[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Feb 7 08:10:27 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9a13ddea by security tracker role at 2019-02-07T08:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2019-7579
+ RESERVED
+CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
+ TODO: check
+CVE-2019-7577 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
+ TODO: check
+CVE-2019-7576 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
+ TODO: check
+CVE-2019-7575 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
+ TODO: check
+CVE-2019-7574 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
+ TODO: check
+CVE-2019-7573 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
+ TODO: check
+CVE-2019-7572 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
+ TODO: check
+CVE-2019-7571
+ RESERVED
+CVE-2019-7570 (A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users ...)
+ TODO: check
+CVE-2019-7569 (An issue was discovered in DOYO (aka doyocms) 2.3(20140425 update). ...)
+ TODO: check
+CVE-2019-7568 (An issue was discovered in baijiacms V4 that can result in time-based ...)
+ TODO: check
+CVE-2019-7567 (An issue was discovered in Waimai Super Cms 20150505. ...)
+ TODO: check
+CVE-2019-7566 (CSZ CMS 1.1.8 has CSRF via admin/users/new/add. ...)
+ TODO: check
+CVE-2019-7565
+ RESERVED
+CVE-2019-7564
+ RESERVED
+CVE-2019-7563
+ RESERVED
+CVE-2019-7562
+ RESERVED
+CVE-2019-7561
+ RESERVED
+CVE-2019-7560 (In parser/btorsmt2.c in Boolector 3.0.0, opening a specially crafted ...)
+ TODO: check
+CVE-2019-7559 (In btor2parser/btor2parser.c in Boolector Btor2Tools before 2019-01-15, ...)
+ TODO: check
+CVE-2019-7558
+ RESERVED
+CVE-2019-7557
+ RESERVED
+CVE-2019-7556
+ RESERVED
+CVE-2019-7555
+ RESERVED
+CVE-2019-7554
+ RESERVED
+CVE-2019-7553
+ RESERVED
+CVE-2019-7552
+ RESERVED
+CVE-2019-7551
+ RESERVED
+CVE-2019-7550
+ RESERVED
+CVE-2019-7549
+ RESERVED
+CVE-2019-7548 (SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be ...)
+ TODO: check
+CVE-2019-7547 (An issue was discovered in SIDU 6.0. Because the database name is not ...)
+ TODO: check
+CVE-2019-7546 (An issue was discovered in SIDU 6.0. The dbs parameter of the conn.php ...)
+ TODO: check
+CVE-2019-7545 (In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a ...)
+ TODO: check
+CVE-2019-7544 (An issue was discovered in MyWebSQL 3.7. The Add User function of the ...)
+ TODO: check
+CVE-2019-7543 (In KindEditor 4.1.11, the php/demo.php content1 parameter has a ...)
+ TODO: check
+CVE-2019-7542
+ RESERVED
+CVE-2018-20763 (In GPAC through 0.7.2, gf_text_get_utf8_line in ...)
+ TODO: check
+CVE-2018-20762 (GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in ...)
+ TODO: check
+CVE-2018-20761 (GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in ...)
+ TODO: check
+CVE-2018-20760 (In GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in ...)
+ TODO: check
CVE-2019-7541
RESERVED
CVE-2019-7540
@@ -2418,8 +2502,7 @@ CVE-2019-6519 (WebAccess/SCADA, Version 8.3. An improper authentication vulnerab
NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-6518
RESERVED
-CVE-2019-6517
- RESERVED
+CVE-2019-6517 (BD FACSLyric Research Use Only, Windows 10 Professional Operating ...)
NOT-FOR-US: BD FACSLyric
CVE-2019-6516
RESERVED
@@ -2521,7 +2604,7 @@ CVE-2019-6488 (The string component in the GNU C Library (aka glibc or libc6) th
CVE-2019-6487 (TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 ...)
NOT-FOR-US: TP-Link
CVE-2019-6486 (Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 ...)
- {DSA-4380-1 DSA-4379-1}
+ {DSA-4380-1 DSA-4379-1 DLA-1664-1}
- golang-1.12 1.12~beta2-2 (bug #920548)
- golang-1.11 1.11.5-1
- golang-1.10 <removed>
@@ -5933,6 +6016,7 @@ CVE-2019-5011
RESERVED
CVE-2019-5010 [NULL pointer dereference using a specially crafted X509 certificate]
RESERVED
+ {DLA-1663-1}
- python3.7 3.7.2-2 (bug #921064)
- python3.6 <unfixed> (bug #921063)
- python3.5 <removed>
@@ -8344,28 +8428,26 @@ CVE-2019-3826 [Stored DOM cross-site scripting (XSS) attack via crafted URL]
- prometheus <unfixed>
[stretch] - prometheus <not-affected> (Only affects 2.1.0 onwards)
NOTE: https://github.com/prometheus/prometheus/pull/5163
-CVE-2019-3825 [lock screen bypass when timed login is enabled]
- RESERVED
+CVE-2019-3825 (A vulnerability was discovered in gdm before 3.31.4. When timed login ...)
