[Git][security-tracker-team/security-tracker][master] automatic update

Sun Dec 29 20:10:35 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
639aa89f by security tracker role at 2019-12-29T20:10:24Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-20058 (** DISPUTED ** Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS ...)
+	TODO: check
+CVE-2019-20057 (com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman  ...)
+	TODO: check
+CVE-2019-20056 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel and o ...)
+	TODO: check
 CVE-2019-20055 (LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substri ...)
 	NOT-FOR-US: LuquidPixels LiquiFire OS
 CVE-2019-20053 (An invalid memory address dereference was discovered in the canUnpack  ...)
@@ -257,6 +263,7 @@ CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/603/
 CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...)
+	{DLA-2049-1}
 	- imagemagick <unfixed> (low; bug #947309)
 	[buster] - imagemagick <no-dsa> (Minor issue)
 	[stretch] - imagemagick <no-dsa> (Minor issue)
@@ -264,6 +271,7 @@ CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-r
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617 (7.x)
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/34adc98afd5c7e7fb774d2ebdaea39e831c24dce (6.x)
 CVE-2019-19948 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in  ...)
+	{DLA-2049-1}
 	- imagemagick <unfixed> (low; bug #947308)
 	[buster] - imagemagick <no-dsa> (Minor issue)
 	[stretch] - imagemagick <no-dsa> (Minor issue)
@@ -1281,7 +1289,7 @@ CVE-2019-19810
 CVE-2019-19809
 	RESERVED
 CVE-2019-3467 (Debian-edu-config all versions < 2.11.10, a set of configuration fi ...)
-	{DSA-4589-1 DLA-2041-1}
+	{DSA-4595-1 DSA-4589-1 DLA-2041-1}
 	- debian-edu-config 2.11.10 (bug #946797)
 	- debian-lan-config 0.26 (bug #947459)
 	NOTE: debian-lan-config is effectively the same issue as in debian-edu-config and a somewhat



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/639aa89f835faff7c14d48d9d9af80025408e163

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/639aa89f835faff7c14d48d9d9af80025408e163
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191229/4e00937a/attachment-0001.html>
