[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Dec 28 08:10:30 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a03e01db by security tracker role at 2019-12-28T08:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,12 @@
-CVE-2019-20054 [fs/proc/proc_sysctl.c: NULL pointer dereferences]
+CVE-2019-20053 (An invalid memory address dereference was discovered in the canUnpack  ...)
+	TODO: check
+CVE-2019-20052 (A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 ...)
+	TODO: check
+CVE-2019-20051 (A floating-point exception was discovered in PackLinuxElf::elf_hash in ...)
+	TODO: check
+CVE-2019-20050
+	RESERVED
+CVE-2019-20054 (In the Linux kernel before 5.0.6, there is a NULL pointer dereference  ...)
 	- linux 5.2.6-1
 	[buster] - linux 4.19.67-1
 	[stretch] - linux 4.9.184-1
@@ -13846,6 +13854,7 @@ CVE-2019-17565
 CVE-2019-17564
 	RESERVED
 CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29,  ...)
+	{DSA-4596-1}
 	- tomcat9 <unfixed>
 	- tomcat8 <removed>
 	- tomcat7 <removed>
@@ -30049,6 +30058,7 @@ CVE-2019-12420 (In Apache SpamAssassin before 3.4.3, a message can be crafted in
 CVE-2019-12419 (Apache CXF before 3.3.4 and 3.2.11 provides all of the components that ...)
 	NOT-FOR-US: Apache CFX
 CVE-2019-12418 (When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0. ...)
+	{DSA-4596-1}
 	- tomcat9 <unfixed>
 	- tomcat8 <removed>
 	- tomcat7 <removed>
@@ -30640,7 +30650,7 @@ CVE-2019-12214 (In FreeImage 3.18.0, an out-of-bounds access occurs because of m
 	NOTE: in libopenjpeg, not freeimage. Without reproducer or stacktrace, this is
 	NOTE: nearly unfixable.
 CVE-2019-12213 (When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory ...)
-	{DLA-2031-1}
+	{DSA-4593-1 DLA-2031-1}
 	- freeimage <unfixed> (bug #929597)
 	[buster] - freeimage <postponed> (Revisit when upstream fixes are available)
 	[stretch] - freeimage <postponed> (Revisit when upstream fixes are available)
@@ -30653,7 +30663,7 @@ CVE-2019-12212 (When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIF
 	[jessie] - freeimage <postponed> (Revisit when upstream fixes are available)
 	NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
 CVE-2019-12211 (When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load ...)
-	{DLA-2031-1}
+	{DSA-4593-1 DLA-2031-1}
 	- freeimage <unfixed> (bug #929597)
 	[buster] - freeimage <postponed> (Revisit when upstream fixes are available)
 	[stretch] - freeimage <postponed> (Revisit when upstream fixes are available)
@@ -61617,6 +61627,7 @@ CVE-2019-1552 (OpenSSL has internal defaults for a directory tree where it can f
 	- openssl1.0 <not-affected> (Windows-specific)
 	NOTE: https://www.openssl.org/news/secadv/20190730.txt
 CVE-2019-1551 (There is an overflow bug in the x64_64 Montgomery squaring procedure u ...)
+	{DSA-4594-1}
 	- openssl <unfixed> (low)
 	[buster] - openssl <postponed> (Wait until next upstream security release)
 	[stretch] - openssl <postponed> (Wait until next upstream security release)
@@ -65414,7 +65425,7 @@ CVE-2019-0222 (In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT fra
 	[jessie] - activemq <not-affected> (MQTT support not enabled)
 	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt
 CVE-2019-0221 (The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0  ...)
-	{DLA-1883-1 DLA-1810-1}
+	{DSA-4596-1 DLA-1883-1 DLA-1810-1}
 	- tomcat9 9.0.16-4 (bug #929895)
 	- tomcat8 <removed>
 	- tomcat7 <removed>
@@ -65490,6 +65501,7 @@ CVE-2019-0201 (An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0
 CVE-2019-0200 (A Denial of Service vulnerability was found in Apache Qpid Broker-J ve ...)
 	- qpid-java <itp> (bug #840131)
 CVE-2019-0199 (The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5. ...)
+	{DSA-4596-1}
 	- tomcat9 9.0.16-1
 	- tomcat8 8.5.38-1
 	[jessie] - tomcat8 <not-affected> (HTTP/2 support not implemented)
@@ -85559,7 +85571,7 @@ CVE-2018-11786 (In Apache Karaf prior to 4.2.0 release, if the sshd service in K
 CVE-2018-11785 (Missing authorization check in Apache Impala before 3.0.1 allows a Ker ...)
