[Git][security-tracker-team/security-tracker][master] "new" chromium issue
Moritz Muehlenhoff
jmm at debian.org
Tue Dec 24 09:10:27 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b73f96fb by Moritz Muehlenhoff at 2019-12-24T09:09:44Z
"new" chromium issue
NFUs
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19117,15 +19117,15 @@ CVE-2019-15602
CVE-2019-15601
RESERVED
CVE-2019-15600 (A Path traversal exists in http_server which allows an attacker to rea ...)
- TODO: check
+ NOT-FOR-US: Node module http_server
CVE-2019-15599 (A Code Injection exists in tree-kill on Windows which allows a remote ...)
- TODO: check
+ NOT-FOR-US: Node module tree-kill
CVE-2019-15598 (A Code Injection exists in treekill on Windows which allows a remote c ...)
- TODO: check
+ NOT-FOR-US: Node module treekill
CVE-2019-15597 (A code injection exists in node-df v0.1.4 that can allow an attacker t ...)
- TODO: check
+ NOT-FOR-US: Node module node-df
CVE-2019-15596 (A path traversal in statics-server exists in all version that allows a ...)
- TODO: check
+ NOT-FOR-US: Node module statics-server
CVE-2019-15595 (A privilege escalation exists in UniFi Video Controller =<3.10.6 th ...)
NOT-FOR-US: UniFi Video Controller
CVE-2019-15594
@@ -21581,7 +21581,6 @@ CVE-2019-14855 [WoT forgeries using SHA-1]
NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c4f2d9e3e1d77d2f1f168764fcdfed32f7d1dfc4
NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=7d9aad63c4f1aefe97da61baf5acd96c12c0278e
NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=dd18be979e138dd3712315ee390463e8ee1fe8c1
- TODO: check for details, possibly more commits?
CVE-2019-14854
RESERVED
NOT-FOR-US: OpenShift
@@ -25296,7 +25295,8 @@ CVE-2019-13673 (Insufficient data validation in developer tools in Google Chrome
{DSA-4562-1}
- chromium 78.0.3904.87-1
CVE-2019-13672 (Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.7 ...)
- TODO: check
+ {DSA-4562-1}
+ - chromium 78.0.3904.87-1
CVE-2019-13671 (UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a ...)
{DSA-4562-1}
- chromium 78.0.3904.87-1
@@ -29293,9 +29293,9 @@ CVE-2019-12570 (A SQL injection vulnerability in the Xpert Solution "Server Stat
CVE-2019-12569 (A vulnerability in Viber before 10.7.0 for Desktop (Windows) could all ...)
NOT-FOR-US: Viber
CVE-2019-12568 (Stack-based overflow vulnerability in the logMess function in Open TFT ...)
- TODO: check
+ NOT-FOR-US: Open TFTP Server
CVE-2019-12567 (Stack-based overflow vulnerability in the logMess function in Open TFT ...)
- TODO: check
+ NOT-FOR-US: Open TFTP Server
CVE-2019-12566 (The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS i ...)
NOT-FOR-US: WP Statistics plugin for WordPress
CVE-2019-12565
@@ -32986,7 +32986,7 @@ CVE-2019-11296
CVE-2019-11295
RESERVED
CVE-2019-11294 (Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows spac ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2019-11293 (Cloud Foundry UAA Release, versions prior to v74.10.0, when set to log ...)
NOT-FOR-US: Cloud Foundry UAA Release
CVE-2019-11292
@@ -34407,7 +34407,7 @@ CVE-2019-10773 (In Yarn before 1.21.1, the package install functionality can be
NOTE: https://github.com/yarnpkg/yarn/commit/039bafd74b7b1a88a53a54f8fa6fa872615e90e7
NOTE: https://snyk.io/vuln/SNYK-JS-YARN-537806
CVE-2019-10772 (It is possible to bypass enshrined/svg-sanitize before 0.13.1 using th ...)
- TODO: check
+ NOT-FOR-US: svg-sanitize
CVE-2019-10771 (Characters in the GET url path are not properly escaped and can be ref ...)
