[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 8 08:10:22 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c046cc17 by security tracker role at 2019-01-08T08:10:12Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,203 @@
+CVE-2019-5714
+ RESERVED
+CVE-2019-5713
+ RESERVED
+CVE-2019-5712
+ RESERVED
+CVE-2019-5711
+ RESERVED
+CVE-2019-5710
+ RESERVED
+CVE-2019-5709
+ RESERVED
+CVE-2019-5708
+ RESERVED
+CVE-2019-5707
+ RESERVED
+CVE-2019-5706
+ RESERVED
+CVE-2019-5705
+ RESERVED
+CVE-2019-5704
+ RESERVED
+CVE-2019-5703
+ RESERVED
+CVE-2019-5702
+ RESERVED
+CVE-2019-5701
+ RESERVED
+CVE-2019-5700
+ RESERVED
+CVE-2019-5699
+ RESERVED
+CVE-2019-5698
+ RESERVED
+CVE-2019-5697
+ RESERVED
+CVE-2019-5696
+ RESERVED
+CVE-2019-5695
+ RESERVED
+CVE-2019-5694
+ RESERVED
+CVE-2019-5693
+ RESERVED
+CVE-2019-5692
+ RESERVED
+CVE-2019-5691
+ RESERVED
+CVE-2019-5690
+ RESERVED
+CVE-2019-5689
+ RESERVED
+CVE-2019-5688
+ RESERVED
+CVE-2019-5687
+ RESERVED
+CVE-2019-5686
+ RESERVED
+CVE-2019-5685
+ RESERVED
+CVE-2019-5684
+ RESERVED
+CVE-2019-5683
+ RESERVED
+CVE-2019-5682
+ RESERVED
+CVE-2019-5681
+ RESERVED
+CVE-2019-5680
+ RESERVED
+CVE-2019-5679
+ RESERVED
+CVE-2019-5678
+ RESERVED
+CVE-2019-5677
+ RESERVED
+CVE-2019-5676
+ RESERVED
+CVE-2019-5675
+ RESERVED
+CVE-2019-5674
+ RESERVED
+CVE-2019-5673
+ RESERVED
+CVE-2019-5672
+ RESERVED
+CVE-2019-5671
+ RESERVED
+CVE-2019-5670
+ RESERVED
+CVE-2019-5669
+ RESERVED
+CVE-2019-5668
+ RESERVED
+CVE-2019-5667
+ RESERVED
+CVE-2019-5666
+ RESERVED
+CVE-2019-5665
+ RESERVED
+CVE-2019-5664
+ RESERVED
+CVE-2019-5663
+ RESERVED
+CVE-2019-5662
+ RESERVED
+CVE-2019-5661
+ RESERVED
+CVE-2019-5660
+ RESERVED
+CVE-2019-5659
+ RESERVED
+CVE-2019-5658
+ RESERVED
+CVE-2019-5657
+ RESERVED
+CVE-2019-5656
+ RESERVED
+CVE-2019-5655
+ RESERVED
+CVE-2019-5654
+ RESERVED
+CVE-2019-5653
+ RESERVED
+CVE-2019-5652
+ RESERVED
+CVE-2019-5651
+ RESERVED
+CVE-2019-5650
+ RESERVED
+CVE-2019-5649
+ RESERVED
+CVE-2019-5648
+ RESERVED
+CVE-2019-5647
+ RESERVED
+CVE-2019-5646
+ RESERVED
+CVE-2019-5645
+ RESERVED
+CVE-2019-5644
+ RESERVED
+CVE-2019-5643
+ RESERVED
+CVE-2019-5642
+ RESERVED
+CVE-2019-5641
+ RESERVED
+CVE-2019-5640
+ RESERVED
+CVE-2019-5639
+ RESERVED
+CVE-2019-5638
+ RESERVED
+CVE-2019-5637
+ RESERVED
+CVE-2019-5636
+ RESERVED
+CVE-2019-5635
+ RESERVED
+CVE-2019-5634
+ RESERVED
+CVE-2019-5633
+ RESERVED
+CVE-2019-5632
+ RESERVED
+CVE-2019-5631
+ RESERVED
+CVE-2019-5630
+ RESERVED
+CVE-2019-5629
+ RESERVED
+CVE-2019-5628
+ RESERVED
+CVE-2019-5627
+ RESERVED
+CVE-2019-5626
+ RESERVED
+CVE-2019-5625
+ RESERVED
+CVE-2019-5624
+ RESERVED
+CVE-2019-5623
+ RESERVED
+CVE-2019-5622
+ RESERVED
+CVE-2019-5621
+ RESERVED
+CVE-2019-5620
+ RESERVED
+CVE-2019-5619
+ RESERVED
+CVE-2019-5618
+ RESERVED
+CVE-2019-5617
+ RESERVED
+CVE-2019-5616
+ RESERVED
+CVE-2019-5615
+ RESERVED
CVE-2019-5614
RESERVED
CVE-2019-5613
@@ -5919,6 +6119,7 @@ CVE-2018-20189 (In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/di
CVE-2018-20188 (FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator ...)
