[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 31 08:10:41 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
74ee81e3 by security tracker role at 2019-01-31T08:10:32Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2019-7248
+ RESERVED
+CVE-2019-7247
+ RESERVED
+CVE-2019-7246
+ RESERVED
+CVE-2019-7245
+ RESERVED
+CVE-2019-7244
+ RESERVED
+CVE-2019-7243
+ RESERVED
+CVE-2019-7242
+ RESERVED
+CVE-2019-7241
+ RESERVED
+CVE-2019-7240
+ RESERVED
+CVE-2019-7239
+ RESERVED
+CVE-2019-7238
+ RESERVED
+CVE-2019-7237 (An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. ...)
+ TODO: check
+CVE-2019-7236 (An issue was discovered in idreamsoft iCMS 7.0.13. ...)
+ TODO: check
+CVE-2019-7235 (An issue was discovered in idreamsoft iCMS 7.0.13. ...)
+ TODO: check
+CVE-2019-7234 (An issue was discovered in idreamsoft iCMS 7.0.13. ...)
+ TODO: check
+CVE-2019-7233 (In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer ...)
+ TODO: check
+CVE-2019-7232
+ RESERVED
+CVE-2019-7231
+ RESERVED
+CVE-2019-7230
+ RESERVED
+CVE-2019-7229
+ RESERVED
+CVE-2019-7228
+ RESERVED
+CVE-2019-7227
+ RESERVED
+CVE-2019-7226
+ RESERVED
+CVE-2019-7225
+ RESERVED
CVE-2019-7224
RESERVED
CVE-2019-7223
@@ -544,6 +592,7 @@ CVE-2018-20745 (Yii 2.x through 2.0.15.1 actively converts a wildcard CORS polic
CVE-2018-20744 (The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a ...)
NOT-FOR-US: Olivier Poitrey Go CORS handler
CVE-2019-6978 (The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the ...)
+ {DLA-1651-1}
- libgd2 <unfixed> (bug #920728)
NOTE: https://github.com/libgd/libgd/issues/492
NOTE: https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0
@@ -551,6 +600,7 @@ CVE-2019-XXXX [DoS due to changing # of allowed users in root channel]
- mumble 1.3.0~git20190125.440b173+dfsg-1 (bug #920476)
NOTE: https://github.com/mumble-voip/mumble/issues/3585
CVE-2019-6977 (gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka ...)
+ {DLA-1651-1}
- libgd2 <unfixed> (bug #920645)
- php7.3 7.3.1-1 (unimportant)
- php7.0 <removed> (unimportant)
@@ -7225,12 +7275,12 @@ CVE-2019-3915
RESERVED
CVE-2019-3914
RESERVED
-CVE-2019-3913
- RESERVED
-CVE-2019-3912
- RESERVED
-CVE-2019-3911
- RESERVED
+CVE-2019-3913 (Command manipulation in LabKey Server Community Edition before ...)
+ TODO: check
+CVE-2019-3912 (An open redirect vulnerability in LabKey Server Community Edition ...)
+ TODO: check
+CVE-2019-3911 (Reflected cross-site scripting (XSS) vulnerability in LabKey Server ...)
+ TODO: check
CVE-2019-3910 (Crestron AM-100 before firmware version 1.6.0.2 contains an ...)
NOT-FOR-US: Creston
CVE-2019-3909 (Premisys Identicard version 3.1.190 database uses default credentials. ...)
@@ -14308,10 +14358,10 @@ CVE-2019-1568
RESERVED
CVE-2019-1567
RESERVED
-CVE-2019-1566
- RESERVED
-CVE-2019-1565
- RESERVED
+CVE-2019-1566 (The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, ...)
+ TODO: check
+CVE-2019-1565 (The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, ...)
+ TODO: check
CVE-2018-19917
RESERVED
CVE-2018-19916
@@ -18796,8 +18846,7 @@ CVE-2019-0192
RESERVED
CVE-2019-0191
RESERVED
-CVE-2019-0190 [mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1]
- RESERVED
+CVE-2019-0190 (A bug exists in the way mod_ssl handled client renegotiations. A ...)
