[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Dec 14 08:10:29 GMT 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c6fecacf by security tracker role at 2019-12-14T08:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-19796 (Yabasic 2.86.2 has a heap-based buffer overflow in myformat in functio ...)
+	TODO: check
+CVE-2019-19795 (samurai 0.7 has a heap-based buffer overflow in canonpath in util.c vi ...)
+	TODO: check
+CVE-2019-19794 (The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6. ...)
+	TODO: check
 CVE-2019-19793 (In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Wind ...)
 	NOT-FOR-US: Cyxtera AppGate SDP Client
 CVE-2019-19792
@@ -2709,7 +2715,7 @@ CVE-2019-19604 (Arbitrary command execution is possible in Git before 2.20.2, 2.
 	NOTE: by the bug.
 	NOTE: https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md
 	NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
-CVE-2019-19603 (SQLite 3.30.1, during handling of CREATE TABLE and CREATE VIEW stateme ...)
+CVE-2019-19603 (SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent  ...)
 	- sqlite3 <unfixed>
 	NOTE: https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13
 CVE-2019-19601 (OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of ...)
@@ -9791,19 +9797,19 @@ CVE-2019-18348 (An issue was discovered in urllib2 in Python 2.x through 2.7.17
 	NOTE: not the case in all suites, but the issue is minor in general and would
 	NOTE: tend to a no-dsa/ignored tag in those suites.
 CVE-2019-18347 (A stored XSS issue was discovered in DAViCal through 1.1.8. It does no ...)
-	{DSA-4582-1}
+	{DSA-4582-1 DLA-2034-1}
 	- davical 1.1.9.2-1 (bug #946343)
 	NOTE: https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability/
 	NOTE: https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b
 	NOTE: https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19
 CVE-2019-18346 (A CSRF issue was discovered in DAViCal through 1.1.8. If an authentica ...)
-	{DSA-4582-1}
+	{DSA-4582-1 DLA-2034-1}
 	- davical 1.1.9.2-1 (bug #946343)
 	NOTE: https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability/
 	NOTE: https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b
 	NOTE: https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19
 CVE-2019-18345 (A reflected XSS issue was discovered in DAViCal through 1.1.8. It echo ...)
-	{DSA-4582-1}
+	{DSA-4582-1 DLA-2034-1}
 	- davical 1.1.9.2-1 (bug #946343)
 	NOTE: https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability/
 	NOTE: https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b
@@ -13185,8 +13191,8 @@ CVE-2019-17366 (Citrix Application Delivery Management (ADM) 12.1 before build 5
 	NOT-FOR-US: Citrix
 CVE-2019-17365 (Nix through 2.3 allows local users to gain access to an arbitrary user ...)
 	NOT-FOR-US: Nix
-CVE-2019-17364
-	RESERVED
+CVE-2019-17364 (The processCommandUploadLog() function of libcommon.so in Petwant PF-1 ...)
+	TODO: check
 CVE-2019-17363
 	RESERVED
 CVE-2019-17362 (In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in ...)
@@ -14758,22 +14764,22 @@ CVE-2019-16738 (In MediaWiki through 1.33.0, Special:Redirect allows information
 	{DSA-4545-1}
 	- mediawiki 1:1.31.4-1
 	NOTE: https://phabricator.wikimedia.org/T230402
-CVE-2019-16737
-	RESERVED
-CVE-2019-16736
-	RESERVED
-CVE-2019-16735
-	RESERVED
-CVE-2019-16734
-	RESERVED
-CVE-2019-16733
-	RESERVED
-CVE-2019-16732
-	RESERVED
-CVE-2019-16731
-	RESERVED
-CVE-2019-16730
-	RESERVED
+CVE-2019-16737 (The processCommandSetMac() function of libcommon.so in Petwant PF-103  ...)
+	TODO: check
+CVE-2019-16736 (A stack-based buffer overflow in processCommandUploadSnapshot in libco ...)
+	TODO: check
+CVE-2019-16735 (A stack-based buffer overflow in processCommandUploadLog in libcommon. ...)
