[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Jan 31 08:10:41 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
74ee81e3 by security tracker role at 2019-01-31T08:10:32Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2019-7248
+	RESERVED
+CVE-2019-7247
+	RESERVED
+CVE-2019-7246
+	RESERVED
+CVE-2019-7245
+	RESERVED
+CVE-2019-7244
+	RESERVED
+CVE-2019-7243
+	RESERVED
+CVE-2019-7242
+	RESERVED
+CVE-2019-7241
+	RESERVED
+CVE-2019-7240
+	RESERVED
+CVE-2019-7239
+	RESERVED
+CVE-2019-7238
+	RESERVED
+CVE-2019-7237 (An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. ...)
+	TODO: check
+CVE-2019-7236 (An issue was discovered in idreamsoft iCMS 7.0.13. ...)
+	TODO: check
+CVE-2019-7235 (An issue was discovered in idreamsoft iCMS 7.0.13. ...)
+	TODO: check
+CVE-2019-7234 (An issue was discovered in idreamsoft iCMS 7.0.13. ...)
+	TODO: check
+CVE-2019-7233 (In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer ...)
+	TODO: check
+CVE-2019-7232
+	RESERVED
+CVE-2019-7231
+	RESERVED
+CVE-2019-7230
+	RESERVED
+CVE-2019-7229
+	RESERVED
+CVE-2019-7228
+	RESERVED
+CVE-2019-7227
+	RESERVED
+CVE-2019-7226
+	RESERVED
+CVE-2019-7225
+	RESERVED
 CVE-2019-7224
 	RESERVED
 CVE-2019-7223
@@ -544,6 +592,7 @@ CVE-2018-20745 (Yii 2.x through 2.0.15.1 actively converts a wildcard CORS polic
 CVE-2018-20744 (The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a ...)
 	NOT-FOR-US: Olivier Poitrey Go CORS handler
 CVE-2019-6978 (The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the ...)
+	{DLA-1651-1}
 	- libgd2 <unfixed> (bug #920728)
 	NOTE: https://github.com/libgd/libgd/issues/492
 	NOTE: https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0
@@ -551,6 +600,7 @@ CVE-2019-XXXX [DoS due to changing # of allowed users in root channel]
 	- mumble 1.3.0~git20190125.440b173+dfsg-1 (bug #920476)
 	NOTE: https://github.com/mumble-voip/mumble/issues/3585
 CVE-2019-6977 (gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka ...)
+	{DLA-1651-1}
 	- libgd2 <unfixed> (bug #920645)
 	- php7.3 7.3.1-1 (unimportant)
 	- php7.0 <removed> (unimportant)
@@ -7225,12 +7275,12 @@ CVE-2019-3915
 	RESERVED
 CVE-2019-3914
 	RESERVED
-CVE-2019-3913
-	RESERVED
-CVE-2019-3912
-	RESERVED
-CVE-2019-3911
-	RESERVED
+CVE-2019-3913 (Command manipulation in LabKey Server Community Edition before ...)
+	TODO: check
+CVE-2019-3912 (An open redirect vulnerability in LabKey Server Community Edition ...)
+	TODO: check
+CVE-2019-3911 (Reflected cross-site scripting (XSS) vulnerability in LabKey Server ...)
+	TODO: check
 CVE-2019-3910 (Crestron AM-100 before firmware version 1.6.0.2 contains an ...)
 	NOT-FOR-US: Creston
 CVE-2019-3909 (Premisys Identicard version 3.1.190 database uses default credentials. ...)
@@ -14308,10 +14358,10 @@ CVE-2019-1568
 	RESERVED
 CVE-2019-1567
 	RESERVED
-CVE-2019-1566
-	RESERVED
-CVE-2019-1565
-	RESERVED
+CVE-2019-1566 (The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, ...)
+	TODO: check
+CVE-2019-1565 (The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, ...)
+	TODO: check
 CVE-2018-19917
 	RESERVED
 CVE-2018-19916
@@ -18796,8 +18846,7 @@ CVE-2019-0192
 	RESERVED
 CVE-2019-0191
 	RESERVED
-CVE-2019-0190 [mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1]
-	RESERVED
+CVE-2019-0190 (A bug exists in the way mod_ssl handled client renegotiations. A ...)
