[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 19 20:10:32 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
133cb9e9 by security tracker role at 2019-02-19T20:10:23Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,16 @@
+CVE-2019-8939 (data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a ...)
+ TODO: check
+CVE-2019-8938
+ RESERVED
+CVE-2019-8937
+ RESERVED
+CVE-2019-8936
+ RESERVED
+CVE-2019-8934
+ RESERVED
CVE-2019-8933 (In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ ...)
NOT-FOR-US: DedeCMS
-CVE-2019-8935 [Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter]
+CVE-2019-8935 (Collabtive 3.1 allows XSS via the manageuser.php?action=profile id ...)
- collabtive <removed>
CVE-2019-8932
RESERVED
@@ -3309,9 +3319,9 @@ CVE-2019-7402 (An issue was discovered in PHPMyWind 5.5. The GetQQ function in .
CVE-2019-7401 (NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based ...)
NOT-FOR-US: NGINX Unit (different from FLOSS nginx)
CVE-2017-1000000
- RESERVED
+ REJECTED
CVE-2014-1000000
- RESERVED
+ REJECTED
CVE-2019-7400 (Rukovoditel before 2.4.1 allows XSS. ...)
NOT-FOR-US: Rukovoditel
CVE-2019-7399 (Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against ...)
@@ -5638,7 +5648,7 @@ CVE-2019-6455 (An issue was discovered in GNU Recutils 1.8. There is a double-fr
NOTE: Negligable security impact
CVE-2019-6454 [systemd (PID1) crash with specially crafted D-Bus message]
RESERVED
- {DSA-4393-1}
+ {DSA-4393-1 DLA-1684-1}
- systemd 240-6
NOTE: https://www.openwall.com/lists/oss-security/2019/02/18/3
CVE-2019-6453 (mIRC before 7.55 allows remote command execution by using argument ...)
@@ -7250,121 +7260,92 @@ CVE-2019-5784
RESERVED
{DSA-4395-1}
- chromium 72.0.3626.109-1
-CVE-2019-5783
- RESERVED
+CVE-2019-5783 (Missing URI encoding of untrusted input in DevTools in Google Chrome ...)
{DSA-4395-1}
-CVE-2019-5782
- RESERVED
+ TODO: check
+CVE-2019-5782 (Incorrect optimization assumptions in V8 in Google Chrome prior to ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5781
- RESERVED
+CVE-2019-5781 (Incorrect handling of a confusable character in Omnibox in Google ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5780
- RESERVED
+CVE-2019-5780 (Insufficient restrictions on what can be done with Apple Events in ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5779
- RESERVED
+CVE-2019-5779 (Insufficient policy validation in ServiceWorker in Google Chrome prior ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5778
- RESERVED
+CVE-2019-5778 (A missing case for handling special schemes in permission request ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5777
- RESERVED
+CVE-2019-5777 (Incorrect handling of a confusable character in Omnibox in Google ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5776
- RESERVED
+CVE-2019-5776 (Incorrect handling of a confusable character in Omnibox in Google ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5775
- RESERVED
+CVE-2019-5775 (Incorrect handling of a confusable character in Omnibox in Google ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5774
- RESERVED
+CVE-2019-5774 (Omission of the .desktop filetype from the Safe Browsing checklist in ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5773
- RESERVED
+CVE-2019-5773 (Insufficient origin validation in IndexedDB in Google Chrome prior to ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5772
- RESERVED
+CVE-2019-5772 (Sharing of objects over calls into JavaScript runtime in PDFium in ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5771
- RESERVED
+CVE-2019-5771 (An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior ...)
- chromium <not-affected> (chromium package does not build swiftshader)
-CVE-2019-5770
- RESERVED
+CVE-2019-5770 (Insufficient input validation in WebGL in Google Chrome prior to ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5769
- RESERVED
+CVE-2019-5769 (Incorrect handling of invalid end character position when front ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5768
- RESERVED
+CVE-2019-5768 (DevTools API not correctly gating on extension capability in DevTools ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5767
- RESERVED
+CVE-2019-5767 (Insufficient protection of permission UI in WebAPKs in Google Chrome ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5766
- RESERVED
+CVE-2019-5766 (Incorrect handling of origin taint checking in Canvas in Google Chrome ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5765
- RESERVED
+CVE-2019-5765 (An exposed debugging endpoint in the browser in Google Chrome on ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5764
- RESERVED
+CVE-2019-5764 (Incorrect pointer management in WebRTC in Google Chrome prior to ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5763
- RESERVED
+CVE-2019-5763 (Failure to check error conditions in V8 in Google Chrome prior to ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5762
- RESERVED
+CVE-2019-5762 (Inappropriate memory management when caching in PDFium in Google ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5761
- RESERVED
+CVE-2019-5761 (Incorrect object lifecycle management in SwiftShader in Google Chrome ...)