+	TODO: check
+CVE-2019-16734 (Use of default credentials for the TELNET server in Petwant PF-103 fir ...)
+	TODO: check
+CVE-2019-16733 (processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22 ...)
+	TODO: check
+CVE-2019-16732 (Unencrypted HTTP communications for firmware upgrades in Petalk AI and ...)
+	TODO: check
+CVE-2019-16731 (The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Peta ...)
+	TODO: check
+CVE-2019-16730 (processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.2 ...)
+	TODO: check
 CVE-2019-16728 (DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (m ...)
 	- dompurify.js <removed>
 	[stretch] - dompurify.js <ignored> (Minor issue)
@@ -29488,6 +29494,7 @@ CVE-2019-12097 (Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of Enab
 CVE-2019-12096
 	RESERVED
 CVE-2019-12095 (Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 ...)
+	{DLA-2033-1}
 	- php-horde-trean <unfixed>
 	[buster] - php-horde-trean <no-dsa> (Minor issue)
 	[stretch] - php-horde-trean <no-dsa> (Minor issue)
@@ -48799,10 +48806,10 @@ CVE-2019-5280 (The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C1
 	NOT-FOR-US: Huawei
 CVE-2019-5279 (Huawei smart phones Emily-L29C with Versions earlier than 9.1.0.311(C1 ...)
 	NOT-FOR-US: Huawei
-CVE-2019-5278
-	RESERVED
-CVE-2019-5277
-	RESERVED
+CVE-2019-5278 (There is an out-of-bounds read vulnerability in the Advanced Packages  ...)
+	TODO: check
+CVE-2019-5277 (Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak v ...)
+	TODO: check
 CVE-2019-5276
 	RESERVED
 CVE-2019-5275
@@ -48827,32 +48834,32 @@ CVE-2019-5266
 	RESERVED
 CVE-2019-5265
 	RESERVED
-CVE-2019-5264
-	RESERVED
+CVE-2019-5264 (There is an information disclosure vulnerability in certain Huawei sma ...)
+	TODO: check
 CVE-2019-5263 (HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and ear ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5262
 	RESERVED
 CVE-2019-5261
 	RESERVED
-CVE-2019-5260
-	RESERVED
+CVE-2019-5260 (Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of s ...)
+	TODO: check
 CVE-2019-5259
 	RESERVED
-CVE-2019-5258
-	RESERVED
-CVE-2019-5257
-	RESERVED
-CVE-2019-5256
-	RESERVED
-CVE-2019-5255
-	RESERVED
-CVE-2019-5254
-	RESERVED
-CVE-2019-5253
-	RESERVED
-CVE-2019-5252
-	RESERVED
+CVE-2019-5258 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...)
+	TODO: check
+CVE-2019-5257 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...)
+	TODO: check
+CVE-2019-5256 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...)
+	TODO: check
+CVE-2019-5255 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...)
+	TODO: check
+CVE-2019-5254 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...)
+	TODO: check
+CVE-2019-5253 (E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has an impro ...)
+	TODO: check
+CVE-2019-5252 (There is an improper authentication vulnerability in Huawei smartphone ...)
+	TODO: check
 CVE-2019-5251 (There is a path traversal vulnerability in several Huawei smartphones. ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5250 (Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3 ...)
@@ -48885,8 +48892,8 @@ CVE-2019-5237 (Huawei PCManager with the versions before 9.0.1.66 (Oversea) and
 	NOT-FOR-US: Huawei
 CVE-2019-5236 (Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1. ...)
 	NOT-FOR-US: Huawei
-CVE-2019-5235
-	RESERVED
+CVE-2019-5235 (Some Huawei smart phones have a null pointer dereference vulnerability ...)
+	TODO: check
 CVE-2019-5234
 	RESERVED
 CVE-2019-5233 (Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(S ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c6fecacf0982f7aa607d69aade406bb50cd1ce80

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c6fecacf0982f7aa607d69aade406bb50cd1ce80
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191214/9a0d4d60/attachment.html>


More information about the debian-security-tracker-commits mailing list