- apache2 2.4.38-1 (bug #920220)
[stretch] - apache2 <not-affected> (Only affects 2.4.37)
[jessie] - apache2 <not-affected> (Only affects 2.4.37)
@@ -24284,8 +24333,7 @@ CVE-2018-17201
RESERVED
CVE-2018-17200
RESERVED
-CVE-2018-17199 [mod_session_cookie does not respect expiry time]
- RESERVED
+CVE-2018-17199 (In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks ...)
{DLA-1647-1}
- apache2 2.4.38-1 (bug #920303)
NOTE: https://www.openwall.com/lists/oss-security/2019/01/22/3
@@ -24315,8 +24363,7 @@ CVE-2018-17191 (Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configurati
NOTE: https://www.openwall.com/lists/oss-security/2018/12/30/1
CVE-2018-17190 (In all versions of Apache Spark, its standalone resource manager ...)
NOT-FOR-US: Apache Spark
-CVE-2018-17189 [mod_http2, DoS via slow, unneeded request bodies]
- RESERVED
+CVE-2018-17189 (In Apache HTTP server versions 2.4.37 and prior, by sending request ...)
- apache2 2.4.38-1 (bug #920302)
[jessie] - apache2 <not-affected> (Vulnerable code not present)
NOTE: HTTP/2 support introduced in 2.4.17
@@ -28473,6 +28520,7 @@ CVE-2018-1000225 (Cobbler version Verified as present in Cobbler versions 2.6.11
CVE-2018-1000224 (Godot Engine version All versions prior to 2.1.5, all 3.0 versions ...)
NOT-FOR-US: Godot
CVE-2018-1000222 (Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability ...)
+ {DLA-1651-1}
- libgd2 2.2.5-4.1 (low; bug #906886)
[stretch] - libgd2 2.2.4-2+deb9u3
NOTE: https://github.com/libgd/libgd/issues/447
@@ -55864,7 +55912,7 @@ CVE-2018-5712 (An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27
NOTE: Fixed in 5.6.33, 7.0.27, 7.1.13, 7.2.1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74782
CVE-2018-5711 (gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP ...)
- {DSA-4081-1 DSA-4080-1 DLA-1248-1}
+ {DSA-4081-1 DSA-4080-1 DLA-1651-1 DLA-1248-1}
- php7.1 7.1.13-1 (unimportant)
- php7.0 7.0.27-1 (unimportant)
- php5 <removed> (unimportant)
@@ -60357,8 +60405,8 @@ CVE-2018-3958 (A use-after-free vulnerability exists in the JavaScript engine of
NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3957 (A use-after-free vulnerability exists in the JavaScript engine of ...)
NOT-FOR-US: Foxit Software's Foxit PDF Reader
-CVE-2018-3956
- RESERVED
+CVE-2018-3956 (An exploitable out-of-bounds read vulnerability exists in the handling ...)
+ TODO: check
CVE-2018-3955 (An exploitable operating system command injection exists in the ...)
NOT-FOR-US: Linksys
CVE-2018-3954 (Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware ...)
@@ -75199,7 +75247,7 @@ CVE-2017-16140 (lab6.brit95 is a file server. lab6.brit95 is vulnerable to a dir
NOT-FOR-US: lab6.brit95
CVE-2017-16139 (jikes is a file server. jikes is vulnerable to a directory traversal ...)
NOT-FOR-US: jikes
-CVE-2017-16138 (The mime module is vulnerable to regular expression denial of service ...)
+CVE-2017-16138 (The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. ...)
- node-mime 2.3.1-1 (unimportant; bug #901277)
NOTE: https://github.com/broofa/node-mime/issues/167
NOTE: https://nodesecurity.io/advisories/535
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/74ee81e3fe19643260f17edc03335e9a0ce530a8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/74ee81e3fe19643260f17edc03335e9a0ce530a8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190131/9fe42006/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list