[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Dec 24 20:10:44 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35840e7b by security tracker role at 2019-12-24T20:10:32Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-19956 (xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.1 ...)
+	TODO: check
+CVE-2019-19955
+	RESERVED
+CVE-2019-19954 (Signal Desktop before 1.29.1 on Windows allows local users to gain pri ...)
+	TODO: check
 CVE-2019-19953 (In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buff ...)
 	- graphicsmagick <unfixed> (bug #947311)
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf
@@ -77,12 +83,12 @@ CVE-2019-19927
 CVE-2019-19926 (multiSelect in select.c in SQLite 3.30.1 mishandles certain errors dur ...)
 	- sqlite3 <not-affected> (Incomplete fix for CVE-2019-19880 not applied)
 	NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
-CVE-2019-19925
-	RESERVED
-CVE-2019-19924
-	RESERVED
-CVE-2019-19923
-	RESERVED
+CVE-2019-19925 (zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL ...)
+	TODO: check
+CVE-2019-19924 (SQLite 3.30.1 mishandles certain parser-tree rewriting, related to exp ...)
+	TODO: check
+CVE-2019-19923 (flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses o ...)
+	TODO: check
 CVE-2019-19922 (kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quo ...)
 	- linux 5.3.9-1
 	NOTE: https://git.kernel.org/linus/de53fd7aedb100f03e5d2231cfce0e4993282425
@@ -197,7 +203,7 @@ CVE-2019-19906 (cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write le
 	NOTE: https://www.openldap.org/its/index.cgi/Incoming?id=9123
 CVE-2019-16787
 	REJECTED
-CVE-2019-19905 (NetHack before 3.6.4 is prone to a buffer overflow vulnerability when  ...)
+CVE-2019-19905 (NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability ...)
 	- nethack <unfixed> (low; bug #947005)
 	[buster] - nethack <no-dsa> (Minor issue)
 	[stretch] - nethack <no-dsa> (Minor issue)
@@ -3539,8 +3545,8 @@ CVE-2019-19697
 	RESERVED
 CVE-2019-19696
 	RESERVED
-CVE-2019-19695
-	RESERVED
+CVE-2019-19695 (A privilege escalation vulnerability in Trend Micro Antivirus for Mac  ...)
+	TODO: check
 CVE-2019-19694
 	RESERVED
 CVE-2019-19693 (The Trend Micro Security 2020 consumer family of products contains a v ...)
@@ -11105,8 +11111,8 @@ CVE-2019-18251 (In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Su
 	NOT-FOR-US: Omron
 CVE-2019-18250 (In all versions of ABB Power Generation Information Manager (PGIM) and ...)
 	NOT-FOR-US: ABB
-CVE-2019-18249
-	RESERVED
+CVE-2019-18249 (Reliable Controls MACH-ProWebCom/Sys, all versions prior to 2.15 (Firm ...)
+	TODO: check
 CVE-2019-18248
 	RESERVED
 CVE-2019-18247 (An attacker may use a specially crafted message to force Relion 650 se ...)
@@ -120507,8 +120513,8 @@ CVE-2017-16785 (Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. ..
 	NOTE: one of the applied patches reopened the vulnerability
 CVE-2017-16779
 	RESERVED
-CVE-2017-16778
-	RESERVED
+CVE-2017-16778 (An access control weakness in the DTMF tone receiver of Fermax Outdoor ...)
+	TODO: check
 CVE-2017-16777 (If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion)  ...)
 	NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
 CVE-2017-16776 (Security researchers discovered an authentication bypass vulnerability ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/35840e7ba1dd4d813444c3b509ff1db0c5961a9e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/35840e7ba1dd4d813444c3b509ff1db0c5961a9e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191224/ad31802c/attachment.html>

More information about the debian-security-tracker-commits mailing list