[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 31 20:10:29 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f6f35ca0 by security tracker role at 2019-01-31T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,73 @@
-CVE-2019-7283
+CVE-2019-7281
+ RESERVED
+CVE-2019-7280
+ RESERVED
+CVE-2019-7279
+ RESERVED
+CVE-2019-7278
+ RESERVED
+CVE-2019-7277
+ RESERVED
+CVE-2019-7276
+ RESERVED
+CVE-2019-7275
+ RESERVED
+CVE-2019-7274
+ RESERVED
+CVE-2019-7273
+ RESERVED
+CVE-2019-7272
+ RESERVED
+CVE-2019-7271
+ RESERVED
+CVE-2019-7270
+ RESERVED
+CVE-2019-7269
+ RESERVED
+CVE-2019-7268
+ RESERVED
+CVE-2019-7267
+ RESERVED
+CVE-2019-7266
+ RESERVED
+CVE-2019-7265
+ RESERVED
+CVE-2019-7264
+ RESERVED
+CVE-2019-7263
+ RESERVED
+CVE-2019-7262
+ RESERVED
+CVE-2019-7261
+ RESERVED
+CVE-2019-7260
+ RESERVED
+CVE-2019-7259
+ RESERVED
+CVE-2019-7258
+ RESERVED
+CVE-2019-7257
+ RESERVED
+CVE-2019-7256
+ RESERVED
+CVE-2019-7255
+ RESERVED
+CVE-2019-7254
+ RESERVED
+CVE-2019-7253
+ RESERVED
+CVE-2019-7252
+ RESERVED
+CVE-2019-7251
+ RESERVED
+CVE-2019-7250 (An issue was discovered in the Cross Reference Add-on 36 for Google ...)
+ TODO: check
+CVE-2019-7249 (In Keybase before 2.12.6 on macOS, the move RPC to the Helper was ...)
+ TODO: check
+CVE-2019-7283 (An issue was discovered in rcp in NetKit through 0.17. For an rcp ...)
- netkit-rsh 0.17-20 (bug #920486)
[stretch] - netkit-rsh <no-dsa> (Minor issue)
-CVE-2019-7282
+CVE-2019-7282 (In NetKit through 0.17, rcp.c in the rcp client allows remote rsh ...)
- netkit-rsh 0.17-20 (bug #920486)
[stretch] - netkit-rsh <no-dsa> (Minor issue)
CVE-2019-7248
@@ -68,8 +134,8 @@ CVE-2019-7218
RESERVED
CVE-2019-7217
RESERVED
-CVE-2019-7216
- RESERVED
+CVE-2019-7216 (An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi ...)
+ TODO: check
CVE-2019-7215
RESERVED
CVE-2019-7214
@@ -1015,11 +1081,12 @@ CVE-2019-6781
RESERVED
CVE-2019-6780 (The Wise Chat plugin before 2.7 for WordPress mishandles external links ...)
NOT-FOR-US: WordPress plugin wise-chat
-CVE-2017-18360 [USB: serial: io_ti: fix div-by-zero in set_termios]
+CVE-2017-18360 (In change_port_settings in drivers/usb/serial/io_ti.c in the Linux ...)
- linux 4.9.30-1
[jessie] - linux 3.16.48-1
NOTE: Fixed by: https://git.kernel.org/linus/6aeb75e6adfaed16e58780309613a578fe1ee90b
CVE-2017-18359 (PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote ...)
+ {DLA-1653-1}
- postgis 2.3.3+dfsg-1
NOTE: https://trac.osgeo.org/postgis/ticket/3704
NOTE: https://trac.osgeo.org/postgis/changeset/15444
@@ -1849,8 +1916,7 @@ CVE-2019-6439 (examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL thr
- wolfssl <unfixed> (unimportant)
NOTE: https://github.com/wolfSSL/wolfssl/issues/2032
NOTE: Issue only in example code
-CVE-2019-6438 [heap overflow on 32-bit systems in xmalloc]
- RESERVED
+CVE-2019-6438 (SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit ...)