NOT-FOR-US: IOBroker
CVE-2019-10770
@@ -40780,7 +40780,7 @@ CVE-2019-8851
CVE-2019-8850
RESERVED
CVE-2019-8849 (The issue was addressed by signaling that an executable stack is not r ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8848
RESERVED
CVE-2019-8847
@@ -40864,7 +40864,7 @@ CVE-2019-8819 (Multiple memory corruption issues were addressed with improved me
CVE-2019-8818
RESERVED
CVE-2019-8817 (A validation issue was addressed with improved input sanitization. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8816 (Multiple memory corruption issues were addressed with improved memory ...)
{DSA-4558-1}
- webkit2gtk 2.26.1-1
@@ -40914,7 +40914,7 @@ CVE-2019-8808 (Multiple memory corruption issues were addressed with improved me
CVE-2019-8807 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2019-8806 (A memory corruption issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8805 (A validation issue existed in the entitlement verification. This issue ...)
NOT-FOR-US: Apple
CVE-2019-8804 (An inconsistency in Wi-Fi network configuration settings was addressed ...)
@@ -40926,7 +40926,7 @@ CVE-2019-8802 (A validation issue was addressed with improved logic. This issue
CVE-2019-8801 (A dynamic library loading issue existed in iTunes setup. This was addr ...)
NOT-FOR-US: Apple
CVE-2019-8800 (A memory corruption issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8799
RESERVED
CVE-2019-8798 (A memory corruption issue was addressed with improved memory handling. ...)
@@ -40948,17 +40948,17 @@ CVE-2019-8791 (An issue existed in the parsing of URL schemes. This issue was ad
CVE-2019-8790
RESERVED
CVE-2019-8789 (A validation issue existed in the handling of symlinks. This issue was ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8788 (An issue existed in the parsing of URLs. This issue was addressed with ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8787 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8786 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8785 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8784 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8783 (Multiple memory corruption issues were addressed with improved memory ...)
{DSA-4558-1}
- webkit2gtk 2.26.1-1
@@ -40972,11 +40972,11 @@ CVE-2019-8782 (Multiple memory corruption issues were addressed with improved me
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8781 (A memory corruption issue was addressed with improved state management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8780
RESERVED
CVE-2019-8779 (A logic issue applied the incorrect restrictions. This issue was addre ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8778
RESERVED
CVE-2019-8777
@@ -40984,13 +40984,13 @@ CVE-2019-8777
CVE-2019-8776
RESERVED
CVE-2019-8775 (The issue was addressed by restricting options offered on a locked dev ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8774
RESERVED
CVE-2019-8773
RESERVED
CVE-2019-8772 (An issue existed in the handling of links in encrypted PDFs. This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8771
RESERVED
{DSA-4558-1}
@@ -40999,7 +40999,7 @@ CVE-2019-8771
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
CVE-2019-8770 (The issue was addressed with improved permissions logic. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8769 (An issue existed in the drawing of web page elements. The issue was ad ...)
{DSA-4558-1}
- webkit2gtk 2.26.0-1
@@ -41042,17 +41042,17 @@ CVE-2019-8762
CVE-2019-8761
RESERVED
CVE-2019-8760 (This issue was addressed by improving Face ID machine learning models. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8759
RESERVED
CVE-2019-8758 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8757 (A race condition existed when reading and writing user preferences. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8756
RESERVED
CVE-2019-8755 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8754
RESERVED
CVE-2019-8753
@@ -41062,17 +41062,17 @@ CVE-2019-8752
CVE-2019-8751
RESERVED
CVE-2019-8750 (Multiple memory corruption issues were addressed with improved input v ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8749
RESERVED
CVE-2019-8748 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8747 (A memory corruption vulnerability was addressed with improved locking. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8746
RESERVED
CVE-2019-8745 (A buffer overflow was addressed with improved bounds checking. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8744
RESERVED
CVE-2019-8743 (Multiple memory corruption issues were addressed with improved memory ...)
