[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Aug 24 21:10:42 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5fbffa1a by security tracker role at 2019-08-24T20:10:26Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3788,6 +3788,7 @@ CVE-2019-14379 (SubTypeValidator.java in FasterXML jackson-databind before 2.9.9
NOTE: https://github.com/FasterXML/jackson-databind/issues/2387
NOTE: https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b
CVE-2019-14378 (ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overf ...)
+ {DSA-4506-1}
- qemu <unfixed> (bug #933741)
- qemu-kvm <removed>
- slirp4netns 0.3.2-1 (bug #933742)
@@ -7277,7 +7278,7 @@ CVE-2019-13347
CVE-2019-13346 (In MyT 1.5.1, the User[username] parameter has XSS. ...)
NOT-FOR-US: MyT
CVE-2019-13345 (The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_ ...)
- {DLA-1847-1}
+ {DSA-4507-1 DLA-1847-1}
- squid 4.8-1 (bug #931478)
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_6.txt
@@ -7786,6 +7787,7 @@ CVE-2019-13166
CVE-2019-13165
RESERVED
CVE-2019-13164 (qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a network inte ...)
+ {DSA-4506-1}
- qemu <unfixed> (bug #931351)
[buster] - qemu <postponed> (Minor issue, can be fixed along in future DSA)
- qemu-kvm <removed>
@@ -8668,6 +8670,7 @@ CVE-2019-12855 (In words.protocols.jabber.xmlstream in Twisted through 19.2.1, X
NOTE: https://github.com/twisted/twisted/pull/1147
NOTE: https://twistedmatrix.com/trac/ticket/9561
CVE-2019-12854 (Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4. ...)
+ {DSA-4507-1}
- squid 4.8-1
- squid3 <not-affected> (Vulnerable code not present; Vulnerable code only in 4.x series)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_1.txt
@@ -9443,7 +9446,7 @@ CVE-2019-12531
CVE-2019-12530 (Incorrect access control was discovered in the stdonato Dashboard plug ...)
NOT-FOR-US: Dashboard plugin for GLPI
CVE-2019-12529 (An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through ...)
- {DLA-1858-1}
+ {DSA-4507-1 DLA-1858-1}
- squid 4.8-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_2.txt
@@ -9451,6 +9454,7 @@ CVE-2019-12529 (An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x th
CVE-2019-12528
RESERVED
CVE-2019-12527 (An issue was discovered in Squid 4.0.23 through 4.7. When checking Bas ...)
+ {DSA-4507-1}
- squid 4.8-1
- squid3 <not-affected> (Vulnerable code introduced in 4.0.23)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_5.txt
@@ -9461,7 +9465,7 @@ CVE-2019-12527 (An issue was discovered in Squid 4.0.23 through 4.7. When checki
CVE-2019-12526
RESERVED
CVE-2019-12525 (An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through ...)
- {DLA-1858-1}
+ {DSA-4507-1 DLA-1858-1}
- squid 4.8-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_3.txt
@@ -15903,7 +15907,7 @@ CVE-2019-10100 (In JetBrains YouTrack Confluence plugin versions before 1.8.1.3,
CVE-2019-1000031 (A disk space or quota exhaustion issue exists in article2pdf_getfile.p ...)
NOT-FOR-US: article2pdf Wordpress plugin
CVE-2018-20815 (In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated ...)
- {DLA-1781-1}
+ {DSA-4506-1 DLA-1781-1}
- qemu 1:3.1+dfsg-7
- qemu-kvm <removed>
NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=da885fe1ee8b4589047484bd7fa05a4905b52b17
@@ -15964,6 +15968,7 @@ CVE-2019-10088 (A carefully crafted or corrupt zip file can cause an OOM in Apac
CVE-2019-10087
RESERVED
CVE-2019-10086 (In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class wa ...)
+ {DLA-1896-1}
- commons-beanutils 1.9.4-1
NOTE: https://issues.apache.org/jira/browse/BEANUTILS-520
NOTE: https://github.com/apache/commons-beanutils/pull/7
@@ -18462,6 +18467,7 @@ CVE-2019-9516 (Some HTTP/2 implementations are vulnerable to a header leak, pote
NOTE: https://github.com/nginx/nginx/commit/dbdd9ffea81d9db46fb88b5eba828f2ad080d388 (release-1.16.1)
NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
CVE-2019-9515 (Some HTTP/2 implementations are vulnerable to a settings flood, potent ...)
+ {DSA-4508-1}
- trafficserver <unfixed> (bug #934887)
- h2o 2.2.5+dfsg2-3 (bug #934886)
NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
@@ -18470,7 +18476,7 @@ CVE-2019-9515 (Some HTTP/2 implementations are vulnerable to a settings flood, p
NOTE: https://github.com/h2o/h2o/issues/2090
NOTE: https://github.com/h2o/h2o/commit/743d6b6118c29b75d0b84ef7950a2721c32dfe3f
CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood, potential ...)
- {DSA-4503-1}
+ {DSA-4508-1 DSA-4503-1}
- golang-1.13 1.13~beta1-3 (bug #934955)
- golang-1.12 1.12.8-1
- golang-1.11 1.11.13-1
@@ -18506,7 +18512,7 @@ CVE-2019-9513 (Some HTTP/2 implementations are vulnerable to resource loops, pot
NOTE: https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
NOTE: https://github.com/nghttp2/nghttp2/releases/tag/v1.39.2
CVE-2019-9512 (Some HTTP/2 implementations are vulnerable to ping floods, potentially ...)
- {DSA-4503-1}
+ {DSA-4508-1 DSA-4503-1}
- golang-1.13 1.13~beta1-3 (bug #934955)
- golang-1.12 1.12.8-1
- golang-1.11 1.11.13-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5fbffa1a486d8d9d3044d02cd6fe9e9a1c900c52
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5fbffa1a486d8d9d3044d02cd6fe9e9a1c900c52
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190824/fa50878e/attachment.html>
More information about the debian-security-tracker-commits
mailing list