[Git][security-tracker-team/security-tracker][master] automatic update

Mon Jan 28 20:10:32 GMT 2019

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aee3a5d4 by security tracker role at 2019-01-28T20:10:24Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2019-6989
+	RESERVED
+CVE-2019-6988 (An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers ...)
+	TODO: check
+CVE-2019-6987
+	RESERVED
+CVE-2019-6986 (SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to ...)
+	TODO: check
+CVE-2019-6985 (An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for ...)
+	TODO: check
+CVE-2019-6984 (An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for ...)
+	TODO: check
+CVE-2019-6983 (An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for ...)
+	TODO: check
+CVE-2019-6982 (An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for ...)
+	TODO: check
+CVE-2019-6981
+	RESERVED
+CVE-2019-6980
+	RESERVED
+CVE-2019-6979 (An issue was discovered in the User IP History Logs (aka ...)
+	TODO: check
+CVE-2018-20745 (Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into ...)
+	TODO: check
+CVE-2018-20744 (The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a ...)
+	TODO: check
 CVE-2019-6978 (The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the ...)
 	- libgd2 <unfixed>
 	NOTE: https://github.com/libgd/libgd/issues/492
@@ -1944,6 +1970,7 @@ CVE-2019-6135 (An issue has been found in libIEC61850 v1.3.1. Memory_malloc in .
 CVE-2019-6134
 	RESERVED
 CVE-2019-6133 (In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism ...)
+	{DLA-1644-1}
 	- policykit-1 0.105-25 (bug #918985)
 	[stretch] - policykit-1 <no-dsa> (Minor issue, kernel mitigation will land in next 4.9.x rebase)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
@@ -6845,8 +6872,7 @@ CVE-2019-3817
 	NOT-FOR-US: libcomps
 CVE-2019-3816
 	RESERVED
-CVE-2019-3815 [systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864]
-	RESERVED
+CVE-2019-3815 (A memory leak was discovered in the backport of fixes for ...)
 	- systemd <not-affected> (This only affected backports to older suites, not the version in sid)
 	[stretch] - systemd 232-25+deb9u8
 	[jessie] - systemd <not-affected> (Broken fix for CVE-2018-16864 not applied)
@@ -7325,8 +7351,8 @@ CVE-2019-3595
 	RESERVED
 CVE-2019-3594
 	RESERVED
-CVE-2019-3593
-	RESERVED
+CVE-2019-3593 (Exploitation of Privilege/Trust vulnerability in Microsoft Windows ...)
+	TODO: check
 CVE-2019-3592
 	RESERVED
 CVE-2019-3591
@@ -13829,7 +13855,7 @@ CVE-2018-19875
 CVE-2018-19874
 	RESERVED
 CVE-2018-19873 (An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer ...)
-	{DLA-1627-1}
+	{DSA-4374-1 DLA-1627-1}
 	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
 	- qtbase-opensource-src 5.11.3+dfsg-2 (low)
 	- qt4-x11 <unfixed> (low)
@@ -13850,7 +13876,7 @@ CVE-2018-19871 (An issue was discovered in Qt before 5.11.3. There is QTgaFile .
 	NOTE: https://codereview.qt-project.org/#/c/237761/
 	NOTE: qt4-x11 affected in src/plugins/imageformats/tga/qtgafile.cpp
 CVE-2018-19870 (An issue was discovered in Qt before 5.11.3. A malformed GIF image ...)
-	{DLA-1627-1}
+	{DSA-4374-1 DLA-1627-1}
 	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
 	- qtbase-opensource-src 5.11.3+dfsg-2 (low)
 	- qt4-x11 <unfixed> (low)
@@ -14077,7 +14103,7 @@ CVE-2018-19789 (An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x be
 	- symfony 3.4.20+dfsg-1
 	NOTE: https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path
 CVE-2018-19788 (A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user ...)
-	{DSA-4350-1}
+	{DSA-4350-1 DLA-1644-1}
 	- policykit-1 0.105-23 (bug #915332)
 	NOTE: https://gitlab.freedesktop.org/polkit/polkit/issues/74
 	NOTE: https://gitlab.freedesktop.org/polkit/polkit/merge_requests/14
@@ -14220,16 +14246,16 @@ CVE-2018-19730
 	RESERVED
 CVE-2018-19729
 	RESERVED
-CVE-2018-19728
-	RESERVED
-CVE-2018-19727
-	RESERVED
-CVE-2018-19726
-	RESERVED
+CVE-2018-19728 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, ...)
+	TODO: check
+CVE-2018-19727 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a ...)
+	TODO: check
+CVE-2018-19726 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a ...)
+	TODO: check
 CVE-2018-19725
 	RESERVED
-CVE-2018-19724
-	RESERVED
+CVE-2018-19724 (Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored ...)
+	TODO: check
 CVE-2018-19723
 	RESERVED
 CVE-2018-19722 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, ...)
@@ -19040,8 +19066,8 @@ CVE-2018-19017 (Several use after free vulnerabilities have been identified in .
 	NOT-FOR-US: CX-Supervisor
 CVE-2018-19016
 	RESERVED
-CVE-2018-19015
-	RESERVED
+CVE-2018-19015 (An attacker could inject commands to launch programs and create, ...)
+	TODO: check
 CVE-2018-19014
 	RESERVED
 	NOT-FOR-US: Drager patient monitoring medical devices
@@ -24379,8 +24405,7 @@ CVE-2018-16891
 	RESERVED
 CVE-2018-16890
 	RESERVED
-CVE-2018-16889 [debug logging for v4 auth does not sanitize encryption keys]
-	RESERVED
+CVE-2018-16889 (Ceph does not properly sanitize encryption keys in debug logging for ...)
 	- ceph <unfixed> (low; bug #918969)
 	[stretch] - ceph <no-dsa> (Minor issue)
 	[jessie] - ceph <not-affected> (Vulnerable code not present)
@@ -28093,7 +28118,7 @@ CVE-2018-15520
 CVE-2018-15519
 	RESERVED
 CVE-2018-15518 (QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption ...)
-	{DLA-1627-1}
+	{DSA-4374-1 DLA-1627-1}
 	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
 	- qtbase-opensource-src 5.11.3+dfsg-2
 	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
@@ -40204,8 +40229,7 @@ CVE-2018-10911 (A flaw was found in the way dic_unserialize function of glusterf
 	- glusterfs 4.1.4-1 (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601657
 	NOTE: https://github.com/gluster/glusterfs/commit/cc3271ebf3aacdbbc77fdd527375af78ab12ea8d
-CVE-2018-10910 [ailure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices]
-	RESERVED
+CVE-2018-10910 (A bug in Bluez may allow for the Bluetooth Discoverable state being ...)
 	- bluez <unfixed>
 	[stretch] - bluez <ignored> (Minor issue, does not affected Gnome Bluetooth in stretch)
 	[jessie] - bluez <no-dsa> (Minor issue because in gnome-bluetooth <= 3.26 the D-Bus calls were synchronous and thus the issue in bluez will have no actual affect)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aee3a5d4ced49cef69a85cf2ba66dd96e6073ee8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aee3a5d4ced49cef69a85cf2ba66dd96e6073ee8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190128/be280e03/attachment.html>
