[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Aug 26 21:10:30 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aa0ff251 by security tracker role at 2019-08-26T20:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,107 +1,243 @@
-CVE-2019-15574
+CVE-2019-15642 (rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execu ...)
+	TODO: check
+CVE-2019-15641 (xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. B ...)
+	TODO: check
+CVE-2019-15640 (Limesurvey before 3.17.10 does not validate both the MIME type and fil ...)
+	TODO: check
+CVE-2019-15639
+	RESERVED
+CVE-2019-15638
+	RESERVED
+CVE-2019-15637 (Numerous Tableau products are vulnerable to XXE via a malicious workbo ...)
+	TODO: check
+CVE-2019-15636
+	RESERVED
+CVE-2019-15635
+	RESERVED
+CVE-2019-15634
+	RESERVED
+CVE-2019-15633
+	RESERVED
+CVE-2019-15632
+	RESERVED
+CVE-2019-15631
+	RESERVED
+CVE-2019-15630
 	RESERVED
-CVE-2019-15573
+CVE-2019-15629
 	RESERVED
-CVE-2019-15572
+CVE-2019-15628
 	RESERVED
-CVE-2019-15571
+CVE-2019-15627
 	RESERVED
-CVE-2019-15570
+CVE-2019-15626
 	RESERVED
-CVE-2019-15569
+CVE-2019-15625
 	RESERVED
-CVE-2019-15568
+CVE-2019-15624
 	RESERVED
-CVE-2019-15567
+CVE-2019-15623
 	RESERVED
-CVE-2019-15566
+CVE-2019-15622
 	RESERVED
-CVE-2019-15565
+CVE-2019-15621
 	RESERVED
-CVE-2019-15564
+CVE-2019-15620
 	RESERVED
-CVE-2019-15563
+CVE-2019-15619
 	RESERVED
-CVE-2019-15562
+CVE-2019-15618
 	RESERVED
-CVE-2019-15561
+CVE-2019-15617
 	RESERVED
-CVE-2019-15560
+CVE-2019-15616
 	RESERVED
-CVE-2019-15559
+CVE-2019-15615
 	RESERVED
-CVE-2019-15558
+CVE-2019-15614
 	RESERVED
-CVE-2019-15557
+CVE-2019-15613
 	RESERVED
-CVE-2019-15556
+CVE-2019-15612
 	RESERVED
-CVE-2019-15555
+CVE-2019-15611
 	RESERVED
-CVE-2019-15554
+CVE-2019-15610
 	RESERVED
-CVE-2019-15553
+CVE-2019-15609
 	RESERVED
-CVE-2019-15552
+CVE-2019-15608
 	RESERVED
-CVE-2019-15551
+CVE-2019-15607
 	RESERVED
-CVE-2019-15550
+CVE-2019-15606
 	RESERVED
-CVE-2019-15549
+CVE-2019-15605
 	RESERVED
-CVE-2019-15548
+CVE-2019-15604
 	RESERVED
-CVE-2019-15547
+CVE-2019-15603
 	RESERVED
-CVE-2019-15546
+CVE-2019-15602
 	RESERVED
-CVE-2019-15545
+CVE-2019-15601
 	RESERVED
-CVE-2019-15544
+CVE-2019-15600
 	RESERVED
-CVE-2019-15543
+CVE-2019-15599
 	RESERVED
-CVE-2019-15542
+CVE-2019-15598
 	RESERVED
-CVE-2018-21000
+CVE-2019-15597
 	RESERVED
-CVE-2018-20999
+CVE-2019-15596
 	RESERVED
-CVE-2018-20998
+CVE-2019-15595
 	RESERVED
-CVE-2018-20997
+CVE-2019-15594
 	RESERVED
-CVE-2018-20996
+CVE-2019-15593
 	RESERVED
-CVE-2018-20995
+CVE-2019-15592
 	RESERVED
-CVE-2018-20994
+CVE-2019-15591
 	RESERVED
-CVE-2018-20993
+CVE-2019-15590
 	RESERVED
-CVE-2018-20992
+CVE-2019-15589
 	RESERVED
-CVE-2018-20991
+CVE-2019-15588
 	RESERVED
-CVE-2018-20990
+CVE-2019-15587
 	RESERVED
-CVE-2018-20989
+CVE-2019-15586
 	RESERVED
-CVE-2017-18589
+CVE-2019-15585
