[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Jun 11 21:10:26 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a322d404 by security tracker role at 2019-06-11T20:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-12794 (An issue was discovered in MISP 2.4.108. Organization admins could res ...)
+	TODO: check
 CVE-2019-XXXX [faad2 issue fixed in vlc]
 	- faad2 2.8.8-3
 CVE-2019-XXXX [security issues fixed in 1.8.5]
@@ -63,12 +65,12 @@ CVE-2019-12768
 	RESERVED
 CVE-2019-12767
 	RESERVED
-CVE-2019-12766
-	RESERVED
-CVE-2019-12765
-	RESERVED
-CVE-2019-12764
-	RESERVED
+CVE-2019-12766 (An issue was discovered in Joomla! before 3.9.7. The subform fieldtype ...)
+	TODO: check
+CVE-2019-12765 (An issue was discovered in Joomla! before 3.9.7. The CSV export of com ...)
+	TODO: check
+CVE-2019-12764 (An issue was discovered in Joomla! before 3.9.7. The update server URL ...)
+	TODO: check
 CVE-2019-12763 (The Security Camera CZ application through 1.6.8 for Android stores po ...)
 	NOT-FOR-US: Security Camera CZ application for Android
 CVE-2019-12762 (Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anoma ...)
@@ -102,8 +104,7 @@ CVE-2019-12751
 	RESERVED
 CVE-2019-12750
 	RESERVED
-CVE-2019-12749 [DBusServer DBUS_COOKIE_SHA1 authentication bypass]
-	RESERVED
+CVE-2019-12749 (dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, ...)
 	- dbus 1.12.16-1 (bug #930375)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/06/11/2
 	NOTE: https://gitlab.freedesktop.org/dbus/dbus/issues/269
@@ -625,6 +626,7 @@ CVE-2019-12498
 	RESERVED
 CVE-2019-12497 [OSA-2019-09]
 	RESERVED
+	{DLA-1816-1}
 	- otrs2 6.0.19-1
 	[stretch] - otrs2 <no-dsa> (Non-free not supported)
 	NOTE: https://community.otrs.com/security-advisory-2019-09-security-update-for-otrs-framework/
@@ -1283,6 +1285,7 @@ CVE-2019-12249
 	RESERVED
 CVE-2019-12248 [OSA-2019-08]
 	RESERVED
+	{DLA-1816-1}
 	- otrs2 6.0.19-1
 	[stretch] - otrs2 <no-dsa> (Non-free not supported)
 	NOTE: https://community.otrs.com/security-advisory-2019-08-security-update-for-otrs-framework/
@@ -3579,8 +3582,8 @@ CVE-2019-11336 (Sony Bravia Smart TV devices allow remote attackers to retrieve
 	NOT-FOR-US: Sony Bravia Smart TV devices
 CVE-2019-11335
 	RESERVED
-CVE-2019-11334
-	RESERVED
+CVE-2019-11334 (An authentication bypass in website post requests in the Tzumi Electro ...)
+	TODO: check
 CVE-2019-11333
 	RESERVED
 CVE-2019-11332 (MKCMS 5.0 allows remote attackers to take over arbitrary user accounts ...)
@@ -4284,6 +4287,7 @@ CVE-2019-11039 [Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to in
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78069
 CVE-2019-11038 [Uninitialized read in gdImageCreateFromXbm]
 	RESERVED
+	{DLA-1817-1}
 	- libgd2 2.2.5-5.2 (low; bug #929821)
 	[stretch] - libgd2 <no-dsa> (Minor issue)
 	- php7.3 7.3.6-1 (unimportant)
@@ -6003,24 +6007,24 @@ CVE-2019-10341
 	RESERVED
 CVE-2019-10340
 	RESERVED
-CVE-2019-10339
-	RESERVED
-CVE-2019-10338
-	RESERVED
-CVE-2019-10337
-	RESERVED
-CVE-2019-10336
-	RESERVED
-CVE-2019-10335
-	RESERVED
-CVE-2019-10334
-	RESERVED
-CVE-2019-10333
-	RESERVED
-CVE-2019-10332
-	RESERVED
-CVE-2019-10331
-	RESERVED
+CVE-2019-10339 (A missing permission check in Jenkins JX Resources Plugin 1.0.36 and e ...)
+	TODO: check
+CVE-2019-10338 (A cross-site request forgery vulnerability in Jenkins JX Resources Plu ...)
+	TODO: check
+CVE-2019-10337 (An XML external entities (XXE) vulnerability in Jenkins Token Macro Pl ...)
+	TODO: check
+CVE-2019-10336 (A reflected cross site scripting vulnerability in Jenkins ElectricFlow ...)
+	TODO: check
+CVE-2019-10335 (A stored cross site scripting vulnerability in Jenkins ElectricFlow Pl ...)
+	TODO: check
+CVE-2019-10334 (Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hos ...)
+	TODO: check
+CVE-2019-10333 (Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and ear ...)
+	TODO: check
+CVE-2019-10332 (A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and ea ...)
+	TODO: check
+CVE-2019-10331 (A cross-site request forgery vulnerability in Jenkins ElectricFlow Plu ...)
+	TODO: check
 CVE-2019-10330 (Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revis ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2019-10329 (Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypte ...)
@@ -23696,10 +23700,10 @@ CVE-2019-3412
 	RESERVED
 CVE-2019-3411
 	RESERVED
-CVE-2019-3410
-	RESERVED
-CVE-2019-3409
-	RESERVED
+CVE-2019-3410 (All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE  ...)
+	TODO: check
+CVE-2019-3409 (All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE  ...)
+	TODO: check
 CVE-2018-20623 (In GNU Binutils 2.31.1, there is a use-after-free in the error functio ...)
 	- binutils <unfixed> (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24049
@@ -54288,11 +54292,9 @@ CVE-2018-11802 [Rule-base Authorization plugin skips authorization if querying n
 	NOTE: https://issues.apache.org/jira/browse/SOLR-12514
 	NOTE: Issue introduced around: https://github.com/apache/lucene-solr/commit/56e88400aefbeb7f1821cbd10a2997cde018df97 (4.2.0)
 	NOTE: Fixed by: https://github.com/apache/lucene-solr/commit/add003f217806afb4e1604f697cdb0a5a7115895 (releases/lucene-solr/6.6.6)
-CVE-2018-11801
-	RESERVED
+CVE-2018-11801 (SQL injection vulnerability in Apache Fineract before 1.3.0 allows att ...)
 	NOT-FOR-US: Apache Fineract
-CVE-2018-11800
-	RESERVED
+CVE-2018-11800 (SQL injection vulnerability in Apache Fineract before 1.3.0 allows att ...)
 	NOT-FOR-US: Apache Fineract
 CVE-2018-11799 (Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0  ...)
 	NOT-FOR-US: Apache Oozie



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a322d404813fdc271b82d0be72aaa0db50cc5139

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a322d404813fdc271b82d0be72aaa0db50cc5139
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190611/41b84b6b/attachment.html>

More information about the debian-security-tracker-commits mailing list