[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
816455cc by security tracker role at 2019-12-21T08:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-19919 (Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Poll ...)
+	TODO: check
+CVE-2019-19918 (Lout 3.40 has a heap-based buffer overflow in the srcnext() function i ...)
+	TODO: check
+CVE-2019-19917 (Lout 3.40 has a buffer overflow in the StringQuotedWord() function in  ...)
+	TODO: check
 CVE-2020-3939
 	RESERVED
 CVE-2020-3938
@@ -92,11 +98,11 @@ CVE-2019-19892
 CVE-2019-19891
 	RESERVED
 CVE-2019-19906 (cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading  ...)
-	{DLA-2044-1}
+	{DSA-4591-1 DLA-2044-1}
 	- cyrus-sasl2 <unfixed> (bug #947043)
 	NOTE: https://github.com/cyrusimap/cyrus-sasl/issues/587
 	NOTE: https://www.openldap.org/its/index.cgi/Incoming?id=9123
-CVE-2019-16787
+CVE-2019-16787 (In NatHack between 3.6.0 and 3.6.3, a buffer overflow issue exists whe ...)
 	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-3cm7-rgh5-9pq5
 	NOTE: Duplicate of CVE-2019-19905
 	TODO: wait for MITRE CNA on feedback
@@ -6233,8 +6239,8 @@ CVE-2019-19233
 	RESERVED
 CVE-2019-19232 (In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer  ...)
 	TODO: check
-CVE-2019-19231
-	RESERVED
+CVE-2019-19231 (An insecure file access vulnerability exists in CA Client Automation 1 ...)
+	TODO: check
 CVE-2019-19230 (An unsafe deserialization vulnerability exists in CA Release Automatio ...)
 	NOT-FOR-US: CA Release Automation (Nolio)
 CVE-2019-19229 (admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.1 ...)
@@ -9909,7 +9915,7 @@ CVE-2019-18627
 	RESERVED
 CVE-2019-18626
 	RESERVED
-CVE-2018-21029 (systemd 239 through 244 accepts any certificate signed by a trusted ce ...)
+CVE-2018-21029 (** DISPUTED ** systemd 239 through 244 accepts any certificate signed  ...)
 	- systemd <unfixed>
 	[buster] - systemd <no-dsa> (Minor issue; systemd-resolved not enabled by default)
 	[stretch] - systemd <not-affected> (Vulnerable code introduced later)
@@ -15631,10 +15637,10 @@ CVE-2019-16789
 	RESERVED
 CVE-2019-16788
 	RESERVED
-CVE-2019-16786
-	RESERVED
-CVE-2019-16785
-	RESERVED
+CVE-2019-16786 (Waitress through version 1.3.1 would parse the Transfer-Encoding heade ...)
+	TODO: check
+CVE-2019-16785 (Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 ...)
+	TODO: check
 CVE-2019-16784
 	RESERVED
 CVE-2019-16783
@@ -19027,8 +19033,8 @@ CVE-2019-15586
 	RESERVED
 CVE-2019-15585
 	RESERVED
-CVE-2019-15584
-	RESERVED
+CVE-2019-15584 (A denial of service exists in gitlab <v12.3.2, <v12.2.6, and &lt ...)
+	TODO: check
 CVE-2019-15583
 	RESERVED
 CVE-2019-15582



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/816455cc08cf4793add1148bed46308689df1bf8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/816455cc08cf4793add1148bed46308689df1bf8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191221/20863e57/attachment-0001.html>