[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Jun 12 09:10:32 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
abf7fb61 by security tracker role at 2019-06-12T08:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2019-12795 (daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x bef ...)
+	TODO: check
+CVE-2018-20842
+	RESERVED
+CVE-2018-20841 (HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.02 ...)
+	TODO: check
+CVE-2017-18378 (In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4- ...)
+	TODO: check
+CVE-2017-18377 (An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. T ...)
+	TODO: check
+CVE-2016-10760 (On Seowon Intech routers, there is a Command Injection vulnerability i ...)
+	TODO: check
+CVE-2013-7471 (An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-8 ...)
+	TODO: check
+CVE-2010-5330 (On certain Ubiquiti devices, Command Injection exists via a GET reques ...)
+	TODO: check
+CVE-2009-5157 (On Linksys WAG54G2 1.00.10 devices, there is authenticated command inj ...)
+	TODO: check
+CVE-2009-5156 (An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Co ...)
+	TODO: check
 CVE-2019-12794 (An issue was discovered in MISP 2.4.108. Organization admins could res ...)
 	NOT-FOR-US: MISP
 CVE-2019-XXXX [faad2 issue fixed in vlc]
@@ -689,46 +709,55 @@ CVE-2019-12475
 	RESERVED
 CVE-2019-12474
 	RESERVED
+	{DSA-4460-1}
 	- mediawiki 1:1.31.2-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
 	NOTE: https://phabricator.wikimedia.org/T212118
 CVE-2019-12473
 	RESERVED
+	{DSA-4460-1}
 	- mediawiki 1:1.31.2-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
 	NOTE: https://phabricator.wikimedia.org/T204729
 CVE-2019-12472
 	RESERVED
+	{DSA-4460-1}
 	- mediawiki 1:1.31.2-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
 	NOTE: https://phabricator.wikimedia.org/T199540
 CVE-2019-12471
 	RESERVED
+	{DSA-4460-1}
 	- mediawiki 1:1.31.2-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
 	NOTE: https://phabricator.wikimedia.org/T207603
 CVE-2019-12470
 	RESERVED
+	{DSA-4460-1}
 	- mediawiki 1:1.31.2-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
 	NOTE: https://phabricator.wikimedia.org/T222038
 CVE-2019-12469
 	RESERVED
+	{DSA-4460-1}
 	- mediawiki 1:1.31.2-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
 	NOTE: https://phabricator.wikimedia.org/T222036
 CVE-2019-12468
 	RESERVED
+	{DSA-4460-1}
 	- mediawiki 1:1.31.2-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
 	NOTE: https://phabricator.wikimedia.org/T197279
 CVE-2019-12467
 	RESERVED
+	{DSA-4460-1}
 	- mediawiki 1:1.31.2-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
 	NOTE: https://phabricator.wikimedia.org/T209794
 CVE-2019-12466
 	RESERVED
+	{DSA-4460-1}
 	- mediawiki 1:1.31.2-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
 	NOTE: https://phabricator.wikimedia.org/T25227
@@ -1558,10 +1587,10 @@ CVE-2019-12155 (interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has
 	- qemu-kvm <removed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/05/22/1
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99
-CVE-2019-12154
-	RESERVED
-CVE-2019-12153
-	RESERVED
+CVE-2019-12154 (XXE in the XML parser library in RealObjects PDFreactor before 10.1.10 ...)
+	TODO: check
+CVE-2019-12153 (Lack of validation in the HTML parser in RealObjects PDFreactor before ...)
+	TODO: check
 CVE-2019-12152
 	RESERVED
 CVE-2019-12151
@@ -1577,20 +1606,20 @@ CVE-2018-20839 (systemd 242 changes the VT1 mode upon a logout, which allows att
 	NOTE: https://github.com/systemd/systemd/pull/12378
 	NOTE: The fix introduced a regression, cf. https://bugs.debian.org/929229
 	NOTE: Issue was originally fixed for unstable in 241-4 but was reverted in 241-5
-CVE-2019-12149
-	RESERVED
+CVE-2019-12149 (SQL injection vulnerability in silverstripe/restfulserver module 1.0.x ...)
+	TODO: check
 CVE-2019-12148
 	RESERVED
 CVE-2019-12147
 	RESERVED
-CVE-2019-12146
-	RESERVED
-CVE-2019-12145
-	RESERVED
-CVE-2019-12144
-	RESERVED
-CVE-2019-12143
-	RESERVED
+CVE-2019-12146 (A Directory Traversal issue was discovered in SSHServerAPI.dll in Prog ...)
