[Git][security-tracker-team/security-tracker][master] automatic update

Wed Feb 27 08:11:10 GMT 2019

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7c906253 by security tracker role at 2019-02-27T08:10:55Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2019-9209
+	RESERVED
+CVE-2019-9208
+	RESERVED
+CVE-2019-9207
+	RESERVED
+CVE-2019-9206
+	RESERVED
+CVE-2019-9205
+	RESERVED
+CVE-2019-9204
+	RESERVED
+CVE-2019-9203
+	RESERVED
+CVE-2019-9202
+	RESERVED
+CVE-2019-9201 (Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ...)
+	TODO: check
+CVE-2019-9200 (A heap-based buffer underwrite exists in ImageStream::getLine() located ...)
+	TODO: check
+CVE-2019-9199 (PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in ...)
+	TODO: check
+CVE-2019-9198
+	RESERVED
+CVE-2019-9197
+	RESERVED
+CVE-2019-9196
+	RESERVED
 CVE-2019-9195 (util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files in an ...)
 	NOT-FOR-US: Grin
 CVE-2019-9194 (elFinder before 2.1.48 has a command injection vulnerability in the PHP ...)
@@ -5066,8 +5094,8 @@ CVE-2019-7008
 	RESERVED
 CVE-2019-7007
 	RESERVED
-CVE-2019-7006
-	RESERVED
+CVE-2019-7006 (Avaya one-X Communicator uses weak cryptographic algorithms in the ...)
+	TODO: check
 CVE-2019-7005
 	RESERVED
 CVE-2019-7004
@@ -17024,6 +17052,7 @@ CVE-2018-20098 (There is a heap-based buffer over-read in ...)
 	NOTE: https://github.com/Exiv2/exiv2/commit/eff0f52d0466d81beabf304e2500f3039fd90252
 	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206
 CVE-2018-20097 (There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups ...)
+	{DLA-1691-1}
 	- exiv2 <unfixed> (low)
 	[stretch] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/issues/590
@@ -22906,6 +22935,7 @@ CVE-2018-19537 (TP-Link Archer C5 devices through V2_160201_US allow remote comm
 CVE-2018-19536
 	RESERVED
 CVE-2018-19535 (In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in ...)
+	{DLA-1691-1}
 	- exiv2 <unfixed> (bug #915135)
 	[stretch] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/issues/428
@@ -24338,6 +24368,7 @@ CVE-2018-19110 (The skin-management feature in tianti 2.3 allows remote authenti
 CVE-2018-19109 (tianti 2.3 allows remote authenticated users to bypass intended ...)
 	NOT-FOR-US: tianti
 CVE-2018-19108 (In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD ...)
+	{DLA-1691-1}
 	- exiv2 <unfixed> (bug #913272)
 	[stretch] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/issues/426
@@ -24345,6 +24376,7 @@ CVE-2018-19108 (In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in
 	NOTE: https://github.com/Exiv2/exiv2/commit/68966932510213b5656fcf433ab6d7e26f48e23b
 	NOTE: https://github.com/Exiv2/exiv2/commit/b7c71f3ad0386cd7af3b73443c0615ada073f0d5
 CVE-2018-19107 (In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from ...)
+	{DLA-1691-1}
 	- exiv2 <unfixed> (bug #913273)
 	[stretch] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/issues/427
@@ -28300,6 +28332,7 @@ CVE-2018-17582 (Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. T
 	NOTE: https://github.com/appneta/tcpreplay/issues/484
 	NOTE: https://github.com/appneta/tcpreplay/commit/68f67b1a3a4d319543692afb5bd5b191ec984287
 CVE-2018-17581 (CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has ...)
+	{DLA-1691-1}
 	- exiv2 <unfixed> (low; bug #910060)
 	[stretch] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/issues/460



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c906253127e61317265b44aae7c9972c7e863a4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c906253127e61317265b44aae7c9972c7e863a4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190227/f09d3887/attachment-0001.html>