- slurm-llnl <unfixed> (bug #920997)
NOTE: https://www.schedmd.com/news.php?id=213
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2019/000018.html
@@ -2637,16 +2703,13 @@ CVE-2019-6113
RESERVED
CVE-2019-6112
RESERVED
-CVE-2019-6111 [scp client missing received object name validation]
- RESERVED
+CVE-2019-6111 (An issue was discovered in OpenSSH 7.9. Due to the scp implementation ...)
- openssh <unfixed>
NOTE: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
-CVE-2019-6110 [scp client spoofing via stderr]
- RESERVED
+CVE-2019-6110 (In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output ...)
- openssh <unfixed>
NOTE: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
-CVE-2019-6109 [scp client spoofing via object name]
- RESERVED
+CVE-2019-6109 (An issue was discovered in OpenSSH 7.9. Due to missing character ...)
- openssh <unfixed> (bug #793412)
NOTE: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
NOTE: https://bugzilla.mindrot.org/show_bug.cgi?id=2434
@@ -7034,8 +7097,8 @@ CVE-2019-4042
RESERVED
CVE-2019-4041
RESERVED
-CVE-2019-4040
- RESERVED
+CVE-2019-4040 (IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This ...)
+ TODO: check
CVE-2019-4039
RESERVED
CVE-2019-4038
@@ -13248,6 +13311,7 @@ CVE-2018-20020 (LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d co
NOTE: https://github.com/LibVNC/libvncserver/commit/7b1ef0ffc4815cab9a96c7278394152bdc89dc4d
NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/
CVE-2018-20748 (LibVNC before 0.9.12 contains multiple heap out-of-bounds write ...)
+ {DLA-1652-1}
- libvncserver 0.9.11+dfsg-1.3 (bug #920941)
[stretch] - libvncserver <not-affected> (Incomplete fix for CVE-2018-20019 not applied)
NOTE: https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
@@ -19663,14 +19727,14 @@ CVE-2018-19044 (keepalived 2.0.8 didn't check for pathnames with symlinks when w
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
NOTE: https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306
NOTE: https://github.com/acassen/keepalived/issues/1048
-CVE-2018-19043
- RESERVED
-CVE-2018-19042
- RESERVED
-CVE-2018-19041
- RESERVED
-CVE-2018-19040
- RESERVED
+CVE-2018-19043 (The Media File Manager plugin 1.4.2 for WordPress allows arbitrary ...)
+ TODO: check
+CVE-2018-19042 (The Media File Manager plugin 1.4.2 for WordPress allows arbitrary ...)
+ TODO: check
+CVE-2018-19041 (The Media File Manager plugin 1.4.2 for WordPress allows XSS via the ...)
+ TODO: check
+CVE-2018-19040 (The Media File Manager plugin 1.4.2 for WordPress allows directory ...)
+ TODO: check
CVE-2018-19039 (Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated ...)
- grafana <removed>
NOTE: https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961
@@ -19887,10 +19951,10 @@ CVE-2018-18943 (An issue was discovered in baserCMS before 4.1.4. In the Registe
NOT-FOR-US: baserCMS
CVE-2018-18942 (In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote ...)
NOT-FOR-US: baserCMS
-CVE-2018-18941
- RESERVED
-CVE-2018-18940
- RESERVED
+CVE-2018-18941 (In Vignette Content Management version 6, it is possible to gain ...)
+ TODO: check
+CVE-2018-18940 (servlet/SnoopServlet (a servlet installed by default) in Netscape ...)
+ TODO: check
CVE-2018-18939 (An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in ...)
NOT-FOR-US: WUZHI CMS
CVE-2018-18938 (An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in ...)
@@ -22647,8 +22711,7 @@ CVE-2018-17928
NOT-FOR-US: ABB CMS-770
CVE-2018-17927 (In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and ...)
NOT-FOR-US: TPEditor
-CVE-2018-17926
- RESERVED
+CVE-2018-17926 (The product M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions ...)