- gdm3 <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/gdm/issues/460
CVE-2019-3824
RESERVED
-CVE-2019-3823 [curl: SMTP end-of-response out-of-bounds read]
- RESERVED
+CVE-2019-3823 (libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap ...)
+ {DSA-4386-1}
- curl 7.64.0-1
NOTE: https://curl.haxx.se/docs/CVE-2019-3823.html
NOTE: Fixed by: https://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484
NOTE: Introduced by: https://github.com/curl/curl/commit/2766262a68688c1dd8143f9c4be84b46c408b70a
-CVE-2019-3822 [curl: NTLMv2 type-3 header stack buffer overflow]
- RESERVED
+CVE-2019-3822 (libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a ...)
+ {DSA-4386-1}
- curl 7.64.0-1
NOTE: https://curl.haxx.se/docs/CVE-2019-3822.html
NOTE: Fixed by: https://github.com/curl/curl/commit/50c9484278c63b958655a717844f0721263939cc
NOTE: Introduced by: https://github.com/curl/curl/commit/86724581b6c02d160b52f817550cfdfc9c93af62
CVE-2019-3821
RESERVED
-CVE-2019-3820 [partial lock screen bypass]
- RESERVED
+CVE-2019-3820 (It was discovered that the gnome-shell lock screen since version ...)
- gnome-shell 3.30.2-3 (bug #921490)
[jessie] - gnome-shell <not-affected> (Vulnerable code not present)
NOTE: Introduced by: https://bugzilla.gnome.org/show_bug.cgi?id=745039
@@ -10019,6 +10101,7 @@ CVE-2018-20408 (An issue was discovered in Bento4 1.5.1-627. There is a memory l
CVE-2018-20407 (An issue was discovered in Bento4 1.5.1-627. There is a memory leak in ...)
NOT-FOR-US: Bento4
CVE-2018-20406 (Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a ...)
+ {DLA-1663-1}
- python3.7 3.7.0-7
- python3.6 3.6.7~rc1-1
- python3.5 <removed>
@@ -10619,7 +10702,7 @@ CVE-2018-20248 (In Foxit Quick PDF Library (all versions prior to 16.12), issue
CVE-2018-20247 (In Foxit Quick PDF Library (all versions prior to 16.12), issue where ...)
NOT-FOR-US: Foxit Quick PDF Library
CVE-2018-20246
- RESERVED
+ REJECTED
CVE-2018-20245 (The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior ...)
NOT-FOR-US: Apache Airflow
CVE-2018-20244
@@ -25244,7 +25327,7 @@ CVE-2018-17204 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.
NOTE: https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde (branch-2.7)
NOTE: ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
CVE-2018-17203
- RESERVED
+ REJECTED
CVE-2018-17202
RESERVED
CVE-2018-17201
@@ -25991,8 +26074,8 @@ CVE-2018-16892
RESERVED
CVE-2018-16891
RESERVED
-CVE-2018-16890 [curl: NTLM type-2 out-of-bounds buffer read]
- RESERVED
+CVE-2018-16890 (libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap ...)
+ {DSA-4386-1}
- curl 7.64.0-1
NOTE: https://curl.haxx.se/docs/CVE-2018-16890.html
NOTE: Fixed by: https://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb
@@ -47417,6 +47500,7 @@ CVE-2018-8791 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bo
CVE-2018-8790
RESERVED
CVE-2018-8789 (FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds ...)
+ {DLA-1666-1}
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6
@@ -47425,10 +47509,12 @@ CVE-2018-8788 (FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Writ
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659
CVE-2018-8787 (FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that ...)
+ {DLA-1666-1}
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a
CVE-2018-8786 (FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that ...)
+ {DLA-1666-1}
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3
@@ -49774,8 +49860,8 @@ CVE-2018-7841
RESERVED
CVE-2018-7840
RESERVED
-CVE-2018-7839
- RESERVED
+CVE-2018-7839 (A Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor ...)
+ TODO: check
CVE-2018-7838
RESERVED
CVE-2018-7837 (An Improper Restriction of XML External Entity Reference ('XXE') ...)
@@ -49818,16 +49904,16 @@ CVE-2018-7819
RESERVED
CVE-2018-7818
RESERVED
-CVE-2018-7817
- RESERVED
+CVE-2018-7817 (A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 ...)
