[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Dec 16 08:10:27 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5654dc8b by security tracker role at 2019-12-16T08:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,26 @@
-CVE-2019-19807 [ALSA: timer: Fix incorrectly assigned timer instance]
+CVE-2019-19808
+	RESERVED
+CVE-2019-19806
+	RESERVED
+CVE-2019-19805
+	RESERVED
+CVE-2019-19804
+	RESERVED
+CVE-2019-19803
+	RESERVED
+CVE-2019-19802
+	RESERVED
+CVE-2019-19801
+	RESERVED
+CVE-2019-19800
+	RESERVED
+CVE-2019-19799
+	RESERVED
+CVE-2019-19798
+	RESERVED
+CVE-2019-19797 (read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds wr ...)
+	TODO: check
+CVE-2019-19807 (In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after- ...)
 	- linux 5.3.15-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later and not present in released Debian version)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later and not present in released Debian version)
@@ -206103,6 +206125,7 @@ CVE-2015-6665 (Cross-site scripting (XSS) vulnerability in the Ajax handler in D
 	NOTE: https://www.drupal.org/SA-CORE-2015-003
 	NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
 CVE-2015-6673 (Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32. ...)
+	{DLA-2035-1}
 	- libpgf 6.14.12-3.2 (bug #798032)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/14
 	NOTE: Details on the CVE assignment: http://www.openwall.com/lists/oss-security/2015/08/25/9
@@ -228303,8 +228326,7 @@ CVE-2014-8709 (The ieee80211_fragment function in net/mac80211/tx.c in the Linux
 	- linux-2.6 <removed>
 	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=338f977f4eb441e69bb9a46eaa0ac715c931a67f (v3.14-rc3)
 	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2de8e0d999b8790861cd3749bec2236ccc1c8110 (v2.6.30-rc1)
-CVE-2014-8650 [does not handle mutual authentication]
-	RESERVED
+CVE-2014-8650 (python-requests-Kerberos through 0.5 does not handle mutual authentica ...)
 	- python-requests-kerberos 0.5-2 (bug #768408)
 	NOTE: https://github.com/requests/requests-kerberos/pull/36
 	NOTE: request adding https://github.com/mkomitee/requests-kerberos/commit/9c1e08cc17bb6950455a85d33d391ecd2bce6eb6
@@ -228657,8 +228679,7 @@ CVE-2014-8354 (The HorizontalFilter function in resize.c in ImageMagick before 6
 	- imagemagick 8:6.8.9.9-1
 	[squeeze] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://int21.de/cve/CVE-2014-8354-oob-heap-overflow.html
-CVE-2014-8561 [Remotely DOS: convert +profile regression enters infinite loop exhausting memory]
-	RESERVED
+CVE-2014-8561 (imagemagick 6.8.9.6 has remote DOS via infinite loop ...)
 	- imagemagick 8:6.8.9.9-1 (bug #764872)
 	[wheezy] - imagemagick <not-affected> (Vulnerable code introduced later; regression)
 	[squeeze] - imagemagick <not-affected> (Vulnerable code introduced later; regression)
@@ -237879,8 +237900,7 @@ CVE-2014-4914 (The Zend_Db_Select::order function in Zend Framework before 1.12.
 	- zendframework 1.12.7-0.1 (bug #754201)
 	NOTE: http://framework.zend.com/security/advisory/ZF2014-04
 	NOTE: https://github.com/zendframework/zf1/commit/da09186c60b9168520e994af4253fba9c19c2b3d
-CVE-2014-4913 [ZF2014-03: Potential XSS vector in multiple view helpers]
-	RESERVED
+CVE-2014-4913 (ZF2014-03 has a potential cross site scripting vector in multiple view ...)
 	- zendframework <not-affected> (Vulnerable code not present, only affects ZF2)
 	NOTE: http://framework.zend.com/security/advisory/ZF2014-03
 CVE-2014-4911 (The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1 ...)
@@ -240355,13 +240375,11 @@ CVE-2014-3703 (OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolit
 	NOT-FOR-US: Red Hat Openstack 4 Neutron
 CVE-2014-3702 (Directory traversal vulnerability in eNovance eDeploy allows remote at ...)
 	- edeploy <itp> (bug #717664)
-CVE-2014-3701
-	RESERVED
+CVE-2014-3701 (eDeploy has tmp file race condition flaws ...)
 	- edeploy <itp> (bug #717664)
 CVE-2014-3700 (eDeploy through at least 2014-10-14 has remote code execution due to e ...)
 	- edeploy <itp> (bug #717664)
-CVE-2014-3699
-	RESERVED
+CVE-2014-3699 (eDeploy has RCE via cPickle deserialization of untrusted data ...)
 	- edeploy <itp> (bug #717664)
 CVE-2014-3698 (The jabber_idn_validate function in jutil.c in the Jabber protocol plu ...)
 	{DSA-3055-1}
@@ -240524,8 +240542,7 @@ CVE-2014-3653 (Cross-site scripting (XSS) vulnerability in the template preview
 	- foreman <itp> (bug #663101)
 	NOTE: http://projects.theforeman.org/issues/7483
 	NOTE: https://github.com/sodabrew/foreman/issues/1
-CVE-2014-3652
-	RESERVED
+CVE-2014-3652 (JBoss KeyCloak: Open redirect vulnerability via failure to validate th ...)
 	NOT-FOR-US: JBoss KeyCloak
 CVE-2014-3651 (JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a d ...)
 	NOT-FOR-US: JBoss KeyCloak
@@ -240556,8 +240573,7 @@ CVE-2014-3645 (arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel befor
 	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bfd0a56b90005f8c8a004baf407ad90045c2b11e (v3.12-rc1)
 CVE-2014-3644
 	RESERVED
-CVE-2014-3643
-	RESERVED
+CVE-2014-3643 (jersey: XXE via parameter entities not disabled by the jersey SAX pars ...)
 	NOT-FOR-US: Jersey SAX parser
 CVE-2014-3642 (vmdb/app/controllers/application_controller/performance.rb in Red Hat  ...)
 	NOT-FOR-US: Red Hat CloudForms Management Engine
@@ -241046,8 +241062,7 @@ CVE-2014-3537 (The web interface in CUPS before 1.7.4 allows local users in the
 	- cups 1.7.4-1
 	[squeeze] - cups 1.4.4-7+squeeze6
 	NOTE: https://www.cups.org/str.php?L4450
-CVE-2014-3536
-	RESERVED
+CVE-2014-3536 (CFME (CloudForms Management Engine) 5: RHN account information is logg ...)
 	NOT-FOR-US: Red Hat CloudForms
 CVE-2014-3535 (include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectl ...)
 	- linux <not-affected> (RHEL-specific, incomplete backport)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5654dc8b6293a7bce5fa6c366082ff8d9221a751

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5654dc8b6293a7bce5fa6c366082ff8d9221a751
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191216/40a7051d/attachment.html>

More information about the debian-security-tracker-commits mailing list