[Git][security-tracker-team/security-tracker][master] automatic update

Tue Jul 2 09:10:25 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8714f726 by security tracker role at 2019-07-02T08:10:13Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2019-13147 (In Audio File Library (aka audiofile) 0.3.6, there exists one NULL poi ...)
+	TODO: check
+CVE-2019-13146
+	RESERVED
+CVE-2019-13145
+	RESERVED
+CVE-2019-13144
+	RESERVED
+CVE-2019-13143
+	RESERVED
+CVE-2019-13142
+	RESERVED
+CVE-2019-13141
+	RESERVED
+CVE-2019-13140
+	RESERVED
+CVE-2019-13139
+	RESERVED
+CVE-2019-13138
+	RESERVED
+CVE-2019-13137 (ImageMagick before 7.0.8-50 has a memory leak vulnerability in the fun ...)
+	TODO: check
+CVE-2019-13136 (ImageMagick before 7.0.8-50 has an integer overflow vulnerability in t ...)
+	TODO: check
+CVE-2019-13135 (ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnera ...)
+	TODO: check
+CVE-2019-13134 (ImageMagick before 7.0.8-50 has a memory leak vulnerability in the fun ...)
+	TODO: check
+CVE-2019-13133 (ImageMagick before 7.0.8-50 has a memory leak vulnerability in the fun ...)
+	TODO: check
 CVE-2019-13132
 	RESERVED
 CVE-2019-13131 (Super Micro SuperDoctor 5, when restrictions are not implemented in ag ...)
@@ -867,6 +897,7 @@ CVE-2019-12783
 CVE-2019-12782
 	RESERVED
 CVE-2019-12781 (An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1. ...)
+	{DLA-1842-1}
 	- python-django 1:1.11.22-1 (bug #931316)
 	NOTE: https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
 	NOTE: https://github.com/django/django/commit/54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 (master)
@@ -3435,7 +3466,7 @@ CVE-2019-11709
 	RESERVED
 CVE-2019-11708 [sandbox escape using Prompt:Open]
 	RESERVED
-	{DSA-4471-1 DLA-1836-1}
+	{DSA-4474-1 DSA-4471-1 DLA-1836-1}
 	- firefox 67.0.4-1
 	- firefox-esr 60.7.2esr-1
 	- thunderbird 1:60.7.2-1
@@ -5426,8 +5457,8 @@ CVE-2019-10981 (In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a
 	NOT-FOR-US: AVEVA
 CVE-2019-10980
 	RESERVED
-CVE-2019-10979
-	RESERVED
+CVE-2019-10979 (SICK MSC800 all versions prior to Version 4.0, the affected firmware v ...)
+	TODO: check
 CVE-2019-10978
 	RESERVED
 CVE-2019-10977 (In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 ser ...)
@@ -9491,10 +9522,10 @@ CVE-2019-9704 (Vixie Cron before the 3.0pl1-133 Debian package allows local user
 	- cron 3.0pl1-133 (low)
 	[stretch] - cron <no-dsa> (Minor issue, will be fixed via point update)
 	NOTE: Fixed by: https://salsa.debian.org/debian/cron/commit/f2525567
-CVE-2019-9703
-	RESERVED
-CVE-2019-9702
-	RESERVED
+CVE-2019-9703 (Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible  ...)
+	TODO: check
+CVE-2019-9702 (Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible  ...)
+	TODO: check
 CVE-2019-9701 (DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site ...)
 	NOT-FOR-US: DLP (Symantec)
 CVE-2019-9700
@@ -15656,22 +15687,22 @@ CVE-2019-7280 (Prima Systems FlexAir devices have an Insufficient Session-ID Len
 	TODO: check
 CVE-2019-7279 (Optergy Proton/Enterprise devices have Hard-coded Credentials. ...)
 	TODO: check
-CVE-2019-7278
-	RESERVED
-CVE-2019-7277
-	RESERVED
-CVE-2019-7276
-	RESERVED
-CVE-2019-7275
-	RESERVED
-CVE-2019-7274
-	RESERVED
-CVE-2019-7273
-	RESERVED
-CVE-2019-7272
-	RESERVED
-CVE-2019-7271
-	RESERVED
+CVE-2019-7278 (Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending  ...)
+	TODO: check
+CVE-2019-7277 (Optergy Proton/Enterprise devices allow Unauthenticated Internal Netwo ...)
+	TODO: check
+CVE-2019-7276 (Optergy Proton/Enterprise devices allow Remote Root Code Execution via ...)
+	TODO: check
+CVE-2019-7275 (Optergy Proton/Enterprise devices allow Open Redirect. ...)
+	TODO: check
+CVE-2019-7274 (Optergy Proton/Enterprise devices allow Authenticated File Upload with ...)
+	TODO: check
+CVE-2019-7273 (Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CS ...)
+	TODO: check
+CVE-2019-7272 (Optergy Proton/Enterprise devices allow Username Disclosure. ...)
+	TODO: check
+CVE-2019-7271 (Nortek Linear eMerge 50P/5000P devices have Default Credentials. ...)
+	TODO: check
 CVE-2019-7270
 	RESERVED
 CVE-2019-7269
@@ -17136,8 +17167,8 @@ CVE-2019-6644
 	RESERVED
 CVE-2019-6643
 	RESERVED
-CVE-2019-6642
-	RESERVED
+CVE-2019-6642 (In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, a ...)
+	TODO: check
 CVE-2019-6641
 	RESERVED
 CVE-2019-6640
@@ -20070,8 +20101,8 @@ CVE-2019-5499
 	RESERVED
 CVE-2019-5498
 	RESERVED
-CVE-2019-5497
-	RESERVED
+CVE-2019-5497 (NetApp AFF A700s Baseboard Management Controller (BMC) firmware versio ...)
+	TODO: check
 CVE-2019-5496 (Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP ...)
 	NOT-FOR-US: Oncommand Insight / Netapp
 CVE-2019-5495 (OnCommand Unified Manager for VMware vSphere, Linux and Windows prior  ...)
@@ -23209,8 +23240,8 @@ CVE-2019-3964
 	RESERVED
 CVE-2019-3963
 	RESERVED
-CVE-2019-3962
-	RESERVED
+CVE-2019-3962 (Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may a ...)
+	TODO: check
 CVE-2019-3961 (Nessus versions 8.4.0 and earlier were found to contain a reflected XS ...)
 	TODO: check
 CVE-2019-3960
@@ -31594,6 +31625,7 @@ CVE-2019-1545
 CVE-2019-1544
 	RESERVED
 CVE-2019-1543 (ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input ...)
+	{DSA-4475-1}
 	- openssl 1.1.1c-1 (low)
 	[jessie] - openssl <postponed> (Minor issue, fix along in future DLA)
 	- openssl1.0 <not-affected> (Vulnerability does not impact 1.0.2 series)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8714f7269fdd2fe4284a6d43e92b8e106333e5c5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8714f7269fdd2fe4284a6d43e92b8e106333e5c5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190702/f848c6c6/attachment.html>
