[Git][security-tracker-team/security-tracker][master] automatic update

Sun Dec 8 08:10:36 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f5a785ed by security tracker role at 2019-12-08T08:10:25Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2019-19642 (On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02 ...)
+	TODO: check
+CVE-2019-19641
+	RESERVED
+CVE-2019-19640
+	RESERVED
+CVE-2019-19639
+	RESERVED
+CVE-2019-19638 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...)
+	TODO: check
+CVE-2019-19637 (An issue was discovered in libsixel 1.8.2. There is an integer overflo ...)
+	TODO: check
+CVE-2019-19636 (An issue was discovered in libsixel 1.8.2. There is an integer overflo ...)
+	TODO: check
+CVE-2019-19635 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...)
+	TODO: check
+CVE-2019-19634
+	RESERVED
+CVE-2019-19633
+	RESERVED
+CVE-2019-19632
+	RESERVED
+CVE-2019-19631
+	RESERVED
+CVE-2019-19630 (HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() ...)
+	TODO: check
 CVE-2019-19629
 	RESERVED
 CVE-2019-19628
@@ -26,6 +52,7 @@ CVE-2019-19619 (domain/section/markdown/markdown.go in Documize before 3.5.1 mis
 CVE-2019-19618
 	RESERVED
 CVE-2019-19617 (phpMyAdmin before 4.9.2 does not escape certain Git information, relat ...)
+	{DLA-2024-1}
 	- phpmyadmin 4:4.9.2+dfsg1-1
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9
 CVE-2019-19616 (An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia ...)
@@ -1845,16 +1872,13 @@ CVE-2019-19451 (When GNOME Dia before 2019-11-27 is launched with a filename arg
 	NOTE: Negligible security impact, hang in end user tool
 CVE-2019-19450
 	RESERVED
-CVE-2019-19449
-	RESERVED
+CVE-2019-19449 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...)
 	- linux <unfixed>
 	NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19449
-CVE-2019-19448
-	RESERVED
+CVE-2019-19448 (In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesy ...)
 	- linux <unfixed>
 	NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448
-CVE-2019-19447
-	RESERVED
+CVE-2019-19447 (In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image,  ...)
 	- linux <unfixed>
 	NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447
 CVE-2019-19446
@@ -45440,6 +45464,7 @@ CVE-2019-5546
 CVE-2019-5545
 	RESERVED
 CVE-2019-5544 (OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap ove ...)
+	{DLA-2025-1}
 	- openslp-dfsg <removed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/12/06/1
 CVE-2019-5543
@@ -104977,7 +105002,7 @@ CVE-2017-17835 (In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowe
 CVE-2017-17834
 	REJECTED
 CVE-2017-17833 (OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-relat ...)
-	{DLA-1364-1}
+	{DLA-2025-1 DLA-1364-1}
 	- openslp-dfsg <removed> (low)
 	NOTE: https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/
 CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a cross-sit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5a785ed013d485e6551e85da704e5dc76fc6998

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5a785ed013d485e6551e85da704e5dc76fc6998
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191208/42353c37/attachment.html>
