[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Feb 25 20:10:37 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1339558c by security tracker role at 2019-02-25T20:10:26Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2019-9155
+	RESERVED
+CVE-2019-9154
+	RESERVED
+CVE-2019-9153
+	RESERVED
+CVE-2019-9152 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an out ...)
+	TODO: check
+CVE-2019-9151 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an out ...)
+	TODO: check
+CVE-2019-9150
+	RESERVED
+CVE-2019-9149
+	RESERVED
+CVE-2019-9148
+	RESERVED
+CVE-2019-9147
+	RESERVED
+CVE-2019-9146 (Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain a ...)
+	TODO: check
+CVE-2019-9145 (An issue was discovered in Hsycms V1.1. There is an XSS vulnerability ...)
+	TODO: check
+CVE-2019-9144 (An issue was discovered in Exiv2 0.27. There is infinite recursion at ...)
+	TODO: check
+CVE-2019-9143 (An issue was discovered in Exiv2 0.27. There is infinite recursion at ...)
+	TODO: check
+CVE-2019-9142 (An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS ...)
+	TODO: check
+CVE-2019-9141
+	RESERVED
+CVE-2019-9140
+	RESERVED
+CVE-2019-9139
+	RESERVED
+CVE-2019-9138
+	RESERVED
+CVE-2019-9137
+	RESERVED
+CVE-2019-9136
+	RESERVED
+CVE-2019-9135
+	RESERVED
+CVE-2019-9134
+	RESERVED
+CVE-2019-9133
+	RESERVED
+CVE-2019-9132
+	RESERVED
 CVE-2019-9131
 	RESERVED
 CVE-2019-9130
@@ -4066,7 +4114,8 @@ CVE-2017-18362 (ConnectWise ManagedITSync integration through 2017 for Kaseya VS
 	NOT-FOR-US: ConnectWise ManagedITSync
 CVE-2016-1000282 (Haraka version 2.8.8 and earlier comes with a plugin for processing ...)
 	NOT-FOR-US: Haraka
-CVE-2016-1000276 (Audacity version 2.1.2 is vulnerable to DLL Hijack, it tries to load ...)
+CVE-2016-1000276
+	REJECTED
 	TODO: check, probably a dupe of CVE-2017-1000010
 CVE-2016-1000271 (Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / ...)
 	NOT-FOR-US: Joomla extension
@@ -18713,8 +18762,8 @@ CVE-2019-1691 (A vulnerability in the detection engine of Cisco Firepower Threat
 	NOT-FOR-US: Cisco
 CVE-2019-1690
 	RESERVED
-CVE-2019-1689
-	RESERVED
+CVE-2019-1689 (A vulnerability in the client application for iOS of Cisco Webex Teams ...)
+	TODO: check
 CVE-2019-1688 (A vulnerability in the management web interface of Cisco Network ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1687
@@ -18725,8 +18774,8 @@ CVE-2019-1685 (A vulnerability in the Security Assertion Markup Language (SAML)
 	NOT-FOR-US: Cisco
 CVE-2019-1684 (A vulnerability in the Cisco Discovery Protocol or Link Layer ...)
 	NOT-FOR-US: Cisco
-CVE-2019-1683
-	RESERVED
+CVE-2019-1683 (A vulnerability in the certificate handling component of the Cisco ...)
+	TODO: check
 CVE-2019-1682
 	RESERVED
 CVE-2019-1681 (A vulnerability in the TFTP service of Cisco Network Convergence ...)
@@ -25565,13 +25614,13 @@ CVE-2018-18521 (Divide-by-zero vulnerabilities in the function arlib_add_symbols
 	[stretch] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23786
 	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html
-        NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2b16a9be69939822dcafe075413468daac98b327
+	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2b16a9be69939822dcafe075413468daac98b327
 CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function elf_end in ...)
 	- elfutils 0.175-1 (low; bug #911414)
 	[stretch] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23787
 	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html
-        NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=22d2d082d57a7470fadc0eae67179553f4919209
+	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=22d2d082d57a7470fadc0eae67179553f4919209
 CVE-2018-18519 (BestXsoftware Best Free Keylogger 5.2.9 allows local users to gain ...)
 	NOT-FOR-US: BestXsoftware Best Free Keylogger
 CVE-2018-18518
@@ -26202,7 +26251,7 @@ CVE-2018-18310 (An invalid memory address dereference was discovered in ...)
 	[stretch] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23752
 	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html
-        NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=20f9de9b5f704cec55df92406a50bcbcfca96acd
+	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=20f9de9b5f704cec55df92406a50bcbcfca96acd
 CVE-2018-18309 (An issue was discovered in the Binary File Descriptor (BFD) library ...)
 	[experimental] - binutils 2.31.51.20181022-1
 	- binutils <unfixed>
@@ -106269,25 +106318,25 @@ CVE-2017-7613 (elflint.c in elfutils 0.168 does not validate the number of secti
 	[wheezy] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21312
 	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/
-        NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=4314716cd498bb51639db717bd7ce6182de33322
+	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=4314716cd498bb51639db717bd7ce6182de33322
 CVE-2017-7612 (The check_sysv_hash function in elflint.c in elfutils 0.168 allows ...)
 	- elfutils 0.168-1 (bug #859991)
 	[wheezy] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21311
 	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/
-        NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=61fe61898747f63eb35a81c2261f3590a3dab8fd
+	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=61fe61898747f63eb35a81c2261f3590a3dab8fd
 CVE-2017-7611 (The check_symtab_shndx function in elflint.c in elfutils 0.168 allows ...)
 	- elfutils 0.168-1 (bug #859992)
 	[wheezy] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21310
 	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/
-        NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=9a0d9d314a6342b56e3277bd7ad7ecb6e73a7d38
+	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=9a0d9d314a6342b56e3277bd7ad7ecb6e73a7d38
 CVE-2017-7610 (The check_group function in elflint.c in elfutils 0.168 allows remote ...)
 	- elfutils 0.168-1 (bug #859993)
 	[wheezy] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21320
 	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/
-        NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=fb6709f1a41b58a9557ea45b7f53ae678c660b21
+	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=fb6709f1a41b58a9557ea45b7f53ae678c660b21
 CVE-2017-7609 (elf_compress.c in elfutils 0.168 does not validate the zlib compression ...)
 	- elfutils 0.168-1 (bug #859994)
 	[jessie] - elfutils <not-affected> (Vulnerable code not present)
@@ -106299,7 +106348,7 @@ CVE-2017-7608 (The ebl_object_note_type_name function in eblobjnotetypename.c in
 	[wheezy] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21300
 	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/
-        NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=b0b58c5e0b34e54194aa042f2310af58ee7de603
+	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=b0b58c5e0b34e54194aa042f2310af58ee7de603
 CVE-2017-7607 (The handle_gnu_hash function in readelf.c in elfutils 0.168 allows ...)
 	- elfutils 0.168-1 (bug #859996)
 	[jessie] - elfutils <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1339558c266e161c3d26516e48d016d65dd471e0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1339558c266e161c3d26516e48d016d65dd471e0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190225/2efcbb24/attachment.html>

More information about the debian-security-tracker-commits mailing list