@@ -41082,15 +41082,15 @@ CVE-2019-8743 (Multiple memory corruption issues were addressed with improved me
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8742 (The issue was addressed by restricting options offered on a locked dev ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8741
RESERVED
CVE-2019-8740
RESERVED
CVE-2019-8739 (A memory corruption issue was addressed with improved state management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8738 (A memory corruption issue was addressed with improved state management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8737
RESERVED
CVE-2019-8736
@@ -41111,30 +41111,30 @@ CVE-2019-8733 (Multiple memory corruption issues were addressed with improved me
CVE-2019-8732
RESERVED
CVE-2019-8731 (A permissions issue existed in which execute permission was incorrectl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8730 (The contents of locked notes sometimes appeared in search results. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8729
RESERVED
CVE-2019-8728
RESERVED
CVE-2019-8727 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8726 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.24.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
CVE-2019-8725 (The issue was addressed with improved handling of service worker lifet ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8724 (Multiple issues in ld64 in the Xcode toolchains were addressed by upda ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8723 (Multiple issues in ld64 in the Xcode toolchains were addressed by upda ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8722 (Multiple issues in ld64 in the Xcode toolchains were addressed by upda ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8721 (Multiple issues in ld64 in the Xcode toolchains were addressed by upda ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8720
RESERVED
{DSA-4558-1}
@@ -41151,7 +41151,7 @@ CVE-2019-8719 (A logic issue was addressed with improved state management. This
CVE-2019-8718
RESERVED
CVE-2019-8717 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8716
RESERVED
CVE-2019-8715
@@ -41163,7 +41163,7 @@ CVE-2019-8713
CVE-2019-8712
RESERVED
CVE-2019-8711 (A logic issue existed with the display of notification previews. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8710 (Multiple memory corruption issues were addressed with improved memory ...)
{DSA-4558-1}
- webkit2gtk 2.26.0-1
@@ -41183,23 +41183,23 @@ CVE-2019-8707 (Multiple memory corruption issues were addressed with improved me
CVE-2019-8706
RESERVED
CVE-2019-8705 (A memory corruption issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8704 (An authentication issue was addressed with improved state management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8703
RESERVED
CVE-2019-8702
RESERVED
CVE-2019-8701 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8700
RESERVED
CVE-2019-8699 (A logic issue existed in the handling of answering phone calls. The is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8698 (A validation issue existed in the entitlement verification. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8697 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8696 [stack-buffer-overflow in libcups's asn1_get_packed function]
RESERVED
{DLA-1893-1}
@@ -41208,15 +41208,15 @@ CVE-2019-8696 [stack-buffer-overflow in libcups's asn1_get_packed function]
[stretch] - cups 2.2.1-8+deb9u4
NOTE: https://github.com/apple/cups/commit/f24e6cf6a39300ad0c3726a41a4aab51ad54c109
CVE-2019-8695 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8694 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8693 (A validation issue was addressed with improved input sanitization. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8692 (A validation issue was addressed with improved input sanitization. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8691 (A validation issue was addressed with improved input sanitization. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8690 (A logic issue existed in the handling of document loads. This issue wa ...)
{DSA-4515-1}
- webkit2gtk 2.24.3-1
@@ -41248,7 +41248,7 @@ CVE-2019-8686 (Multiple memory corruption issues were addressed with improved me
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8685 (Multiple memory corruption issues were addressed with improved memory ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8684 (Multiple memory corruption issues were addressed with improved memory ...)
{DSA-4515-1}
- webkit2gtk 2.24.4-1
@@ -41262,7 +41262,7 @@ CVE-2019-8683 (Multiple memory corruption issues were addressed with improved me
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8682 (The issue was addressed with improved UI handling. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8681 (Multiple memory corruption issues were addressed with improved memory ...)
{DSA-4515-1}
- webkit2gtk 2.24.3-1
@@ -41331,7 +41331,7 @@ CVE-2019-8671 (Multiple memory corruption issues were addressed with improved me
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8670 (An inconsistent user interface issue was addressed with improved state ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8669 (Multiple memory corruption issues were addressed with improved memory ...)
{DSA-4515-1}
- webkit2gtk 2.24.4-1
@@ -41341,7 +41341,7 @@ CVE-2019-8669 (Multiple memory corruption issues were addressed with improved me
CVE-2019-8668
RESERVED
CVE-2019-8667 (An inconsistent user interface issue was addressed with improved state ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8666 (Multiple memory corruption issues were addressed with improved memory ...)
{DSA-4515-1}
- webkit2gtk 2.24.3-1
@@ -41349,19 +41349,19 @@ CVE-2019-8666 (Multiple memory corruption issues were addressed with improved me
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8665 (A denial of service issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8664
RESERVED
CVE-2019-8663 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8662 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8661 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8660 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8659 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8658 (A logic issue was addressed with improved state management. This issue ...)