 	RESERVED
-CVE-2017-18588
+CVE-2019-15584
 	RESERVED
-CVE-2017-18587
+CVE-2019-15583
 	RESERVED
-CVE-2016-10933
+CVE-2019-15582
 	RESERVED
-CVE-2016-10932
+CVE-2019-15581
 	RESERVED
-CVE-2016-10931
+CVE-2019-15580
 	RESERVED
-CVE-2019-15541
+CVE-2019-15579
 	RESERVED
+CVE-2019-15578
+	RESERVED
+CVE-2019-15577
+	RESERVED
+CVE-2019-15576
+	RESERVED
+CVE-2019-15575
+	RESERVED
+CVE-2019-15574 (Gesior-AAC before 2019-05-01 allows serviceID SQL injection in account ...)
+	TODO: check
+CVE-2019-15573 (Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. ...)
+	TODO: check
+CVE-2019-15572 (Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in ...)
+	TODO: check
+CVE-2019-15571 (The WEB control panel before 2019-04-30 for ClonOS allows SQL injectio ...)
+	TODO: check
+CVE-2019-15570 (BEdita through 4.0.0-RC2 allows SQL injection during a save operation  ...)
+	TODO: check
+CVE-2019-15569 (HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows  ...)
+	TODO: check
+CVE-2019-15568 (idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform  ...)
+	TODO: check
+CVE-2019-15567 (OpenForis Arena before 2019-05-07 allows SQL injection in the sorting  ...)
+	TODO: check
+CVE-2019-15566 (The Alfresco application before 1.8.7 for Android allows SQL injection ...)
+	TODO: check
+CVE-2019-15565 (The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection ...)
+	TODO: check
+CVE-2019-15564 (The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection ...)
+	TODO: check
+CVE-2019-15563 (Observational Health Data Sciences and Informatics (OHDSI) WebAPI befo ...)
+	TODO: check
+CVE-2019-15562 (GORM before 1.9.10 allows SQL injection via incomplete parentheses. ...)
+	TODO: check
+CVE-2019-15561 (FlashLingo before 2019-06-12 allows SQL injection, related to flashlin ...)
+	TODO: check
+CVE-2019-15560 (The Reviews Module before 2019-06-14 for OpenSource Table allows SQL i ...)
+	TODO: check
+CVE-2019-15559 (DianoxDragon Hawn before 2019-07-10 allows SQL injection. ...)
+	TODO: check
+CVE-2019-15558 (XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, rel ...)
+	TODO: check
+CVE-2019-15557 (XM^online 2 User Account and Authentication server 1.0.0 allows SQL in ...)
+	TODO: check
+CVE-2019-15556 (Pvanloon1983 social_network before 2019-07-03 allows SQL injection in  ...)
+	TODO: check
+CVE-2019-15555 (FredReinink Wellness-app before 2019-06-19 allows SQL injection, relat ...)
+	TODO: check
+CVE-2019-15554 (An issue was discovered in the smallvec crate before 0.6.10 for Rust.  ...)
+	TODO: check
+CVE-2019-15553 (An issue was discovered in the memoffset crate before 0.5.0 for Rust.  ...)
+	TODO: check
+CVE-2019-15552 (An issue was discovered in the libflate crate before 0.1.25 for Rust.  ...)
+	TODO: check
+CVE-2019-15551 (An issue was discovered in the smallvec crate before 0.6.10 for Rust.  ...)
