[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Dec 14 08:10:29 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c6fecacf by security tracker role at 2019-12-14T08:10:16Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-19796 (Yabasic 2.86.2 has a heap-based buffer overflow in myformat in functio ...)
+ TODO: check
+CVE-2019-19795 (samurai 0.7 has a heap-based buffer overflow in canonpath in util.c vi ...)
+ TODO: check
+CVE-2019-19794 (The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6. ...)
+ TODO: check
CVE-2019-19793 (In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Wind ...)
NOT-FOR-US: Cyxtera AppGate SDP Client
CVE-2019-19792
@@ -2709,7 +2715,7 @@ CVE-2019-19604 (Arbitrary command execution is possible in Git before 2.20.2, 2.
NOTE: by the bug.
NOTE: https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md
NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
-CVE-2019-19603 (SQLite 3.30.1, during handling of CREATE TABLE and CREATE VIEW stateme ...)
+CVE-2019-19603 (SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent ...)
- sqlite3 <unfixed>
NOTE: https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13
CVE-2019-19601 (OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of ...)
@@ -9791,19 +9797,19 @@ CVE-2019-18348 (An issue was discovered in urllib2 in Python 2.x through 2.7.17
NOTE: not the case in all suites, but the issue is minor in general and would
NOTE: tend to a no-dsa/ignored tag in those suites.
CVE-2019-18347 (A stored XSS issue was discovered in DAViCal through 1.1.8. It does no ...)
- {DSA-4582-1}
+ {DSA-4582-1 DLA-2034-1}
- davical 1.1.9.2-1 (bug #946343)
NOTE: https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability/
NOTE: https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b
NOTE: https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19
CVE-2019-18346 (A CSRF issue was discovered in DAViCal through 1.1.8. If an authentica ...)
- {DSA-4582-1}
+ {DSA-4582-1 DLA-2034-1}
- davical 1.1.9.2-1 (bug #946343)
NOTE: https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability/
NOTE: https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b
NOTE: https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19
CVE-2019-18345 (A reflected XSS issue was discovered in DAViCal through 1.1.8. It echo ...)
- {DSA-4582-1}
+ {DSA-4582-1 DLA-2034-1}
- davical 1.1.9.2-1 (bug #946343)
NOTE: https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability/
NOTE: https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b
@@ -13185,8 +13191,8 @@ CVE-2019-17366 (Citrix Application Delivery Management (ADM) 12.1 before build 5
NOT-FOR-US: Citrix
CVE-2019-17365 (Nix through 2.3 allows local users to gain access to an arbitrary user ...)
NOT-FOR-US: Nix
-CVE-2019-17364
- RESERVED
+CVE-2019-17364 (The processCommandUploadLog() function of libcommon.so in Petwant PF-1 ...)
+ TODO: check
CVE-2019-17363
RESERVED
CVE-2019-17362 (In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in ...)
@@ -14758,22 +14764,22 @@ CVE-2019-16738 (In MediaWiki through 1.33.0, Special:Redirect allows information
{DSA-4545-1}
- mediawiki 1:1.31.4-1
NOTE: https://phabricator.wikimedia.org/T230402
-CVE-2019-16737
- RESERVED
-CVE-2019-16736
- RESERVED
-CVE-2019-16735
- RESERVED
-CVE-2019-16734
- RESERVED
-CVE-2019-16733
- RESERVED
-CVE-2019-16732
- RESERVED
-CVE-2019-16731
- RESERVED
-CVE-2019-16730
- RESERVED
+CVE-2019-16737 (The processCommandSetMac() function of libcommon.so in Petwant PF-103 ...)
+ TODO: check
+CVE-2019-16736 (A stack-based buffer overflow in processCommandUploadSnapshot in libco ...)
+ TODO: check
+CVE-2019-16735 (A stack-based buffer overflow in processCommandUploadLog in libcommon. ...)
+ TODO: check
+CVE-2019-16734 (Use of default credentials for the TELNET server in Petwant PF-103 fir ...)