{DSA-4515-1}
- webkit2gtk 2.24.4-1
@@ -41369,13 +41369,13 @@ CVE-2019-8658 (A logic issue was addressed with improved state management. This
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8657 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8656
RESERVED
CVE-2019-8655
RESERVED
CVE-2019-8654 (An inconsistent user interface issue was addressed with improved state ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8653
RESERVED
CVE-2019-8652
@@ -41391,11 +41391,11 @@ CVE-2019-8649 (A logic issue existed in the handling of synchronous page loads.
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8648 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8647 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8646 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8645
RESERVED
CVE-2019-8644 (Multiple memory corruption issues were addressed with improved memory ...)
@@ -41409,7 +41409,7 @@ CVE-2019-8643
CVE-2019-8642
RESERVED
CVE-2019-8641 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8640
RESERVED
CVE-2019-8639
@@ -41417,29 +41417,29 @@ CVE-2019-8639
CVE-2019-8638
RESERVED
CVE-2019-8637 (An input validation issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8636
RESERVED
CVE-2019-8635 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8634 (An authentication issue was addressed with improved state management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8633
RESERVED
CVE-2019-8632 (Some analytics data was sent using HTTP rather than HTTPS. This was ad ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8631
RESERVED
CVE-2019-8630 (The issue was addressed with improved UI handling. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8629 (A memory initialization issue was addressed with improved memory handl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8628 (Multiple memory corruption issues were addressed with improved memory ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8627
RESERVED
CVE-2019-8626 (An input validation issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8625 (A logic issue was addressed with improved state management. This issue ...)
{DSA-4558-1}
- webkit2gtk 2.26.0-1
@@ -41447,7 +41447,7 @@ CVE-2019-8625 (A logic issue was addressed with improved state management. This
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
CVE-2019-8624 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8623 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -41461,7 +41461,7 @@ CVE-2019-8622 (Multiple memory corruption issues were addressed with improved me
CVE-2019-8621
RESERVED
CVE-2019-8620 (A user privacy issue was addressed by removing the broadcast MAC addre ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8619 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -41470,9 +41470,9 @@ CVE-2019-8619 (Multiple memory corruption issues were addressed with improved me
CVE-2019-8618
RESERVED
CVE-2019-8617 (An access issue was addressed with additional sandbox restrictions. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8616 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8615 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.24.2-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -41480,7 +41480,7 @@ CVE-2019-8615 (Multiple memory corruption issues were addressed with improved me
CVE-2019-8614
RESERVED
CVE-2019-8613 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8612
RESERVED
CVE-2019-8611 (Multiple memory corruption issues were addressed with improved memory ...)
@@ -41508,26 +41508,26 @@ CVE-2019-8607 (An out-of-bounds read was addressed with improved input validatio
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
CVE-2019-8606 (A validation issue existed in the handling of symlinks. This issue was ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8605 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8604 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8603 (A validation issue was addressed with improved input sanitization. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8602 (A memory corruption issue was addressed by removing the vulnerable cod ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8601 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8600 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8599 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8598 (An input validation issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8597 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -41548,15 +41548,15 @@ CVE-2019-8594 (Multiple memory corruption issues were addressed with improved me
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8593 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8592
RESERVED
CVE-2019-8591 (A type confusion issue was addressed with improved memory handling. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8590 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8589 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8588
RESERVED
CVE-2019-8587 (Multiple memory corruption issues were addressed with improved memory ...)
@@ -41570,7 +41570,7 @@ CVE-2019-8586 (Multiple memory corruption issues were addressed with improved me
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8585 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8584 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -41592,13 +41592,13 @@ CVE-2019-8579
CVE-2019-8578
RESERVED
CVE-2019-8577 (An input validation issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8576 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8575
RESERVED
CVE-2019-8574 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8573
RESERVED
CVE-2019-8572
@@ -41613,13 +41613,13 @@ CVE-2019-8570
CVE-2019-8569
RESERVED
CVE-2019-8568 (A validation issue existed in the handling of symlinks. This issue was ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8567 (A user privacy issue was addressed by removing the broadcast MAC addre ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8566 (An API issue existed in the handling of microphone data. This issue wa ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8565 (A race condition was addressed with additional validation. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8564
RESERVED
CVE-2019-8563 (Multiple memory corruption issues were addressed with improved memory ...)