+	TODO: check
+CVE-2019-15550 (An issue was discovered in the simd-json crate before 0.1.15 for Rust. ...)
+	TODO: check
+CVE-2019-15549 (An issue was discovered in the asn1_der crate before 0.6.2 for Rust. A ...)
+	TODO: check
+CVE-2019-15548 (An issue was discovered in the ncurses crate through 5.99.0 for Rust.  ...)
+	TODO: check
+CVE-2019-15547 (An issue was discovered in the ncurses crate through 5.99.0 for Rust.  ...)
+	TODO: check
+CVE-2019-15546 (An issue was discovered in the pancurses crate through 0.16.1 for Rust ...)
+	TODO: check
+CVE-2019-15545 (An issue was discovered in the libp2p-core crate before 0.8.1 for Rust ...)
+	TODO: check
+CVE-2019-15544 (An issue was discovered in the protobuf crate before 2.6.0 for Rust. A ...)
+	TODO: check
+CVE-2019-15543 (An issue was discovered in the slice-deque crate before 0.2.0 for Rust ...)
+	TODO: check
+CVE-2019-15542 (An issue was discovered in the ammonia crate before 2.1.0 for Rust. Th ...)
+	TODO: check
+CVE-2018-21000 (An issue was discovered in the safe-transmute crate before 0.10.1 for  ...)
+	TODO: check
+CVE-2018-20999 (An issue was discovered in the orion crate before 0.11.2 for Rust. res ...)
+	TODO: check
+CVE-2018-20998 (An issue was discovered in the arrayfire crate before 3.6.0 for Rust.  ...)
+	TODO: check
+CVE-2018-20997 (An issue was discovered in the openssl crate before 0.10.9 for Rust. A ...)
+	TODO: check
+CVE-2018-20996 (An issue was discovered in the crossbeam crate before 0.4.1 for Rust.  ...)
+	TODO: check
+CVE-2018-20995 (An issue was discovered in the slice-deque crate before 0.1.16 for Rus ...)
+	TODO: check
+CVE-2018-20994 (An issue was discovered in the trust-dns-proto crate before 0.5.0-alph ...)
+	TODO: check
+CVE-2018-20993 (An issue was discovered in the yaml-rust crate before 0.4.1 for Rust.  ...)
+	TODO: check
+CVE-2018-20992 (An issue was discovered in the claxon crate before 0.4.1 for Rust. Uni ...)
+	TODO: check
+CVE-2018-20991 (An issue was discovered in the smallvec crate before 0.6.3 for Rust. T ...)
+	TODO: check
+CVE-2018-20990 (An issue was discovered in the tar crate before 0.4.16 for Rust. Arbit ...)
+	TODO: check
+CVE-2018-20989 (An issue was discovered in the untrusted crate before 0.6.2 for Rust.  ...)
+	TODO: check
+CVE-2017-18589 (An issue was discovered in the cookie crate before 0.7.6 for Rust. Lar ...)
+	TODO: check
+CVE-2017-18588 (An issue was discovered in the security-framework crate before 0.1.12  ...)
+	TODO: check
+CVE-2017-18587 (An issue was discovered in the hyper crate before 0.9.18 for Rust. It  ...)
+	TODO: check
+CVE-2016-10933 (An issue was discovered in the portaudio crate through 0.7.0 for Rust. ...)
+	TODO: check
+CVE-2016-10932 (An issue was discovered in the hyper crate before 0.9.4 for Rust on Wi ...)
+	TODO: check
+CVE-2016-10931 (An issue was discovered in the openssl crate before 0.9.0 for Rust. Th ...)
+	TODO: check
+CVE-2019-15541 (rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for ...)
+	TODO: check
 CVE-2019-15540 (filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2. ...)
 	NOT-FOR-US: libMirage
 CVE-2019-15539
@@ -116,12 +252,12 @@ CVE-2019-15536 (The Acclaim block plugin before 2019-06-26 for Moodle allows SQL
 	NOT-FOR-US: Acclaim block plugin for Moodle
 CVE-2019-15535 (Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. ...)