NOT-FOR-US: FUEL CMS
CVE-2018-20187 [Timing side channel during ECC key generation could leak information...]
+ RESERVED
- botan <unfixed>
- botan1.10 <not-affected> (Vulnerable code introduced in 1.10.20)
NOTE: https://github.com/randombit/botan/pull/1792
@@ -5943,30 +6144,39 @@ CVE-2018-20184 (In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-base
CVE-2018-20183
RESERVED
CVE-2018-20182 [Remote code execution in seamless_process_line()]
+ RESERVED
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20181 [Remote code execution in seamless_process()]
+ RESERVED
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20180 [Remote code execution in rdpsnddbg_process()]
+ RESERVED
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20179 [Remote code execution in lspci_process()]
+ RESERVED
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20178 [DoS in process_demand_active()]
+ RESERVED
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20177 [Memory corruption in rdp_in_unistr()]
+ RESERVED
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20176 [DoS in sec_parse_crypt_info() and in sec_recv()]
+ RESERVED
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20175 [DoS in mcs_recv_connect_response() and in mcs_parse_domain_params()]
+ RESERVED
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20174 [Major information leak in ui_clip_handle_data()]
+ RESERVED
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20173 (Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via ...)
@@ -27034,7 +27244,7 @@ CVE-2018-1999011 (FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869
[jessie] - libav <not-affected> (Vulnerable code not present)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/2b46ebdbff1d8dec7a3d8ea280a612b91a58286
CVE-2018-1999010 (FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains ...)
- {DSA-4249-1}
+ {DSA-4249-1 DLA-1630-1}
- ffmpeg 7:4.0.2-1
- libav <removed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/cced03dd667a5df6df8fd40d8de0bff477ee02e
@@ -27509,7 +27719,7 @@ CVE-2018-14395 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to
[jessie] - libav <not-affected> (only version 2 is supported)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582
CVE-2018-14394 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a ...)
- {DSA-4249-1}
+ {DSA-4249-1 DLA-1630-1}
- ffmpeg 7:4.0.2-1
- libav <removed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/3a2d21bc5f97aa0161db3ae731fc2732be6108b8
@@ -42243,33 +42453,43 @@ CVE-2018-8801 (GitLab Community and Enterprise Editions version 8.3 up to 10.x b
- gitlab 10.5.6+dfsg-1 (bug #893905)
NOTE: https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
CVE-2018-8800 [Remote code execution in ui_clip_handle_data()]
+ RESERVED
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8799 [DoS in process_secondary_order()]
+ RESERVED
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8798 [Minor information leak in rdpsnd_process_ping()]
+ RESERVED
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8797 [Remote code execution in process_plane()]
+ RESERVED
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8796 [DoS in process_bitmap_data()]
+ RESERVED
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8795 [Remote code execution in process_bitmap_data()]
+ RESERVED
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8794 [Memory corruption in process_bitmap_data()]
+ RESERVED
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8793 [Remote code execution in cssp_read_tsrequest()]
+ RESERVED
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8792 [DoS in cssp_read_tsrequest()]
+ RESERVED
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8791 [Minor information leak in rdpdr_process()]
+ RESERVED
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8790
@@ -45543,7 +45763,7 @@ CVE-2018-7559 (An issue was discovered in OPC UA .NET Standard Stack and Sample
CVE-2018-7558
RESERVED
CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...)
