[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Jul 14 09:10:50 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7fb581e4 by security tracker role at 2019-07-14T08:10:36Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2019-13586
+	RESERVED
+CVE-2019-13585
+	RESERVED
+CVE-2019-13584
+	RESERVED
+CVE-2019-13583
+	RESERVED
+CVE-2019-13582
+	RESERVED
+CVE-2019-13581
+	RESERVED
+CVE-2019-13580
+	RESERVED
+CVE-2019-13579
+	RESERVED
+CVE-2019-13578
+	RESERVED
+CVE-2019-13577
+	RESERVED
+CVE-2018-20852 (http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py ...)
+	TODO: check
 CVE-2019-13576
 	RESERVED
 CVE-2019-13575
@@ -10281,7 +10303,7 @@ CVE-2019-9836 (Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (
 	NOT-FOR-US: AMD Secure Encrypted Virtualization (SEV)
 CVE-2019-9835 (The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set L ...)
 	NOT-FOR-US: Fujitsu Wireless Keyboard Set LX901 GK900 devices
-CVE-2019-9834 (The Netdata web application through 1.13.0 allows remote attackers to  ...)
+CVE-2019-9834 (** DISPUTED ** The Netdata web application through 1.13.0 allows remot ...)
 	- netdata <undetermined>
 CVE-2019-9833 (The Screen Stream application through 3.0.15 for Android allows remote ...)
 	NOT-FOR-US: Screen Stream application for Android
@@ -133476,6 +133498,7 @@ CVE-2016-9879 (An issue was discovered in Pivotal Spring Security before 3.2.10,
 	- libspring-security-java <itp> (bug #582181)
 	NOTE: https://pivotal.io/security/cve-2016-9879
 CVE-2016-9878 (An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2 ...)
+	{DLA-1853-1}
 	- libspring-java 4.3.5-1 (bug #849167)
 	[wheezy] - libspring-java <no-dsa> (Minor issue)
 	NOTE: https://pivotal.io/security/cve-2016-9878
@@ -182189,6 +182212,7 @@ CVE-2015-5212 (Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffi
 	- libreoffice 1:5.0.1~rc1-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2015-5212/
 CVE-2015-5211 (Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4 ...)
+	{DLA-1853-1}
 	- libspring-java 4.1.9-1
 	[wheezy] - libspring-java <no-dsa> (Minor issue)
 	NOTE: https://jira.spring.io/browse/SPR-13548
@@ -187973,6 +187997,7 @@ CVE-2015-3193 (The Montgomery squaring implementation in crypto/bn/asm/x86_64-mo
 	[squeeze] - openssl <not-affected> (Only affects 1.0.2)
 	NOTE: https://www.openssl.org/news/secadv/20151203.txt
 CVE-2015-3192 (Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not pro ...)
+	{DLA-1853-1}
 	- libspring-java 4.1.9-1 (low; bug #796137)
 	[wheezy] - libspring-java <no-dsa> (Minor issue)
 	NOTE: https://pivotal.io/security/cve-2015-3192
@@ -213123,6 +213148,7 @@ CVE-2014-3627 (The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.
 CVE-2014-3626 (The Grails Resource Plugin often has to exchange URIs for resources wi ...)
 	NOT-FOR-US: Grails Resource Plugin
 CVE-2014-3625 (Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 th ...)
+	{DLA-1853-1}
 	- libspring-java 3.2.13-1 (bug #769698)
 	[wheezy] - libspring-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601 (3.2.x)
@@ -213319,6 +213345,7 @@ CVE-2014-3580 (The mod_dav_svn Apache HTTPD server module in Apache Subversion 1
 CVE-2014-3579 (XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x  ...)
 	NOT-FOR-US: Apache ActiveMQ Apollo
 CVE-2014-3578 (Directory traversal vulnerability in Pivotal Spring Framework 3.x befo ...)
+	{DLA-1853-1}
 	- libspring-java 3.2.13-1 (low; bug #760733)
 	[wheezy] - libspring-java <no-dsa> (minor issue)
 	NOTE: https://github.com/spring-projects/spring-framework/issues/16414



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7fb581e40469917fefab28ba27c3e68b662feed8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7fb581e40469917fefab28ba27c3e68b662feed8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190714/6377353b/attachment.html>

More information about the debian-security-tracker-commits mailing list