[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Dec 7 08:10:32 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9dddbf15 by security tracker role at 2019-12-07T08:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6363,8 +6363,8 @@ CVE-2019-18577
RESERVED
CVE-2019-18576
RESERVED
-CVE-2019-18575
- RESERVED
+CVE-2019-18575 (Dell Command Configure versions prior to 4.2.1 contain an uncontrolled ...)
+ TODO: check
CVE-2019-18574 (RSA Authentication Manager software versions prior to 8.4 P8 contain a ...)
NOT-FOR-US: RSA Authentication Manager software
CVE-2019-18573
@@ -11290,7 +11290,7 @@ CVE-2019-17008
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17008
CVE-2019-17007 [nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS]
RESERVED
- {DLA-2015-1}
+ {DSA-4579-1 DLA-2015-1}
- nss 2:3.45-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1798
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1533216
@@ -11952,8 +11952,8 @@ CVE-2019-16774
RESERVED
CVE-2019-16773
RESERVED
-CVE-2019-16772
- RESERVED
+CVE-2019-16772 (The serialize-to-js NPM package before version 3.0.1 is vulnerable to ...)
+ TODO: check
CVE-2019-16771 (Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable ...)
NOT-FOR-US: Armeria
CVE-2019-16770 (In Puma before version 4.3.2, a poorly-behaved client could use keepal ...)
@@ -27636,7 +27636,7 @@ CVE-2019-11746 (A use-after-free vulnerability can occur while manipulating vide
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11746
CVE-2019-11745 [Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate]
RESERVED
- {DLA-2008-1}
+ {DSA-4579-1 DLA-2008-1}
- nss 2:3.47.1-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1586176 (not public)
NOTE: https://hg.mozilla.org/projects/nss/rev/1e22a0c93afe9f46545560c86caedef9dab6cfda
@@ -29049,8 +29049,8 @@ CVE-2019-11295
RESERVED
CVE-2019-11294
RESERVED
-CVE-2019-11293
- RESERVED
+CVE-2019-11293 (Cloud Foundry UAA Release, versions prior to v74.10.0, when set to log ...)
+ TODO: check
CVE-2019-11292
RESERVED
CVE-2019-11291 (Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior ...)
@@ -30464,8 +30464,8 @@ CVE-2019-10771 (Characters in the GET url path are not properly escaped and can
NOT-FOR-US: IOBroker
CVE-2019-10770
RESERVED
-CVE-2019-10769
- RESERVED
+CVE-2019-10769 (safer-eval is a npm package to sandbox the he evaluation of code used ...)
+ TODO: check
CVE-2019-10768 (In AngularJS before 1.7.9 the function `merge()` could be tricked into ...)
- angular.js 1.7.9-1 (bug #945249)
[buster] - angular.js <no-dsa> (Minor issue; can be fixed via point release)
@@ -35181,7 +35181,8 @@ CVE-2019-9468
RESERVED
CVE-2019-9467 (In the Bootloader, there is a possible kernel command injection due to ...)
NOT-FOR-US: LG components for Android
-CVE-2019-9466 (In the Broadcom Wi-Fi driver, there is a possible out of bounds write ...)
+CVE-2019-9466
+ REJECTED
- linux 4.19.37-4
[stretch] - linux 4.9.168-1+deb9u3
[jessie] - linux 3.16.68-1
@@ -35189,8 +35190,8 @@ CVE-2019-9466 (In the Broadcom Wi-Fi driver, there is a possible out of bounds w
NOTE: Duplicate of CVE-2019-9503.
CVE-2019-9465
RESERVED
-CVE-2019-9464
- RESERVED
+CVE-2019-9464 (In various functions of RecentLocationApps.java, DevicePolicyManagerSe ...)
+ TODO: check
CVE-2019-9463 (In Platform, there is a possible bypass of user interaction requiremen ...)
NOT-FOR-US: Android
CVE-2019-9462 (In Bluetooth, there is a possible out of bounds read due to an incorre ...)
@@ -54899,38 +54900,38 @@ CVE-2019-2234
RESERVED
CVE-2019-2233 (In getUserCount and getCount of UserSwitcherController.java, there is ...)
NOT-FOR-US: Android
-CVE-2019-2232
- RESERVED
-CVE-2019-2231
- RESERVED
-CVE-2019-2230
- RESERVED
-CVE-2019-2229
- RESERVED
-CVE-2019-2228
- RESERVED
-CVE-2019-2227
- RESERVED
-CVE-2019-2226
- RESERVED
-CVE-2019-2225
- RESERVED
-CVE-2019-2224
- RESERVED
-CVE-2019-2223
- RESERVED
-CVE-2019-2222
- RESERVED
-CVE-2019-2221
- RESERVED
-CVE-2019-2220
- RESERVED
-CVE-2019-2219
- RESERVED
-CVE-2019-2218
- RESERVED
-CVE-2019-2217
- RESERVED
+CVE-2019-2232 (In handleRun of TextLine.java, there is a possible application crash d ...)
+ TODO: check
+CVE-2019-2231 (In Blob::Blob of blob.cpp, there is a possible unencrypted master key ...)
+ TODO: check
+CVE-2019-2230 (In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.c ...)
+ TODO: check
+CVE-2019-2229 (In updateWidget of BaseWidgetProvider.java, there is a possible leak o ...)
+ TODO: check
+CVE-2019-2228 (In array_find of array.c, there is a possible out-of-bounds read due t ...)
+ TODO: check
+CVE-2019-2227 (In DeepCopy of btif_av.cc, there is a possible out of bounds read due ...)
+ TODO: check
+CVE-2019-2226 (In device_class_to_int of device_class.cc, there is a possible out of ...)
+ TODO: check
+CVE-2019-2225 (When pairing with a Bluetooth device, it may be possible to pair a mal ...)
+ TODO: check
+CVE-2019-2224 (In ReadMATImage of mat.c, there is a possible out of bounds write due ...)
+ TODO: check
+CVE-2019-2223 (In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bo ...)
+ TODO: check
+CVE-2019-2222 (n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible ...)
+ TODO: check
+CVE-2019-2221 (In hasActivityInVisibleTask of WindowProcessController.java there̵ ...)
+ TODO: check
+CVE-2019-2220 (In checkOperation of AppOpsService.java, there is a possible bypass of ...)
+ TODO: check
+CVE-2019-2219 (In System UI, there is a possible bypass of user's consent for access ...)
+ TODO: check
+CVE-2019-2218 (In createSessionInternal of PackageInstallerService.java, there is a p ...)
+ TODO: check
+CVE-2019-2217 (In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corrupt ...)
+ TODO: check
CVE-2019-2216
RESERVED
CVE-2019-2215 (A use-after-free in binder.c allows an elevation of privilege from an ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9dddbf15fc015ffa628da7b52db1b0129edc09ce
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9dddbf15fc015ffa628da7b52db1b0129edc09ce
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191207/040c0780/attachment.html>
More information about the debian-security-tracker-commits
mailing list