- {DSA-4249-1}
+ {DSA-4249-1 DLA-1630-1}
- ffmpeg 7:3.4.3-1
- libav <removed>
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96
@@ -48521,7 +48741,7 @@ CVE-2017-18124 (During secure boot, addition is performed on uint8 ptrs which le
CVE-2018-6622 (An issue was discovered that affects all producers of BIOS firmware ...)
NOT-FOR-US: Generic TPM issue
CVE-2018-6621 (The decode_frame function in libavcodec/utvideodec.c in FFmpeg through ...)
- {DSA-4249-1}
+ {DSA-4249-1 DLA-1630-1}
- ffmpeg 7:3.4.2-1 (low)
- libav <removed>
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/118e1b0b3370dd1c0da442901b486689efd1654b
@@ -65831,6 +66051,7 @@ CVE-2017-17132 (Huawei VP9660 V500R002C10 has a uncontrolled format string ...)
CVE-2017-17131 (Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 ...)
NOT-FOR-US: Huawei
CVE-2017-17130 (The ff_free_picture_tables function in libavcodec/mpegpicture.c in ...)
+ {DLA-1630-1}
- libav <removed>
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1100
CVE-2017-17129 (The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 ...)
@@ -72632,7 +72853,7 @@ CVE-2017-15674
CVE-2017-15673 (The files function in the administration section in CS-Cart 4.6.2 and ...)
NOT-FOR-US: CS-Cart
CVE-2017-15672 (The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and ...)
- {DSA-4049-1}
+ {DSA-4049-1 DLA-1630-1}
- ffmpeg 7:3.4-1
- libav <removed>
NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904
@@ -75495,7 +75716,7 @@ CVE-2017-14769
CVE-2017-14768
RESERVED
CVE-2017-14767 (The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in ...)
- {DSA-3996-1}
+ {DSA-3996-1 DLA-1630-1}
- ffmpeg 7:3.3.4-1
- libav <removed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/c42a1388a6d1bfd8001bf6a4241d8ca27e49326d
@@ -77300,12 +77521,12 @@ CVE-2017-14172 (In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage(
NOTE: https://github.com/ImageMagick/ImageMagick/issues/715
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c
CVE-2017-14171 (In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in ...)
- {DSA-3996-1}
+ {DSA-3996-1 DLA-1630-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <removed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7
CVE-2017-14170 (In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in ...)
- {DSA-3996-1}
+ {DSA-3996-1 DLA-1630-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <removed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2
@@ -77735,18 +77956,18 @@ CVE-2017-14058 (In FFmpeg 3.3.3, the read_data function in libavformat/hls.c doe
- libav <removed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a
CVE-2017-14057 (In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End ...)
- {DSA-3996-1}
+ {DSA-3996-1 DLA-1630-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <removed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/7f9ec5593e04827249e7aeb466da06a98a0d7329
NOTE: libav: The vulnerable code is in asfdec.c.
CVE-2017-14056 (In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to ...)
- {DSA-3996-1}
+ {DSA-3996-1 DLA-1630-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <removed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de
CVE-2017-14055 (In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due ...)
- {DSA-3996-1}
+ {DSA-3996-1 DLA-1630-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <removed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e
@@ -88080,12 +88301,13 @@ CVE-2017-9995 (libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly va
NOTE: https://github.com/FFmpeg/FFmpeg/commit/2171dfae8c065878a2e130390eb78cf2947a5b69
NOTE: https://github.com/FFmpeg/FFmpeg/commit/7ac5067146613997bb38442cb022d7f41321a706
CVE-2017-9994 (libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x ...)
+ {DLA-1630-1}
- ffmpeg 7:3.2.5-1
- libav <removed>
[wheezy] - libav <not-affected> (Vulnerable code not present, WebP decoder feature introduced in v10)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef
CVE-2017-9993 (FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, ...)
- {DSA-3957-1}
+ {DSA-3957-1 DLA-1630-1}
- ffmpeg 7:3.2.6-1
- libav <removed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/189ff4219644532bdfa7bab28dfedaee4d6d4021
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c046cc17f282f52132426de9049c728f4eb8b557
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c046cc17f282f52132426de9049c728f4eb8b557
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190108/4ca304c7/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list