+ TODO: check
+CVE-2019-16733 (processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22 ...)
+ TODO: check
+CVE-2019-16732 (Unencrypted HTTP communications for firmware upgrades in Petalk AI and ...)
+ TODO: check
+CVE-2019-16731 (The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Peta ...)
+ TODO: check
+CVE-2019-16730 (processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.2 ...)
+ TODO: check
CVE-2019-16728 (DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (m ...)
- dompurify.js <removed>
[stretch] - dompurify.js <ignored> (Minor issue)
@@ -29488,6 +29494,7 @@ CVE-2019-12097 (Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of Enab
CVE-2019-12096
RESERVED
CVE-2019-12095 (Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 ...)
+ {DLA-2033-1}
- php-horde-trean <unfixed>
[buster] - php-horde-trean <no-dsa> (Minor issue)
[stretch] - php-horde-trean <no-dsa> (Minor issue)
@@ -48799,10 +48806,10 @@ CVE-2019-5280 (The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C1
NOT-FOR-US: Huawei
CVE-2019-5279 (Huawei smart phones Emily-L29C with Versions earlier than 9.1.0.311(C1 ...)
NOT-FOR-US: Huawei
-CVE-2019-5278
- RESERVED
-CVE-2019-5277
- RESERVED
+CVE-2019-5278 (There is an out-of-bounds read vulnerability in the Advanced Packages ...)
+ TODO: check
+CVE-2019-5277 (Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak v ...)
+ TODO: check
CVE-2019-5276
RESERVED
CVE-2019-5275
@@ -48827,32 +48834,32 @@ CVE-2019-5266
RESERVED
CVE-2019-5265
RESERVED
-CVE-2019-5264
- RESERVED
+CVE-2019-5264 (There is an information disclosure vulnerability in certain Huawei sma ...)
+ TODO: check
CVE-2019-5263 (HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and ear ...)
NOT-FOR-US: Huawei
CVE-2019-5262
RESERVED
CVE-2019-5261
RESERVED
-CVE-2019-5260
- RESERVED
+CVE-2019-5260 (Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of s ...)
+ TODO: check
CVE-2019-5259
RESERVED
-CVE-2019-5258
- RESERVED
-CVE-2019-5257
- RESERVED
-CVE-2019-5256
- RESERVED
-CVE-2019-5255
- RESERVED
-CVE-2019-5254
- RESERVED
-CVE-2019-5253
- RESERVED
-CVE-2019-5252
- RESERVED
+CVE-2019-5258 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...)
+ TODO: check
+CVE-2019-5257 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...)
+ TODO: check
+CVE-2019-5256 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...)
+ TODO: check
+CVE-2019-5255 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...)
+ TODO: check
+CVE-2019-5254 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...)
+ TODO: check
+CVE-2019-5253 (E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has an impro ...)
+ TODO: check
+CVE-2019-5252 (There is an improper authentication vulnerability in Huawei smartphone ...)
+ TODO: check
CVE-2019-5251 (There is a path traversal vulnerability in several Huawei smartphones. ...)
NOT-FOR-US: Huawei
CVE-2019-5250 (Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3 ...)
@@ -48885,8 +48892,8 @@ CVE-2019-5237 (Huawei PCManager with the versions before 9.0.1.66 (Oversea) and
NOT-FOR-US: Huawei
CVE-2019-5236 (Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1. ...)
NOT-FOR-US: Huawei
-CVE-2019-5235
- RESERVED
+CVE-2019-5235 (Some Huawei smart phones have a null pointer dereference vulnerability ...)
+ TODO: check
CVE-2019-5234
RESERVED
CVE-2019-5233 (Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(S ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c6fecacf0982f7aa607d69aade406bb50cd1ce80
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c6fecacf0982f7aa607d69aade406bb50cd1ce80
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191214/9a0d4d60/attachment.html>
More information about the debian-security-tracker-commits
mailing list