+	TODO: check
+CVE-2019-12145 (A Directory Traversal issue was discovered in SSHServerAPI.dll in Prog ...)
+	TODO: check
+CVE-2019-12144 (An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FT ...)
+	TODO: check
+CVE-2019-12143 (A Directory Traversal issue was discovered in SSHServerAPI.dll in Prog ...)
+	TODO: check
 CVE-2019-12142
 	RESERVED
 CVE-2019-12141
@@ -3728,7 +3757,7 @@ CVE-2019-11269
 CVE-2019-11268
 	RESERVED
 CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other produc ...)
-	{DSA-4434-1 DLA-1797-1 DLA-1777-1}
+	{DSA-4460-1 DSA-4434-1 DLA-1797-1 DLA-1777-1}
 	- drupal7 <removed> (bug #927330)
 	- jquery 3.3.1~dfsg-2 (bug #927385)
 	[stretch] - jquery 3.1.1-2+deb9u1
@@ -23704,12 +23733,12 @@ CVE-2019-3415
 	RESERVED
 CVE-2019-3414
 	RESERVED
-CVE-2019-3413
-	RESERVED
-CVE-2019-3412
-	RESERVED
-CVE-2019-3411
-	RESERVED
+CVE-2019-3413 (All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an  ...)
+	TODO: check
+CVE-2019-3412 (All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by co ...)
+	TODO: check
+CVE-2019-3411 (All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by in ...)
+	TODO: check
 CVE-2019-3410 (All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE  ...)
 	TODO: check
 CVE-2019-3409 (All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE  ...)
@@ -34350,8 +34379,7 @@ CVE-2019-0221 (The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8
 	NOTE: https://github.com/apache/tomcat/commit/15fcd16 (9.0.19)
 	NOTE: https://github.com/apache/tomcat/commit/4fcdf70 (8.5.39)
 	NOTE: https://github.com/apache/tomcat/commit/44ec74c (7.0.93)
-CVE-2019-0220 [Apache httpd URL normalization inconsistincy]
-	RESERVED
+CVE-2019-0220 (A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When  ...)
 	{DSA-4422-1 DLA-1748-1}
 	- apache2 2.4.38-3
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0220
@@ -34404,7 +34432,7 @@ CVE-2019-0203
 CVE-2019-0202
 	RESERVED
 CVE-2019-0201 (An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alph ...)
-	{DLA-1801-1}
+	{DSA-4461-1 DLA-1801-1}
 	- zookeeper 3.4.13-2 (bug #929283)
 	NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-1392
 	NOTE: Patch (3.4 branch): https://gitbox.apache.org/repos/asf?p=zookeeper.git;a=commit;h=5ff19e3672987bdde2843a3f031e2bf0010e35f1
@@ -34418,14 +34446,12 @@ CVE-2019-0199 (The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and
 	TODO: check if other versions might be affected.
 CVE-2019-0198
 	REJECTED
-CVE-2019-0197 [mod_http2, possible crash on late upgrade]
-	RESERVED
+CVE-2019-0197 (A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When ...)
 	- apache2 2.4.38-3
 	[stretch] - apache2 <not-affected> (Vulnerable code introduced later)
 	[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0197
-CVE-2019-0196 [mod_http2, read-after-free on a string compare]
-	RESERVED
+CVE-2019-0196 (A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Usin ...)
 	{DSA-4422-1}
 	- apache2 2.4.38-3
 	[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
@@ -242529,7 +242555,7 @@ CVE-2012-5788 (The PayPal IPN utility does not verify that the server hostname m
 	NOT-FOR-US: The PayPal IPN utility
 CVE-2012-5787 (The PayPal merchant SDK does not verify that the server hostname match ...)
 	NOT-FOR-US: The PayPal merchant SDK
-CVE-2012-5786 (The wsdl_first_https sample code in distribution/src/main/release/samp ...)
+CVE-2012-5786 (** DISPUTED ** The wsdl_first_https sample code in distribution/src/ma ...)
 	NOT-FOR-US: Apache CXF
 CVE-2012-5785 (Apache Axis2/Java 1.6.2 and earlier does not verify that the server ho ...)
 	NOT-FOR-US: Axis2/Java



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/abf7fb61b1a17331acb7bb0dd916813cd2fbb8ae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/abf7fb61b1a17331acb7bb0dd916813cd2fbb8ae
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190612/326bb1e4/attachment.html>

More information about the debian-security-tracker-commits mailing list