 	NOT-FOR-US: Tasking Manager
-CVE-2019-15534
-	RESERVED
-CVE-2019-15533
-	RESERVED
-CVE-2019-15532
-	RESERVED
+CVE-2019-15534 (Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.upda ...)
+	TODO: check
+CVE-2019-15533 (XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php ...)
+	TODO: check
+CVE-2019-15532 (CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBrut ...)
+	TODO: check
 CVE-2019-15531 (GNU Libextractor through 1.9 has a heap-based buffer over-read in the  ...)
 	- libextractor <unfixed> (bug #935553)
 	NOTE: https://bugs.gnunet.org/view.php?id=5846
@@ -138,14 +274,14 @@ CVE-2019-15526 (An issue was discovered on D-Link DIR-823G devices with firmware
 	NOT-FOR-US: D-Link
 CVE-2019-15525 (There is Missing SSL Certificate Validation in the pw3270 terminal emu ...)
 	TODO: check
-CVE-2019-15524
-	RESERVED
+CVE-2019-15524 (CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php  ...)
+	TODO: check
 CVE-2019-15523
 	RESERVED
 CVE-2019-15522
 	RESERVED
-CVE-2019-15521
-	RESERVED
+CVE-2019-15521 (Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and ...)
+	TODO: check
 CVE-2019-15520 (comelz Quark before 2019-03-26 allows directory traversal to locations ...)
 	TODO: check
 CVE-2019-15519 (Power-Response before 2019-02-02 allows directory traversal (up to the ...)
@@ -156,8 +292,8 @@ CVE-2019-15517 (jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f director
 	TODO: check
 CVE-2019-15516 (Cuberite before 2019-06-11 allows webadmin directory traversal via ... ...)
 	TODO: check
-CVE-2019-15515
-	RESERVED
+CVE-2019-15515 (Discourse 2.3.2 sends the CSRF token in the query string. ...)
+	TODO: check
 CVE-2019-15514 (The Privacy > Phone Number feature in the Telegram app 5.10 for And ...)
 	TODO: check
 CVE-2019-15513 (An issue was discovered in OpenWrt libuci (aka Library for the Unified ...)
@@ -174,18 +310,18 @@ CVE-2019-15508 (In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request
 	TODO: check
 CVE-2019-15507 (In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request pr ...)
 	TODO: check
-CVE-2019-15506
-	RESERVED
+CVE-2019-15506 (An issue was discovered in Kaseya Virtual System Administrator (VSA) t ...)
+	TODO: check
 CVE-2019-15505 (drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through ...)
 	- linux <unfixed>
 CVE-2019-15504 (drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2 ...)
 	- linux <unfixed>
-CVE-2019-15503
-	RESERVED
+CVE-2019-15503 (cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCM ...)
+	TODO: check
 CVE-2019-15502
 	RESERVED
-CVE-2019-15501
-	RESERVED
+CVE-2019-15501 (Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-20 ...)
+	TODO: check
 CVE-2019-15500
 	RESERVED
 CVE-2019-15499 (CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element wi ...)
@@ -208,8 +344,8 @@ CVE-2019-15491 (openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. ...)
 	NOT-FOR-US: openITCOCKPIT
 CVE-2019-15490 (openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. ...)
 	NOT-FOR-US: openITCOCKPIT
-CVE-2019-15489
-	RESERVED
+CVE-2019-15489 (laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XS ...)
+	TODO: check
 CVE-2019-15488 (Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP se ...)
 	TODO: check
 CVE-2019-15487 (DfE School Experience before v16333-GA has XSS via a teacher training  ...)
@@ -228,10 +364,10 @@ CVE-2019-15481 (Kimai v2 before 1.1 has XSS via a timesheet description. ...)
 	TODO: check
 CVE-2019-15480 (Domoticz 4.10717 has XSS via item.Name. ...)
