[Git][security-tracker-team/security-tracker][master] automatic update

Fri Feb 1 08:10:26 GMT 2019

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c25fe47 by security tracker role at 2019-02-01T08:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2019-7298 (An issue was discovered on D-Link DIR-823G devices with firmware ...)
+	TODO: check
+CVE-2019-7297 (An issue was discovered on D-Link DIR-823G devices with firmware ...)
+	TODO: check
+CVE-2019-7296 (typora through 0.9.64 has XSS, with resultant remote command execution, ...)
+	TODO: check
+CVE-2019-7295 (typora through 0.9.63 has XSS, with resultant remote command execution, ...)
+	TODO: check
+CVE-2019-7294
+	RESERVED
+CVE-2019-7293
+	RESERVED
+CVE-2019-7292
+	RESERVED
+CVE-2019-7291
+	RESERVED
+CVE-2019-7290
+	RESERVED
+CVE-2019-7289
+	RESERVED
+CVE-2019-7288
+	RESERVED
+CVE-2019-7287
+	RESERVED
+CVE-2019-7286
+	RESERVED
+CVE-2019-7285
+	RESERVED
+CVE-2019-7284
+	RESERVED
 CVE-2019-7281
 	RESERVED
 CVE-2019-7280
@@ -19817,7 +19847,7 @@ CVE-2018-19025
 	RESERVED
 CVE-2018-19024
 	RESERVED
-CVE-2018-19023 (Hetronic Nova-M radio control systems prior to version r161 use fixed ...)
+CVE-2018-19023 (Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state. ...)
 	NOT-FOR-US: Hetronic Nova-M radio control systems
 CVE-2018-19022
 	RESERVED
@@ -19893,7 +19923,7 @@ CVE-2018-18987 (VT-Designer Version 2.1.7.31 is vulnerable by the program popula
 	NOT-FOR-US: VT-Designer
 CVE-2018-18986
 	RESERVED
-CVE-2018-18985 (Tridium Niagara Enterprise Security 2.3u1, all versions prior to ...)
+CVE-2018-18985 (Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality. ...)
 	NOT-FOR-US: Tridium Niagara Enterprise
 CVE-2018-18984 (Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 ...)
 	NOT-FOR-US: Medtronic
@@ -22755,8 +22785,7 @@ CVE-2018-17930 (A stack-based buffer overflow vulnerability has been identified
 	NOT-FOR-US: Teledyne DALSA Sherlock
 CVE-2018-17929 (In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and ...)
 	NOT-FOR-US: TPEditor
-CVE-2018-17928
-	RESERVED
+CVE-2018-17928 (The product CMS-770 (Software Versions 1.7.1 and prior)is vulnerable ...)
 	NOT-FOR-US: ABB CMS-770
 CVE-2018-17927 (In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and ...)
 	NOT-FOR-US: TPEditor
@@ -28206,7 +28235,7 @@ CVE-2018-15781
 CVE-2018-15780 (RSA Archer versions prior to 6.5.0.1 contain an improper access ...)
 	NOT-FOR-US: RSA Archer
 CVE-2018-15779
-	RESERVED
+	REJECTED
 CVE-2018-15778
 	RESERVED
 CVE-2018-15777
@@ -36381,8 +36410,8 @@ CVE-2018-12550
 	RESERVED
 CVE-2018-12549
 	RESERVED
-CVE-2018-12548
-	RESERVED
+CVE-2018-12548 (In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public ...)
+	TODO: check
 CVE-2018-12547
 	RESERVED
 CVE-2018-12546
@@ -54124,8 +54153,8 @@ CVE-2018-6243
 	RESERVED
 CVE-2018-6242 (Some NVIDIA Tegra mobile processors released prior to 2016 contain a ...)
 	NOT-FOR-US: NVIDIA
-CVE-2018-6241
-	RESERVED
+CVE-2018-6241 (NVIDIA Tegra Gralloc module contains a vulnerability in driver in ...)
+	TODO: check
 CVE-2018-6240
 	RESERVED
 CVE-2018-6239
@@ -56415,8 +56444,8 @@ CVE-2018-5562
 	RESERVED
 CVE-2018-5561
 	RESERVED
-CVE-2018-5560
-	RESERVED
+CVE-2018-5560 (A reliance on a static, hard-coded credential in the design of the ...)
+	TODO: check
 CVE-2018-5559 (In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are ...)
 	NOT-FOR-US: Rapid7 Komand
 CVE-2018-5558
@@ -81446,7 +81475,7 @@ CVE-2017-14224 (A heap-based buffer overflow in WritePCXImage in coders/pcx.c in
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7f2d6fe34d695d3445e2d50937db5541a1b76bde
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c6409227c430f114b6425337e64b848535b62e0b
 CVE-2017-14223 (In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in ...)
-	{DSA-3996-1}
+	{DSA-3996-1 DLA-1654-1}
 	- ffmpeg 7:3.3.4-1 (low)
 	- libav <removed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/afc9c683ed9db01edb357bc8c19edad4282b3a97
@@ -81594,7 +81623,7 @@ CVE-2017-14170 (In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in ...)
 	- libav <removed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2
 CVE-2017-14169 (In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg ...)
-	{DSA-3996-1}
+	{DSA-3996-1 DLA-1654-1}
 	- ffmpeg 7:3.3.4-1 (low)
 	- libav <removed>
 	NOTE: libav in Jessie uses a different guard for item_num. Check whether
@@ -100537,6 +100566,7 @@ CVE-2017-7866 (FFmpeg before 2017-01-23 has an out-of-bounds write caused by a .
 	[jessie] - libav <not-affected> (vulnerable code not present)
 	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/e371f031b942d73e02c090170975561fabd5c264
 CVE-2017-7865 (FFmpeg before 2017-01-24 has an out-of-bounds write caused by a ...)
+	{DLA-1654-1}
 	- ffmpeg 7:3.2.4-1
 	- libav <removed>
 	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/2080bc33717955a0e4268e738acf8c1eeddbf8cb
@@ -100545,6 +100575,7 @@ CVE-2017-7864 (FreeType 2 before 2017-02-02 has an out-of-bounds write caused by
 	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=e6699596af5c5d6f0ae0ea06e19df87dce088df8
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=509
 CVE-2017-7863 (FFmpeg before 2017-02-04 has an out-of-bounds write caused by a ...)
+	{DLA-1654-1}
 	- ffmpeg 7:3.2.4-1
 	- libav <removed>
 	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e
@@ -176262,6 +176293,7 @@ CVE-2015-1208 (Integer underflow in the mov_read_default function in ...)
 	- ffmpeg 7:2.5.3-1
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3ebd76a9c57558e284e94da367dd23b435e6a6d0
 CVE-2015-1207 (Double-free vulnerability in libavformat/mov.c in FFMPEG in Google ...)
+	{DLA-1654-1}
 	- ffmpeg 7:2.6.1-1
 	- libav <removed>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3859868c75313e318ebc5d0d33baada62d45dd75
@@ -182744,6 +182776,7 @@ CVE-2014-8543 (libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all
 	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e
 	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=17ba719d9ba30c970f65747f42d5fbb1e447ca28
 CVE-2014-8542 (libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID ...)
+	{DLA-1654-1}
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:11.2-1 (bug #773626)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1c25fe47cde19738ef23d36e581a2ee54b5fc093

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1c25fe47cde19738ef23d36e581a2ee54b5fc093
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190201/21e04d53/attachment-0001.html>