 	NOT-FOR-US: Apache Impala
 CVE-2018-11784 (When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, ...)
-	{DLA-1545-1 DLA-1544-1}
+	{DSA-4596-1 DLA-1545-1 DLA-1544-1}
 	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
 	- tomcat8 8.5.34-1
 	- tomcat8.0 <removed> (unimportant)
@@ -95590,7 +95602,7 @@ CVE-2018-8016 (The default configuration in Apache Cassandra 3.8 through 3.11.1
 CVE-2018-8015 (In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endle ...)
 	NOT-FOR-US: Apache ORC
 CVE-2018-8014 (The defaults settings for the CORS filter provided in Apache Tomcat 9. ...)
-	{DLA-1883-1 DLA-1400-1}
+	{DSA-4596-1 DLA-1883-1 DLA-1400-1}
 	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
 	- tomcat8 8.5.32-1 (bug #898935)
 	- tomcat8.0 <removed> (unimportant)
@@ -235219,8 +235231,8 @@ CVE-2014-6434 (gpExec in GoPro HERO 3+ allows remote attackers to execute arbitr
 	NOT-FOR-US: GoPro
 CVE-2014-6433 (gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary f ...)
 	NOT-FOR-US: GoPro
-CVE-2014-6420
-	RESERVED
+CVE-2014-6420 (Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0  ...)
+	TODO: check
 CVE-2014-6419
 	RESERVED
 CVE-2014-6415
@@ -237797,8 +237809,8 @@ CVE-2014-5291
 	RESERVED
 CVE-2014-5290
 	RESERVED
-CVE-2014-5289
-	RESERVED
+CVE-2014-5289 (Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execu ...)
+	TODO: check
 CVE-2014-5288
 	RESERVED
 CVE-2014-5287
@@ -239726,8 +239738,8 @@ CVE-2014-4552 (Cross-site scripting (XSS) vulnerability in library/includes/paym
 	NOT-FOR-US: WordPress plugin Spotlight
 CVE-2014-4551 (Cross-site scripting (XSS) vulnerability in diagnostics/test.php in th ...)
 	NOT-FOR-US: WordPress plugin Social Connect
-CVE-2014-4550
-	RESERVED
+CVE-2014-4550 (Cross-site scripting (XSS) vulnerability in preview-shortcode-external ...)
+	TODO: check
 CVE-2014-4549 (Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplet ...)
 	NOT-FOR-US: WordPress plugin WooCommerce SagePay Direct Payment Gateway
 CVE-2014-4548 (Cross-site scripting (XSS) vulnerability in tinymce/popup.php in the R ...)
@@ -239756,8 +239768,8 @@ CVE-2014-4537 (Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the
 	NOT-FOR-US: WordPress plugin Keyword Strategy Internal Links
 CVE-2014-4536 (Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_t ...)
 	NOT-FOR-US: Infusionsoft Gravity Forms plugin for WordPress
-CVE-2014-4535
-	RESERVED
+CVE-2014-4535 (Cross-site scripting (XSS) vulnerability in the Import Legacy Media pl ...)
+	TODO: check
 CVE-2014-4534 (Multiple cross-site scripting (XSS) vulnerabilities in videoplayer/aut ...)
 	NOT-FOR-US: WordPress plugin HTML5 Video Player with Playlist
 CVE-2014-4533 (Cross-site scripting (XSS) vulnerability in ajax_functions.php in the  ...)
@@ -243678,8 +243690,8 @@ CVE-2014-3139 (recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.
 	NOT-FOR-US: Unitrends Enterprise Backup
 CVE-2014-3138 (SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hot ...)
 	NOT-FOR-US: Xerox DocuShare
-CVE-2014-3136
-	RESERVED
+CVE-2014-3136 (Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev ...)
+	TODO: check
 CVE-2014-3135 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 ...)
 	NOT-FOR-US: vBulletin
 CVE-2014-3134 (Cross-site scripting (XSS) vulnerability in the InfoView application i ...)
@@ -275584,8 +275596,8 @@ CVE-2012-4982 (Open redirect vulnerability in assets/login on the Forescout Coun
 	NOT-FOR-US: Forescout device
 CVE-2012-4981
 	RESERVED
-CVE-2012-4980
-	RESERVED
+CVE-2012-4980 (Multiple stack-based buffer overflows in CFProfile.exe in Toshiba Conf ...)
+	TODO: check
 CVE-2012-4979
 	RESERVED
 CVE-2012-4978



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a03e01dbfe00b1a4844019ebc552ce8fc58bb5b1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a03e01dbfe00b1a4844019ebc552ce8fc58bb5b1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191228/83751651/attachment.html>

More information about the debian-security-tracker-commits mailing list