019-15137 (The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows f ...)
+	TODO: check
+CVE-2019-15136 (The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not ...)
+	TODO: check
+CVE-2019-15135 (The handshake protocol in Object Management Group (OMG) DDS Security 1 ...)
+	TODO: check
 CVE-2019-15134 (RIOT through 2019.07 contains a memory leak in the TCP implementation  ...)
 	NOT-FOR-US: RIOT RIOT-OS
 CVE-2019-15133 (In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by ...)
@@ -15,10 +43,10 @@ CVE-2019-15132 (Zabbix through 4.4.0alpha1 allows User Enumeration. With login r
 	NOTE: https://support.zabbix.com/browse/ZBX-16532
 CVE-2019-15131
 	RESERVED
-CVE-2019-15130
-	RESERVED
-CVE-2019-15129
-	RESERVED
+CVE-2019-15130 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681  ...)
+	TODO: check
+CVE-2019-15129 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681  ...)
+	TODO: check
 CVE-2019-15128
 	RESERVED
 CVE-2019-15127
@@ -1005,6 +1033,7 @@ CVE-2019-14811
 CVE-2019-14810
 	RESERVED
 CVE-2019-14809 (net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malfo ...)
+	{DSA-4503-1}
 	- golang-1.13 1.13~beta1-3 (bug #934954)
 	- golang-1.12 1.12.8-1
 	- golang-1.11 1.11.13-1
@@ -1163,7 +1192,7 @@ CVE-2019-14745 (In radare2 before 3.7.0, a command injection vulnerability exist
 	- radare2 <unfixed> (bug #934204)
 	NOTE: https://github.com/radare/radare2/pull/14690
 CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop files and c ...)
-	{DSA-4494-1}
+	{DSA-4494-1 DLA-1890-1}
 	- kconfig 5.54.0-2 (bug #934267)
 	- kde4libs 4:4.14.38-4 (bug #934268)
 	[buster] - kde4libs <no-dsa> (Minor issue)
@@ -5587,6 +5616,7 @@ CVE-2019-13567 (The Zoom Client before 4.4.53932.0709 on macOS allows remote cod
 CVE-2019-13566
 	RESERVED
 CVE-2019-13565 (An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL ...)
+	{DLA-1891-1}
 	- openldap 2.4.48+dfsg-1 (low; bug #932998)
 	[buster] - openldap <no-dsa> (Minor issue)
 	[stretch] - openldap <no-dsa> (Minor issue)
@@ -6921,6 +6951,7 @@ CVE-2019-13059
 CVE-2019-13058
 	RESERVED
 CVE-2019-13057 (An issue was discovered in the server in OpenLDAP before 2.4.48. When  ...)
+	{DLA-1891-1}
 	- openldap 2.4.48+dfsg-1 (low; bug #932997)
 	[buster] - openldap <no-dsa> (Minor issue)
 	[stretch] - openldap <no-dsa> (Minor issue)
@@ -17269,6 +17300,7 @@ CVE-2019-9515 (Some HTTP/2 implementations are vulnerable to a settings flood, p
 	NOTE: https://raw.githubusercontent.com/apache/trafficserver/8.0.x/CHANGELOG-8.0.4
 	NOTE: https://github.com/h2o/h2o/issues/2090
 CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood, potential ...)
+	{DSA-4503-1}
 	- golang-1.13 1.13~beta1-3 (bug #934955)
 	- golang-1.12 1.12.8-1
 	- golang-1.11 1.11.13-1
@@ -17302,6 +17334,7 @@ CVE-2019-9513 (Some HTTP/2 implementations are vulnerable to resource loops, pot
 	NOTE: https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
 	NOTE: https://github.com/nghttp2/nghttp2/releases/tag/v1.39.2
 CVE-2019-9512 (Some HTTP/2 implementations are vulnerable to ping floods, potentially ...)
+	{DSA-4503-1}
 	- golang-1.13 1.13~beta1-3 (bug #934955)
 	- golang-1.12 1.12.8-1
 	- golang-1.11 1.11.13-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/534880f0497e1ee6729f47ebe0cfc8164dbcd5fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/534880f0497e1ee6729f47ebe0cfc8164dbcd5fc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190818/e357a049/attachment.html>
