[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Jul 27 21:10:32 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4c499098 by security tracker role at 2019-07-27T20:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2019-14296 (canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause ...)
+ TODO: check
+CVE-2019-14295 (An Integer overflow in the getElfSections function in p_vmlinx.cpp in ...)
+ TODO: check
+CVE-2019-14294 (An issue was discovered in Xpdf 4.01.01. There is a use-after-free in ...)
+ TODO: check
+CVE-2019-14293 (An issue was discovered in Xpdf 4.01.01. There is an out of bounds rea ...)
+ TODO: check
+CVE-2019-14292 (An issue was discovered in Xpdf 4.01.01. There is an out of bounds rea ...)
+ TODO: check
+CVE-2019-14291 (An issue was discovered in Xpdf 4.01.01. There is an out of bounds rea ...)
+ TODO: check
+CVE-2019-14290 (An issue was discovered in Xpdf 4.01.01. There is an out of bounds rea ...)
+ TODO: check
+CVE-2019-14289 (An issue was discovered in Xpdf 4.01.01. There is an integer overflow ...)
+ TODO: check
+CVE-2019-14288 (An issue was discovered in Xpdf 4.01.01. There is an Integer overflow ...)
+ TODO: check
+CVE-2019-14287
+ RESERVED
+CVE-2019-14286 (In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnera ...)
+ TODO: check
+CVE-2019-14285
+ RESERVED
+CVE-2015-9288
+ RESERVED
CVE-2019-1000033
REJECTED
CVE-2019-14284 (In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a deni ...)
@@ -1387,13 +1413,13 @@ CVE-2019-13640 (In qBittorrent before 4.1.7, the function Application::runExtern
CVE-2019-13639
RESERVED
CVE-2019-13638 (GNU patch through 2.7.6 is vulnerable to OS shell command injection th ...)
- {DLA-1864-1}
+ {DSA-4489-1 DLA-1864-1}
- patch 2.7.6-5
NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0
CVE-2019-13637 (In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbit ...)
NOT-FOR-US: LogMeIn join.me
CVE-2019-13636 (In GNU patch through 2.7.6, the following of symlinks is mishandled in ...)
- {DLA-1856-1}
+ {DSA-4489-1 DLA-1856-1}
- patch 2.7.6-5 (bug #932401)
NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a
CVE-2019-13635
@@ -6013,7 +6039,7 @@ CVE-2019-12224
CVE-2019-12223
RESERVED
CVE-2019-12222 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
- {DLA-1861-1}
+ {DLA-1865-1 DLA-1861-1}
- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
[buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
@@ -6023,7 +6049,7 @@ CVE-2019-12222 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4621
NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34
CVE-2019-12221 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
- {DLA-1861-1}
+ {DLA-1865-1 DLA-1861-1}
- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
[buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
@@ -6033,7 +6059,7 @@ CVE-2019-12221 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4628
NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34
CVE-2019-12220 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
- {DLA-1861-1}
+ {DLA-1865-1 DLA-1861-1}
- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
[buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
@@ -6043,7 +6069,7 @@ CVE-2019-12220 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4627
NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34
CVE-2019-12219 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
- {DLA-1861-1}
+ {DLA-1865-1 DLA-1861-1}
- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
[buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
@@ -6053,7 +6079,7 @@ CVE-2019-12219 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4625
NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34
CVE-2019-12218 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
- {DLA-1861-1}
+ {DLA-1865-1 DLA-1861-1}
- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
[buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
@@ -6063,7 +6089,7 @@ CVE-2019-12218 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4620
NOTE: https://hg.libsdl.org/SDL_image/rev/7453e79c8cdb
CVE-2019-12217 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
- {DLA-1861-1}
+ {DLA-1865-1 DLA-1861-1}
- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
[buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
@@ -6073,7 +6099,7 @@ CVE-2019-12217 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4626
NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34
CVE-2019-12216 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
- {DLA-1861-1}
+ {DLA-1865-1 DLA-1861-1}
- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
[buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
@@ -18603,7 +18629,7 @@ CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf (SDL-2)
CVE-2019-7635 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-1861-1 DLA-1714-1 DLA-1713-1}
+ {DLA-1865-1 DLA-1861-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed> (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
@@ -25034,7 +25060,7 @@ CVE-2019-5054
CVE-2019-5053
RESERVED
CVE-2019-5052 (An exploitable integer overflow vulnerability exists when loading a PC ...)
- {DLA-1861-1}
+ {DLA-1865-1 DLA-1861-1}
- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
[buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
@@ -25044,7 +25070,7 @@ CVE-2019-5052 (An exploitable integer overflow vulnerability exists when loading
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0821
NOTE: https://hg.libsdl.org/SDL_image/rev/b920be2b3fc6
CVE-2019-5051 (An exploitable heap-based buffer overflow vulnerability exists when lo ...)
- {DLA-1861-1}
+ {DLA-1865-1 DLA-1861-1}
- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
[buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
@@ -81414,7 +81440,7 @@ CVE-2018-3979 (A remote denial-of-service vulnerability exists in the way the No
CVE-2018-3978 (An exploitable out-of-bounds write vulnerability exists in the Word Do ...)
NOT-FOR-US: Atlantis Word Processor
CVE-2018-3977 (An exploitable code execution vulnerability exists in the XCF image re ...)
- {DLA-1861-1}
+ {DLA-1865-1 DLA-1861-1}
- libsdl2-image 2.0.3+dfsg1-3 (bug #912617)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
- sdl-image1.2 1.2.12-10 (bug #912618)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c49909814fdc7812e0c5251ee9b452c8a377f57
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c49909814fdc7812e0c5251ee9b452c8a377f57
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190727/01862b51/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list