NOT-FOR-US: ABB M2M ETHERNET
CVE-2018-17925 (Multiple instances of this vulnerability (Unsafe ActiveX Control ...)
NOT-FOR-US: Gigasoft
@@ -25265,7 +25328,7 @@ CVE-2018-16855 (An issue has been found in PowerDNS Recursor before version 4.1.
[stretch] - pdns-recursor <not-affected> (Only affects 4.1.x)
[jessie] - pdns-recursor <not-affected> (Only affects 4.1.x)
NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html
-CVE-2018-16854 (A flaw was found in moodle before versions 3.6, 3.5.3, 3.4.6, 3.3.9 ...)
+CVE-2018-16854 (A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15. ...)
- moodle <removed>
NOTE: https://moodle.org/mod/forum/discuss.php?d=378731
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-63183
@@ -28804,12 +28867,12 @@ CVE-2018-15518 (QXmlStream in Qt 5.x before 5.11.3 has a double-free or corrupti
- qtbase-opensource-src 5.11.3+dfsg-2
NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
NOTE: https://codereview.qt-project.org/#/c/236691/
-CVE-2018-15517
- RESERVED
-CVE-2018-15516
- RESERVED
-CVE-2018-15515
- RESERVED
+CVE-2018-15517 (The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 ...)
+ TODO: check
+CVE-2018-15516 (The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 ...)
+ TODO: check
+CVE-2018-15515 (The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 ...)
+ TODO: check
CVE-2018-15514 (HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 ...)
NOT-FOR-US: Docker for Windows
CVE-2018-15513
@@ -29643,10 +29706,12 @@ CVE-2018-15129 (ThinkSAAS through 2018-07-25 has XSS via the ...)
CVE-2018-15128
RESERVED
CVE-2018-20750 (LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability ...)
+ {DLA-1652-1}
- libvncserver 0.9.11+dfsg-1.3 (bug #920941)
[stretch] - libvncserver <not-affected> (Incomplete fix for CVE-2018-15127 not applied)
NOTE: https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec
CVE-2018-20749 (LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability ...)
+ {DLA-1652-1}
- libvncserver 0.9.11+dfsg-1.3 (bug #920941)
[stretch] - libvncserver <not-affected> (Incomplete fix for CVE-2018-15127 not applied)
NOTE: https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707
@@ -29661,6 +29726,7 @@ CVE-2018-15127 (LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de co
NOTE: https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707
NOTE: https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec
CVE-2018-15126 (LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains ...)
+ {DLA-1652-1}
- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
NOTE: https://github.com/LibVNC/libvncserver/issues/242
NOTE: Fixed by: https://github.com/LibVNC/libvncserver/commit/162d716b4c095a87aab2261857d583d68e3b3ea6 (merge of fix-#242)
@@ -38417,8 +38483,7 @@ CVE-2018-11792 (In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required
NOT-FOR-US: Apache Impala
CVE-2018-11791
RESERVED
-CVE-2018-11790
- RESERVED
+CVE-2018-11790 (When loading a document with Apache Open Office 4.1.5 and earlier with ...)
- libreoffice 1:4.0.3-1
NOTE: https://www.openwall.com/lists/oss-security/2019/01/16/2
NOTE: https://github.com/LibreOffice/core/commit/bbc94edb9a91b27910d43610db9994df10dd99e1
@@ -61308,7 +61373,7 @@ CVE-2018-3707
RESERVED
CVE-2018-3706
RESERVED
-CVE-2018-3705 (Improper directory permissions in the installer for the Intel System ...)
+CVE-2018-3705 (Improper directory permissions in the installer for the Intel(R) System Defense Utility (all versions) may allow authenticated users to potentially enable a denial of service via local access. ...)
NOT-FOR-US: Intel System Defense Utility
CVE-2018-3704 (Improper directory permissions in the installer for the Intel Parallel ...)
NOT-FOR-US: Intel Parallel Studio
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6f35ca0ebbcc0183d7ca5f30127e8daae6da432
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6f35ca0ebbcc0183d7ca5f30127e8daae6da432
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190131/1e9235e3/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list