[Git][security-tracker-team/security-tracker][master] automatic update

Sat Dec 21 20:10:34 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2fcf6596 by security tracker role at 2019-12-21T20:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5208,6 +5208,7 @@ CVE-2019-19480 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x thro
 	NOTE: fixes are not related "directly" to the CVE assignment for the incorrect
 	NOTE: free operation in sc_pkcs15_decode_prkdf_entry.
 CVE-2019-19479 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0. ...)
+	{DLA-2046-1}
 	- opensc <unfixed>
 	[buster] - opensc <no-dsa> (Minor issue)
 	[stretch] - opensc <no-dsa> (Minor issue)
@@ -18757,7 +18758,7 @@ CVE-2019-15682 (RDesktop version 1.8.4 contains multiple out-of-bound access rea
 	- rdesktop 1.8.6-1
 	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/10/30/klcert-19-032-denial-of-service-in-rdesktop-before-1-8-4/
 CVE-2019-15681 (LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains ...)
-	{DLA-2014-1 DLA-1979-1 DLA-1977-1}
+	{DLA-2045-1 DLA-2014-1 DLA-1979-1 DLA-1977-1}
 	[experimental] - libvncserver 0.9.12+dfsg-1
 	- libvncserver 0.9.12+dfsg-3 (low; bug #943793)
 	[buster] - libvncserver <no-dsa> (Minor issue)
@@ -18772,17 +18773,20 @@ CVE-2019-15681 (LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a co
 	[stretch] - vino <no-dsa> (Minor issue)
 	NOTE: https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a
 CVE-2019-15680 (TightVNC code version 1.3.10 contains null pointer dereference in Hand ...)
+	{DLA-2045-1}
 	- tightvnc <unfixed> (unimportant; bug #945364)
 	- italc <removed> (unimportant)
 	- libvncserver <unfixed> (unimportant)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
 	NOTE: https://github.com/sunweaver/libvncserver/commit/85d00057b5daf71675462c9b175d8cb2d47cd0e1
 CVE-2019-15679 (TightVNC code version 1.3.10 contains heap buffer overflow in Initiali ...)
+	{DLA-2045-1}
 	- tightvnc <unfixed> (bug #945364)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
 	NOTE: https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7
 	NOTE: part of CVE-2018-20748/libvncserver
 CVE-2019-15678 (TightVNC code version 1.3.10 contains heap buffer overflow in rfbServe ...)
+	{DLA-2045-1}
 	- tightvnc <unfixed> (bug #945364)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
 	NOTE: https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
@@ -42236,6 +42240,7 @@ CVE-2019-8289 (Vulnerability in Online Store v1.0, stored XSS in admin/user_view
 CVE-2019-8288 (Vulnerability in Online Store v1.0, Stored XSS in user_view.php where  ...)
 	NOT-FOR-US: Online Store System
 CVE-2019-8287 (TightVNC code version 1.3.10 contains global buffer overflow in Handle ...)
+	{DLA-2045-1}
 	- tightvnc <unfixed> (bug #945364)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
 	NOTE: same as CVE-2018-20020/libvncserver
@@ -59210,7 +59215,7 @@ CVE-2018-20023 (LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains
 	NOTE: https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
 	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/
 CVE-2018-20022 (LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multip ...)
-	{DSA-4383-1 DLA-2016-1 DLA-1979-1 DLA-1617-1}
+	{DSA-4383-1 DLA-2045-1 DLA-2016-1 DLA-1979-1 DLA-1617-1}
 	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
 	- italc <removed>
 	- ssvnc 1.0.29-5 (bug #945827)
@@ -59220,7 +59225,7 @@ CVE-2018-20022 (LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains
 	NOTE: https://github.com/LibVNC/libvncserver/commit/2f5b2ad1c6c99b1ac6482c95844a84d66bb52838
 	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/
 CVE-2018-20021 (LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains ...)
-	{DSA-4383-1 DLA-2016-1 DLA-1979-1 DLA-1617-1}
+	{DSA-4383-1 DLA-2045-1 DLA-2016-1 DLA-1979-1 DLA-1617-1}
 	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
 	- italc <removed>
 	- ssvnc 1.0.29-5 (bug #945827)
@@ -97791,7 +97796,7 @@ CVE-2018-7226 (An issue was discovered in vcSetXCutTextProc() in VNConsole.c in
 	[stretch] - vncterm <no-dsa> (Minor issue)
 	NOTE: https://github.com/LibVNC/vncterm/issues/6
 CVE-2018-7225 (An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClie ...)
-	{DSA-4221-1 DLA-2014-1 DLA-1979-1 DLA-1332-1}
+	{DSA-4221-1 DLA-2045-1 DLA-2014-1 DLA-1979-1 DLA-1332-1}
 	- libvncserver 0.9.11+dfsg-1.1 (bug #894045)
 	- italc <removed>
 	- tightvnc <unfixed>
@@ -235721,7 +235726,7 @@ CVE-2014-6054 (The rfbProcessClientNormalMessage function in libvncserver/rfbser
 	NOTE: https://github.com/newsoft/libvncserver/commit/819481c5e2003cd36d002336c248de8c75de362e (hardening)
 	NOTE: https://github.com/newsoft/libvncserver/commit/e5d9b6a07257c12bf3b6242ddea79ea1c95353a8 (hardening)
 CVE-2014-6053 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c ...)
-	{DSA-3081-1 DLA-2014-1 DLA-1979-1 DLA-197-1}
+	{DSA-3081-1 DLA-2045-1 DLA-2014-1 DLA-1979-1 DLA-197-1}
 	- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
 	- italc 1:3.0.1+dfsg1-1
 	- tightvnc <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2fcf65964d2cd417cdd6042c90f5c4d3b0c5176c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2fcf65964d2cd417cdd6042c90f5c4d3b0c5176c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191221/75cb6dbf/attachment.html>