 	TODO: check
-CVE-2019-15479
-	RESERVED
-CVE-2019-15478
-	RESERVED
+CVE-2019-15479 (Status Board 1.1.81 has reflected XSS via dashboard.ts. ...)
+	TODO: check
+CVE-2019-15478 (Status Board 1.1.81 has reflected XSS via logic.ts. ...)
+	TODO: check
 CVE-2019-15477 (Jooby before 1.6.4 has XSS via the default error handler. ...)
 	TODO: check
 CVE-2019-15476 (Former before 4.2.1 has XSS via a checkbox value. ...)
@@ -726,8 +862,8 @@ CVE-2019-15306
 	RESERVED
 CVE-2019-15305
 	RESERVED
-CVE-2019-15304
-	RESERVED
+CVE-2019-15304 (Lierda Grill Temperature Monitor V1.00_50006 has a default password of ...)
+	TODO: check
 CVE-2019-15303
 	RESERVED
 CVE-2019-15302
@@ -4085,14 +4221,14 @@ CVE-2019-14310
 	RESERVED
 CVE-2019-14309
 	RESERVED
-CVE-2019-14308
-	RESERVED
-CVE-2019-14307
-	RESERVED
+CVE-2019-14308 (Several Ricoh printers have multiple buffer overflows parsing LPD pack ...)
+	TODO: check
+CVE-2019-14307 (Several Ricoh printers have multiple buffer overflows parsing HTTP par ...)
+	TODO: check
 CVE-2019-14306
 	RESERVED
-CVE-2019-14305
-	RESERVED
+CVE-2019-14305 (Several Ricoh printers have multiple buffer overflows parsing HTTP par ...)
+	TODO: check
 CVE-2019-14304
 	RESERVED
 CVE-2019-14303
@@ -4101,8 +4237,8 @@ CVE-2019-14302
 	RESERVED
 CVE-2019-14301
 	RESERVED
-CVE-2019-14300
-	RESERVED
+CVE-2019-14300 (Several Ricoh printers have multiple buffer overflows parsing HTTP coo ...)
+	TODO: check
 CVE-2019-14299
 	RESERVED
 CVE-2019-14298 (Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(con ...)
@@ -7039,18 +7175,21 @@ CVE-2019-13487
 	RESERVED
 CVE-2019-13486
 	RESERVED
+	{DLA-1898-1}
 	- xymon 4.3.29-1
 	[buster] - xymon <no-dsa> (Minor issue)
 	[stretch] - xymon <no-dsa> (Minor issue)
 	NOTE: https://lists.xymon.com/archive/2019-July/046570.html
 CVE-2019-13485
 	RESERVED
+	{DLA-1898-1}
 	- xymon 4.3.29-1
 	[buster] - xymon <no-dsa> (Minor issue)
 	[stretch] - xymon <no-dsa> (Minor issue)
 	NOTE: https://lists.xymon.com/archive/2019-July/046570.html
 CVE-2019-13484
 	RESERVED
+	{DLA-1898-1}
 	- xymon 4.3.29-1
 	[buster] - xymon <no-dsa> (Minor issue)
 	[stretch] - xymon <no-dsa> (Minor issue)
@@ -7130,6 +7269,7 @@ CVE-2019-13456
 	TODO: double check assessment and classification
 CVE-2019-13455
 	RESERVED
+	{DLA-1898-1}
 	- xymon 4.3.29-1
 	[buster] - xymon <no-dsa> (Minor issue)
 	[stretch] - xymon <no-dsa> (Minor issue)
@@ -7148,12 +7288,14 @@ CVE-2019-13453 (Zipios before 0.1.7 does not properly handle certain malformed z
 	NOTE: Patch: https://sourceforge.net/p/zipios/code-git/ci/96e26640573410709bb863b8916a8216f4c6a546/tree/infinite_loop.patch
 CVE-2019-13452
 	RESERVED
+	{DLA-1898-1}
 	- xymon 4.3.29-1
 	[buster] - xymon <no-dsa> (Minor issue)
 	[stretch] - xymon <no-dsa> (Minor issue)
 	NOTE: https://lists.xymon.com/archive/2019-July/046570.html
 CVE-2019-13451