 	- apache2 2.4.38-1 (bug #920220)
 	[stretch] - apache2 <not-affected> (Only affects 2.4.37)
 	[jessie] - apache2 <not-affected> (Only affects 2.4.37)
@@ -24284,8 +24333,7 @@ CVE-2018-17201
 	RESERVED
 CVE-2018-17200
 	RESERVED
-CVE-2018-17199 [mod_session_cookie does not respect expiry time]
-	RESERVED
+CVE-2018-17199 (In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks ...)
 	{DLA-1647-1}
 	- apache2 2.4.38-1 (bug #920303)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/01/22/3
@@ -24315,8 +24363,7 @@ CVE-2018-17191 (Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configurati
 	NOTE: https://www.openwall.com/lists/oss-security/2018/12/30/1
 CVE-2018-17190 (In all versions of Apache Spark, its standalone resource manager ...)
 	NOT-FOR-US: Apache Spark
-CVE-2018-17189 [mod_http2, DoS via slow, unneeded request bodies]
-	RESERVED
+CVE-2018-17189 (In Apache HTTP server versions 2.4.37 and prior, by sending request ...)
 	- apache2 2.4.38-1 (bug #920302)
 	[jessie] - apache2 <not-affected> (Vulnerable code not present)
 	NOTE: HTTP/2 support introduced in 2.4.17
@@ -28473,6 +28520,7 @@ CVE-2018-1000225 (Cobbler version Verified as present in Cobbler versions 2.6.11
 CVE-2018-1000224 (Godot Engine version All versions prior to 2.1.5, all 3.0 versions ...)
 	NOT-FOR-US: Godot
 CVE-2018-1000222 (Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability ...)
+	{DLA-1651-1}
 	- libgd2 2.2.5-4.1 (low; bug #906886)
 	[stretch] - libgd2 2.2.4-2+deb9u3
 	NOTE: https://github.com/libgd/libgd/issues/447
@@ -55864,7 +55912,7 @@ CVE-2018-5712 (An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27
 	NOTE: Fixed in 5.6.33, 7.0.27, 7.1.13, 7.2.1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74782
 CVE-2018-5711 (gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP ...)
-	{DSA-4081-1 DSA-4080-1 DLA-1248-1}
+	{DSA-4081-1 DSA-4080-1 DLA-1651-1 DLA-1248-1}
 	- php7.1 7.1.13-1 (unimportant)
 	- php7.0 7.0.27-1 (unimportant)
 	- php5 <removed> (unimportant)
@@ -60357,8 +60405,8 @@ CVE-2018-3958 (A use-after-free vulnerability exists in the JavaScript engine of
 	NOT-FOR-US: Foxit Software's Foxit PDF Reader
 CVE-2018-3957 (A use-after-free vulnerability exists in the JavaScript engine of ...)
 	NOT-FOR-US: Foxit Software's Foxit PDF Reader
-CVE-2018-3956
-	RESERVED
+CVE-2018-3956 (An exploitable out-of-bounds read vulnerability exists in the handling ...)
+	TODO: check
 CVE-2018-3955 (An exploitable operating system command injection exists in the ...)
 	NOT-FOR-US: Linksys
 CVE-2018-3954 (Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware ...)
@@ -75199,7 +75247,7 @@ CVE-2017-16140 (lab6.brit95 is a file server. lab6.brit95 is vulnerable to a dir
 	NOT-FOR-US: lab6.brit95
 CVE-2017-16139 (jikes is a file server. jikes is vulnerable to a directory traversal ...)
 	NOT-FOR-US: jikes
-CVE-2017-16138 (The mime module is vulnerable to regular expression denial of service ...)
+CVE-2017-16138 (The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. ...)
 	- node-mime 2.3.1-1 (unimportant; bug #901277)
 	NOTE: https://github.com/broofa/node-mime/issues/167
 	NOTE: https://nodesecurity.io/advisories/535



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/74ee81e3fe19643260f17edc03335e9a0ce530a8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/74ee81e3fe19643260f17edc03335e9a0ce530a8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190131/9fe42006/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list