- chromium <not-affected> (chromium package does not build swiftshader)
-CVE-2019-5760
- RESERVED
+CVE-2019-5760 (Insufficient checks of pointer validity in WebRTC in Google Chrome ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5759
- RESERVED
+CVE-2019-5759 (Incorrect lifetime handling in HTML select elements in Google Chrome ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5758
- RESERVED
+CVE-2019-5758 (Incorrect object lifecycle management in Blink in Google Chrome prior ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5757
- RESERVED
+CVE-2019-5757 (An incorrect object type assumption in SVG in Google Chrome prior to ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5756
- RESERVED
+CVE-2019-5756 (Inappropriate memory management when caching in PDFium in Google ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5755
- RESERVED
+CVE-2019-5755 (Incorrect handling of negative zero in V8 in Google Chrome prior to ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
-CVE-2019-5754
- RESERVED
+CVE-2019-5754 (Implementation error in QUIC Networking in Google Chrome prior to ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2018-20685 (In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to ...)
@@ -11507,8 +11488,7 @@ CVE-2019-3813 (Spice, versions 0.5.2 through 0.14.1, are vulnerable to an ...)
- spice 0.14.0-1.3 (bug #920762)
NOTE: https://www.openwall.com/lists/oss-security/2019/01/28/2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1665371
-CVE-2019-3812 [Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure]
- RESERVED
+CVE-2019-3812 (QEMU, through version 2.10 and through version 3.1.0, is vulnerable to ...)
- qemu <unfixed> (bug #922635)
- qemu-kvm <removed>
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b05b267840515730dbf6753495d5b7bd8b04ad1c
@@ -13936,47 +13916,47 @@ CVE-2018-20183
RESERVED
CVE-2018-20182 [Remote code execution in seamless_process_line()]
RESERVED
- {DSA-4394-1}
+ {DSA-4394-1 DLA-1683-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20181 [Remote code execution in seamless_process()]
RESERVED
- {DSA-4394-1}
+ {DSA-4394-1 DLA-1683-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20180 [Remote code execution in rdpsnddbg_process()]
RESERVED
- {DSA-4394-1}
+ {DSA-4394-1 DLA-1683-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20179 [Remote code execution in lspci_process()]
RESERVED
- {DSA-4394-1}
+ {DSA-4394-1 DLA-1683-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20178 [DoS in process_demand_active()]
RESERVED
- {DSA-4394-1}
+ {DSA-4394-1 DLA-1683-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20177 [Memory corruption in rdp_in_unistr()]
RESERVED
- {DSA-4394-1}
+ {DSA-4394-1 DLA-1683-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20176 [DoS in sec_parse_crypt_info() and in sec_recv()]
RESERVED
- {DSA-4394-1}
+ {DSA-4394-1 DLA-1683-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20175 [DoS in mcs_recv_connect_response() and in mcs_parse_domain_params()]
RESERVED
- {DSA-4394-1}
+ {DSA-4394-1 DLA-1683-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20174 [Major information leak in ui_clip_handle_data()]
RESERVED
- {DSA-4394-1}
+ {DSA-4394-1 DLA-1683-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20173 (Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via ...)
@@ -50647,43 +50627,43 @@ CVE-2018-8801 (GitLab Community and Enterprise Editions version 8.3 up to 10.x b
- gitlab 10.5.6+dfsg-1 (bug #893905)
NOTE: https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
CVE-2018-8800 (rdesktop versions up to and including v1.8.3 contain a Heap-Based ...)
- {DSA-4394-1}
+ {DSA-4394-1 DLA-1683-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8799 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds ...)
- {DSA-4394-1}
+ {DSA-4394-1 DLA-1683-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8798 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds ...)
- {DSA-4394-1}
+ {DSA-4394-1 DLA-1683-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8797 (rdesktop versions up to and including v1.8.3 contain a Heap-Based ...)
- {DSA-4394-1}
+ {DSA-4394-1 DLA-1683-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8796 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds ...)
- {DSA-4394-1}
+ {DSA-4394-1 DLA-1683-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8795 (rdesktop versions up to and including v1.8.3 contain an Integer ...)
- {DSA-4394-1}
+ {DSA-4394-1 DLA-1683-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8794 (rdesktop versions up to and including v1.8.3 contain an Integer ...)
- {DSA-4394-1}
+ {DSA-4394-1 DLA-1683-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8793 (rdesktop versions up to and including v1.8.3 contain a Heap-Based ...)
- {DSA-4394-1}
+ {DSA-4394-1 DLA-1683-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8792 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds ...)
- {DSA-4394-1}
+ {DSA-4394-1 DLA-1683-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8791 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds ...)
- {DSA-4394-1}
+ {DSA-4394-1 DLA-1683-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8790
@@ -70449,8 +70429,8 @@ CVE-2018-1998
RESERVED
CVE-2018-1997
RESERVED
-CVE-2018-1996
- RESERVED
+CVE-2018-1996 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide ...)
+ TODO: check
CVE-2018-1995
RESERVED
CVE-2018-1994
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/133cb9e9a0e2bb283550fea0bc19362649cf38c7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/133cb9e9a0e2bb283550fea0bc19362649cf38c7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190219/f073e331/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list