@@ -41628,11 +41628,11 @@ CVE-2019-8563 (Multiple memory corruption issues were addressed with improved me
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-8562 (A memory corruption issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8561 (A logic issue was addressed with improved validation. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8560 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8559 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -41646,32 +41646,32 @@ CVE-2019-8558 (Multiple memory corruption issues were addressed with improved me
CVE-2019-8557
RESERVED
CVE-2019-8556 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8555 (A buffer overflow was addressed with improved size validation. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8554 (A permissions issue existed in the handling of motion and orientation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8553 (A memory corruption issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8552 (A memory initialization issue was addressed with improved memory handl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8551 (A logic issue was addressed with improved validation. This issue is fi ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-8550 (An issue existed in the pausing of FaceTime video. The issue was resol ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8549 (Multiple input validation issues existed in MIG generated code. These ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8548 (An issue existed where partially entered passcodes may not clear when ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8547
RESERVED
CVE-2019-8546 (An access issue was addressed with additional sandbox restrictions. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8545 (A memory corruption issue was addressed with improved state management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8544 (A memory corruption issue was addressed with improved memory handling. ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -41680,17 +41680,17 @@ CVE-2019-8544 (A memory corruption issue was addressed with improved memory hand
CVE-2019-8543
RESERVED
CVE-2019-8542 (A buffer overflow was addressed with improved bounds checking. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8541 (A privacy issue existed in motion sensor calibration. This issue was a ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8540 (A memory initialization issue was addressed with improved memory handl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8539
RESERVED
CVE-2019-8538
RESERVED
CVE-2019-8537 (An access issue was addressed with improved memory management. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8536 (A memory corruption issue was addressed with improved memory handling. ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
=====================================
data/DSA/list
=====================================
@@ -105,7 +105,7 @@
{CVE-2019-8812 CVE-2019-8814}
[buster] - webkit2gtk 2.26.2-1~deb10+1
[10 Nov 2019] DSA-4562-1 chromium - security update
- {CVE-2019-5869 CVE-2019-5870 CVE-2019-5871 CVE-2019-5872 CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667 CVE-2019-13668 CVE-2019-13669 CVE-2019-13670 CVE-2019-13671 CVE-2019-13673 CVE-2019-13674 CVE-2019-13675 CVE-2019-13676 CVE-2019-13677 CVE-2019-13678 CVE-2019-13679 CVE-2019-13680 CVE-2019-13681 CVE-2019-13682 CVE-2019-13683 CVE-2019-13685 CVE-2019-13686 CVE-2019-13687 CVE-2019-13688 CVE-2019-13691 CVE-2019-13692 CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 CVE-2019-13697 CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707 CVE-2019-13708 CVE-2019-13709 CVE-2019-13710 CVE-2019-13711 CVE-2019-13713 CVE-2019-13714 CVE-2019-13715 CVE-2019-13716 CVE-2019-13717 CVE-2019-13718 CVE-2019-13719 CVE-2019-13720 CVE-2019-13721}
+ {CVE-2019-5869 CVE-2019-5870 CVE-2019-5871 CVE-2019-5872 CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667 CVE-2019-13668 CVE-2019-13669 CVE-2019-13670 CVE-2019-13671 CVE-2019-13673 CVE-2019-13674 CVE-2019-13675 CVE-2019-13676 CVE-2019-13677 CVE-2019-13678 CVE-2019-13679 CVE-2019-13680 CVE-2019-13681 CVE-2019-13682 CVE-2019-13683 CVE-2019-13685 CVE-2019-13686 CVE-2019-13687 CVE-2019-13688 CVE-2019-13691 CVE-2019-13692 CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 CVE-2019-13697 CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707 CVE-2019-13708 CVE-2019-13709 CVE-2019-13710 CVE-2019-13711 CVE-2019-13713 CVE-2019-13714 CVE-2019-13715 CVE-2019-13716 CVE-2019-13717 CVE-2019-13718 CVE-2019-13719 CVE-2019-13720 CVE-2019-13721 CVE-2019-13672}
[buster] - chromium 78.0.3904.97-1~deb10u1
[08 Nov 2019] DSA-4561-1 fribidi - security update
{CVE-2019-18397}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b73f96fbff8128a5ad7cb99386b13fee965c76c3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b73f96fbff8128a5ad7cb99386b13fee965c76c3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191224/a45aef97/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list