[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Dec 30 08:10:26 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b62610c2 by security tracker role at 2019-12-30T08:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2019-20096 (In the Linux kernel before 5.1, there is a memory leak in __feat_regis ...)
+	TODO: check
+CVE-2019-20095 (mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in t ...)
+	TODO: check
+CVE-2019-20094 (An issue was discovered in libsixel 1.8.4. There is a heap-based buffe ...)
+	TODO: check
+CVE-2019-20093 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...)
+	TODO: check
+CVE-2019-20092 (An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer der ...)
+	TODO: check
+CVE-2019-20091 (An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer der ...)
+	TODO: check
+CVE-2019-20090 (An issue was discovered in Bento4 1.5.1.0. There is a use-after-free i ...)
+	TODO: check
+CVE-2019-20089 (GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_See ...)
+	TODO: check
+CVE-2019-20088 (GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayloa ...)
+	TODO: check
+CVE-2019-20087 (GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seek ...)
+	TODO: check
+CVE-2019-20086 (GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next ...)
+	TODO: check
+CVE-2019-20085 (TVT NVMS-1000 devices allow GET /.. Directory Traversal ...)
+	TODO: check
+CVE-2019-20084
+	RESERVED
+CVE-2019-20083
+	RESERVED
+CVE-2019-20082
+	RESERVED
+CVE-2019-20081
+	RESERVED
+CVE-2019-20080
+	RESERVED
+CVE-2019-20079 (The autocmd feature in window.c in Vim before 8.1.2136 accesses freed  ...)
+	TODO: check
+CVE-2019-20078
+	RESERVED
+CVE-2019-20077
+	RESERVED
+CVE-2019-20076 (On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username par ...)
+	TODO: check
+CVE-2019-20075 (On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). ...)
+	TODO: check
+CVE-2019-20074 (On Netis DL4323 devices, any user role can view sensitive information, ...)
+	TODO: check
+CVE-2019-20073 (On Netis DL4323 devices, XSS exists via the form2userconfig.cgi userna ...)
+	TODO: check
+CVE-2019-20072 (On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname par ...)
+	TODO: check
+CVE-2019-20071 (On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete  ...)
+	TODO: check
+CVE-2019-20070 (On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2 ...)
+	TODO: check
+CVE-2019-20069
+	RESERVED
+CVE-2019-20068
+	RESERVED
+CVE-2019-20067
+	RESERVED
+CVE-2019-20066
+	RESERVED
+CVE-2019-20065
+	RESERVED
+CVE-2019-20064
+	RESERVED
+CVE-2019-20063 (hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of m ...)
+	TODO: check
+CVE-2019-20062
+	RESERVED
+CVE-2019-20061
+	RESERVED
+CVE-2019-20060
+	RESERVED
+CVE-2019-20059
+	RESERVED
 CVE-2019-20058 (** DISPUTED ** Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS ...)
 	NOT-FOR-US: Bolt CMS
 CVE-2019-20057 (com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman  ...)
@@ -33943,6 +34019,7 @@ CVE-2019-11052
 CVE-2019-11051
 	RESERVED
 CVE-2019-11050 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
+	{DLA-2050-1}
 	- php7.3 <unfixed>
 	- php7.0 <removed>
 	- php5 <removed>
@@ -33958,18 +34035,21 @@ CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when su
 CVE-2019-11048
 	RESERVED
 CVE-2019-11047 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
+	{DLA-2050-1}
 	- php7.3 <unfixed>
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in PHP 7.4.1, 7.3.13
 	NOTE: PHP Bug: http://bugs.php.net/78910
 CVE-2019-11046 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP  ...)
+	{DLA-2050-1}
 	- php7.3 <unfixed>
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in PHP 7.4.1, 7.3.13
 	NOTE: PHP Bug: http://bugs.php.net/78878
 CVE-2019-11045 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP  ...)
+	{DLA-2050-1}
 	- php7.3 <unfixed>
 	- php7.0 <removed>
 	- php5 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b62610c24d49ff3e939157e971fb082dcd5ef539

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b62610c24d49ff3e939157e971fb082dcd5ef539
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191230/cef3b49b/attachment.html>

More information about the debian-security-tracker-commits mailing list