+ TODO: check
CVE-2018-7816
RESERVED
-CVE-2018-7815
- RESERVED
-CVE-2018-7814
- RESERVED
-CVE-2018-7813
- RESERVED
+CVE-2018-7815 (A Type Confusion (CWE-843) vulnerability exists in Eurotherm by ...)
+ TODO: check
+CVE-2018-7814 (A Stack-based Buffer Overflow (CWE-121) vulnerability exists in ...)
+ TODO: check
+CVE-2018-7813 (A Type Confusion (CWE-843) vulnerability exists in Eurotherm by ...)
+ TODO: check
CVE-2018-7812 (An Information Exposure through Discrepancy vulnerability exists in ...)
NOT-FOR-US: Schneider Electric
CVE-2018-7811 (An Unverified Password Change vulnerability exists in the embedded web ...)
@@ -61275,10 +61361,10 @@ CVE-2018-3983
RESERVED
CVE-2018-3982 (An exploitable arbitrary write vulnerability exists in the Word ...)
NOT-FOR-US: Atlantis Word Processor
-CVE-2018-3981 (An exploitable uninitialized pointer vulnerability exists in the Word ...)
+CVE-2018-3981 (An exploitable out-of-bounds write exists in the TIFF-parsing ...)
NOT-FOR-US: Atlantis Word Processor
-CVE-2018-3980
- RESERVED
+CVE-2018-3980 (An exploitable out-of-bounds write exists in the TIFF-parsing ...)
+ TODO: check
CVE-2018-3979
RESERVED
CVE-2018-3978 (An exploitable out-of-bounds write vulnerability exists in the Word ...)
@@ -61292,14 +61378,14 @@ CVE-2018-3977 (An exploitable code execution vulnerability exists in the XCF ima
[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645
NOTE: https://hg.libsdl.org/SDL_image/rev/170d7d32e4a8
-CVE-2018-3976
- RESERVED
+CVE-2018-3976 (An exploitable out-of-bounds write exists in the CALS Raster file ...)
+ TODO: check
CVE-2018-3975 (An exploitable uninitialized variable vulnerability exists in the ...)
NOT-FOR-US: Atlantis Word Processor
CVE-2018-3974
RESERVED
-CVE-2018-3973
- RESERVED
+CVE-2018-3973 (An exploitable out of bounds write exists in the CAL parsing ...)
+ TODO: check
CVE-2018-3972 (An exploitable code execution vulnerability exists in the Levin ...)
NOT-FOR-US: Epee library
CVE-2018-3971 (An exploitable arbitrary write vulnerability exists in the 0x2222CC ...)
@@ -136665,7 +136751,7 @@ CVE-2016-5687 (The VerticalFilter function in the DDS coder in ImageMagick befor
NOTE: https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html
NOTE: https://github.com/ImageMagick/ImageMagick/commit/0b7172f2ba2c9e664d4df148e7d6e14a50edb57a
CVE-2016-5699 (CRLF injection vulnerability in the HTTPConnection.putheader function ...)
- {DLA-522-1}
+ {DLA-1663-1 DLA-522-1}
- python3.5 <not-affected> (Fixed with initial upload to Debian)
- python3.4 3.4.4~rc1-1
- python2.7 2.7.10~rc1-1
@@ -137236,7 +137322,7 @@ CVE-2016-6211 (The User module in Drupal 7.x before 7.44 allows remote authentic
NOTE: https://gist.github.com/lamby/4697fea399f3f01ca6de3ce9ed79fce7 tarball diff
NOTE: https://gist.github.com/lamby/dbeda4d49f48a32aa0dd4b3ed7f06a13 filtered diff
CVE-2016-5636 (Integer overflow in the get_data function in zipimport.c in CPython ...)
- {DLA-522-1}
+ {DLA-1663-1 DLA-522-1}
- python3.5 3.5.2~rc1-1
- python3.4 <removed>
- python2.7 2.7.12~rc1-1
@@ -153100,7 +153186,7 @@ CVE-2016-0773 (PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.1
[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
NOTE: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=3bb3f42f3749d40b8d4de65871e8d828b18d4a45
CVE-2016-0772 (The smtplib library in CPython (aka Python) before 2.7.12, 3.x before ...)
- {DLA-871-1 DLA-522-1}
+ {DLA-1663-1 DLA-871-1 DLA-522-1}
- python3.5 3.5.2~rc1-1
- python3.4 <removed>
- python3.2 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a13ddea2f9428e904b76ab0bfa3493bf8b80892
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a13ddea2f9428e904b76ab0bfa3493bf8b80892
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190207/50afe2b5/attachment.html>
More information about the debian-security-tracker-commits
mailing list