 	RESERVED
+	{DLA-1898-1}
 	- xymon 4.3.29-1
 	[buster] - xymon <no-dsa> (Minor issue)
 	[stretch] - xymon <no-dsa> (Minor issue)
@@ -7602,12 +7744,14 @@ CVE-2019-13275 (An issue was discovered in the VeronaLabs wp-statistics plugin b
 	NOT-FOR-US: VeronaLabs wp-statistics plugin for WordPress
 CVE-2019-13274
 	RESERVED
+	{DLA-1898-1}
 	- xymon 4.3.29-1
 	[buster] - xymon <no-dsa> (Minor issue)
 	[stretch] - xymon <no-dsa> (Minor issue)
 	NOTE: https://lists.xymon.com/archive/2019-July/046570.html
 CVE-2019-13273
 	RESERVED
+	{DLA-1898-1}
 	- xymon 4.3.29-1
 	[buster] - xymon <no-dsa> (Minor issue)
 	[stretch] - xymon <no-dsa> (Minor issue)
@@ -8316,8 +8460,8 @@ CVE-2019-13022
 	RESERVED
 CVE-2019-13021
 	RESERVED
-CVE-2019-13020
-	RESERVED
+CVE-2019-13020 (The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI ...)
+	TODO: check
 CVE-2019-13019
 	RESERVED
 CVE-2019-13018
@@ -9552,8 +9696,8 @@ CVE-2019-12534
 	RESERVED
 CVE-2019-12533
 	RESERVED
-CVE-2019-12532
-	RESERVED
+CVE-2019-12532 (Improper access control in the Insyde software tools may allow an auth ...)
+	TODO: check
 CVE-2019-12531
 	RESERVED
 CVE-2019-12530 (Incorrect access control was discovered in the stdonato Dashboard plug ...)
@@ -16037,6 +16181,7 @@ CVE-2019-10099 (Prior to Spark 2.3.3, in certain situations Spark would write us
 	NOT-FOR-US: Apache Spark
 CVE-2019-10098 [mod_rewrite configurations vulnerable to open redirect]
 	RESERVED
+	{DSA-4509-1}
 	- apache2 2.4.41-1
 	NOTE: Affects upstream versions 2.4.0 to 2.4.39
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10098
@@ -16065,6 +16210,7 @@ CVE-2019-10093 (In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006m
 	NOTE: https://github.com/apache/tika/commit/81c21ab0aac6b3e4102a1a8906c8c7eab6f96dae
 CVE-2019-10092 [Limited cross-site scripting in mod_proxy]
 	RESERVED
+	{DSA-4509-1}
 	- apache2 2.4.41-1
 	NOTE: Affects upstream versions 2.4.0 to 2.4.39
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10092
@@ -16096,10 +16242,12 @@ CVE-2019-10083
 	RESERVED
 CVE-2019-10082 [mod_http2, read-after-free in h2 connection shutdown]
 	RESERVED
+	{DSA-4509-1}
 	- apache2 2.4.41-1
 	NOTE: Affects upstream versions 2.4.18 to 2.4.39
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10082
 CVE-2019-10081 (HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configur ...)
+	{DSA-4509-1}
 	- apache2 2.4.41-1
 	NOTE: Affects upstream versions 2.4.20 to 2.4.39
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10081
@@ -18578,6 +18726,7 @@ CVE-2019-9518 (Some HTTP/2 implementations are vulnerable to a flood of empty fr
 	NOTE: https://github.com/apache/trafficserver/pull/5850
 	NOTE: https://github.com/apache/trafficserver/blob/8.0.x/CHANGELOG-8.0.5
 CVE-2019-9517 (Some HTTP/2 implementations are vulnerable to unconstrained interal da ...)
