[Git][security-tracker-team/security-tracker][master] automatic update

Wed Feb 20 20:12:45 GMT 2019

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1b317d0b by security tracker role at 2019-02-20T20:10:25Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2019-8955
+	RESERVED
+CVE-2019-8954 (In Indexhibit 2.1.5, remote attackers can execute arbitrary code via ...)
+	TODO: check
+CVE-2019-8953 (The HAProxy package before 0.59_16 for pfSense has XSS via the desc ...)
+	TODO: check
+CVE-2019-8952
+	RESERVED
+CVE-2019-8951
+	RESERVED
+CVE-2019-1003028
+	RESERVED
+CVE-2019-1003027
+	RESERVED
+CVE-2019-1003026
+	RESERVED
+CVE-2019-1003025
+	RESERVED
+CVE-2019-1003024
+	RESERVED
 CVE-2019-8950 (The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices ...)
 	TODO: check
 CVE-2019-8949
@@ -1270,8 +1290,8 @@ CVE-2019-8333
 	RESERVED
 CVE-2019-8332
 	RESERVED
-CVE-2019-8331
-	RESERVED
+CVE-2019-8331 (In Bootstrap before 4.3.1, XSS is possible in the tooltip or popover ...)
+	TODO: check
 CVE-2019-8330
 	RESERVED
 CVE-2019-8329
@@ -13765,10 +13785,10 @@ CVE-2018-20243
 	RESERVED
 CVE-2018-20242 (A carefully crafted URL could trigger an XSS vulnerability on Apache ...)
 	- jspwiki <removed>
-CVE-2018-20241
-	RESERVED
-CVE-2018-20240
-	RESERVED
+CVE-2018-20241 (The Edit upload resource for a review in Atlassian Fisheye and ...)
+	TODO: check
+CVE-2018-20240 (The administrative linker functionality in Atlassian Fisheye and ...)
+	TODO: check
 CVE-2018-20239
 	RESERVED
 CVE-2018-20238 (Various rest resources in Atlassian Crowd before version 3.2.7 and ...)
@@ -16430,8 +16450,7 @@ CVE-2018-20032
 	RESERVED
 CVE-2018-20031
 	RESERVED
-CVE-2018-20030 [Input validation issue resulting in a denial of service]
-	RESERVED
+CVE-2018-20030 (An error when processing the EXIF_IFD_INTEROPERABILITY and ...)
 	- libexif 0.6.21-5.1 (bug #918730)
 	[stretch] - libexif <no-dsa> (Minor issue)
 	[jessie] - libexif <no-dsa> (Minor issue)
@@ -59675,22 +59694,19 @@ CVE-2018-5821 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5820 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5819 [DoS in parse_sinar_ia function in internal/dcraw_common.cpp]
-	RESERVED
+CVE-2018-5819 (An error within the "parse_sinar_ia()" function ...)
 	- libraw 0.19.1-1
 	[stretch] - libraw <no-dsa> (Minor issue)
 	[jessie] - libraw <ignored> (Minor issue)
 	NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
 	NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
-CVE-2018-5818 [DoS in parse_rollei function in internal/dcraw_common.cpp]
-	RESERVED
+CVE-2018-5818 (An error within the "parse_rollei()" function ...)
 	- libraw 0.19.1-1
 	[stretch] - libraw <no-dsa> (Minor issue)
 	[jessie] - libraw <ignored> (Minor issue)
 	NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
 	NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
-CVE-2018-5817 [DoS in unpacked_load_raw function in internal/dcraw_common.cpp]
-	RESERVED
+CVE-2018-5817 (A type confusion error within the "unpacked_load_raw()" function ...)
 	- libraw 0.19.1-1
 	[stretch] - libraw <no-dsa> (Minor issue)
 	[jessie] - libraw <ignored> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b317d0b424e04e2f0b12b0a197a9165eff06646

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b317d0b424e04e2f0b12b0a197a9165eff06646
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190220/98247a43/attachment.html>