+	{DSA-4509-1}
 	- apache2 2.4.41-1
 	NOTE: Affects upstream versions 2.4.20 to 2.4.39
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-9517
@@ -22386,74 +22535,74 @@ CVE-2019-8003 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2
 	NOT-FOR-US: Adobe
 CVE-2019-8002 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
 	NOT-FOR-US: Adobe
-CVE-2019-8001
-	RESERVED
-CVE-2019-8000
-	RESERVED
-CVE-2019-7999
-	RESERVED
-CVE-2019-7998
-	RESERVED
-CVE-2019-7997
-	RESERVED
-CVE-2019-7996
-	RESERVED
-CVE-2019-7995
-	RESERVED
-CVE-2019-7994
-	RESERVED
-CVE-2019-7993
-	RESERVED
-CVE-2019-7992
-	RESERVED
-CVE-2019-7991
-	RESERVED
-CVE-2019-7990
-	RESERVED
-CVE-2019-7989
-	RESERVED
-CVE-2019-7988
-	RESERVED
-CVE-2019-7987
-	RESERVED
-CVE-2019-7986
-	RESERVED
-CVE-2019-7985
-	RESERVED
-CVE-2019-7984
-	RESERVED
-CVE-2019-7983
-	RESERVED
-CVE-2019-7982
-	RESERVED
-CVE-2019-7981
-	RESERVED
-CVE-2019-7980
-	RESERVED
-CVE-2019-7979
-	RESERVED
-CVE-2019-7978
-	RESERVED
-CVE-2019-7977
-	RESERVED
-CVE-2019-7976
-	RESERVED
-CVE-2019-7975
-	RESERVED
-CVE-2019-7974
-	RESERVED
-CVE-2019-7973
-	RESERVED
-CVE-2019-7972
-	RESERVED
-CVE-2019-7971
-	RESERVED
-CVE-2019-7970
-	RESERVED
-CVE-2019-7969
-	RESERVED
-CVE-2019-7968
-	RESERVED
+CVE-2019-8001 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-8000 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7999 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7998 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7997 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7996 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7995 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7994 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7993 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7992 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7991 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7990 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7989 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7988 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7987 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7986 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7985 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7984 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7983 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7982 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7981 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7980 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7979 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7978 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7977 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7976 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7975 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7974 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7973 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7972 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7971 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7970 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7969 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
+CVE-2019-7968 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
+	TODO: check
 CVE-2019-7967
 	RESERVED
 CVE-2019-7966
@@ -30956,8 +31105,8 @@ CVE-2019-4515
 	RESERVED
 CVE-2019-4514
 	RESERVED
-CVE-2019-4513
-	RESERVED
+CVE-2019-4513 (IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vul ...)
+	TODO: check
 CVE-2019-4512
 	RESERVED
 CVE-2019-4511
@@ -31086,10 +31235,10 @@ CVE-2019-4450
 	RESERVED
 CVE-2019-4449
 	RESERVED
-CVE-2019-4448
-	RESERVED
-CVE-2019-4447
-	RESERVED
+CVE-2019-4448 (IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1 ...)
+	TODO: check
+CVE-2019-4447 (IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1 ...)
+	TODO: check
 CVE-2019-4446
 	RESERVED
 CVE-2019-4445
@@ -31644,8 +31793,8 @@ CVE-2019-4171
 	RESERVED
 CVE-2019-4170
 	RESERVED
-CVE-2019-4169
-	RESERVED
+CVE-2019-4169 (IBM Open Power Firmware OP910 and OP920 could allow access to BMC via  ...)
+	TODO: check
 CVE-2019-4168
 	RESERVED
 CVE-2019-4167 (IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which c ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aa0ff25106ec925297076823c106e1878c6d5133

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aa0ff25106ec925297076823c106e1878c6d5133
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190826/e1eba944/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list