[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Jun 19 09:10:38 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
58afb1e4 by security tracker role at 2019-06-19T08:10:28Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2019-12881 (i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c  ...)
+	TODO: check
+CVE-2019-12880
+	RESERVED
+CVE-2019-12879
+	RESERVED
+CVE-2019-12878
+	RESERVED
+CVE-2019-12877
+	RESERVED
+CVE-2019-12876
+	RESERVED
 CVE-2019-12875 (Alpine Linux abuild through 3.4.0 allows an unprivileged member of the ...)
 	TODO: check
 CVE-2019-12874 (An issue was discovered in zlib_decompress_extra in modules/demux/mkv/ ...)
@@ -358,6 +370,7 @@ CVE-2019-12734
 CVE-2019-12733
 	RESERVED
 CVE-2019-12735 (getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote ...)
+	{DSA-4467-1}
 	- vim 2:8.1.0875-4 (bug #930020)
 	- neovim <unfixed> (bug #930024)
 	NOTE: https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
@@ -655,8 +668,8 @@ CVE-2019-12594
 	RESERVED
 CVE-2019-12593 (IceWarp Mail Server through 10.4.4 is prone to a local file inclusion  ...)
 	NOT-FOR-US: IceWarp Mail Server
-CVE-2019-12592
-	RESERVED
+CVE-2019-12592 (A universal Cross-site scripting (UXSS) vulnerability in the Evernote  ...)
+	TODO: check
 CVE-2019-12591 (NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote a ...)
 	NOT-FOR-US: NETGEAR
 CVE-2019-12590
@@ -1159,7 +1172,7 @@ CVE-2019-12397
 	RESERVED
 CVE-2019-12396
 	REJECTED
-CVE-2019-12395 (In Webbukkit Dynmap 3.0-beta-3, with Spigot 1.13.2, due to a missing l ...)
+CVE-2019-12395 (In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing login check  ...)
 	NOT-FOR-US: Webbukkit Dynmap
 CVE-2019-12394
 	RESERVED
@@ -1844,8 +1857,8 @@ CVE-2019-12135 (An unspecified vulnerability in the application server in PaperC
 	NOT-FOR-US: PaperCut
 CVE-2019-12134 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists  ...)
 	NOT-FOR-US: Workday
-CVE-2019-12133
-	RESERVED
+CVE-2019-12133 (Multiple Zoho ManageEngine products suffer from local privilege escala ...)
+	TODO: check
 CVE-2019-12132
 	RESERVED
 CVE-2019-12131
@@ -2769,6 +2782,7 @@ CVE-2019-11708
 	RESERVED
 CVE-2019-11707
 	RESERVED
+	{DSA-4466-1}
 	- firefox 67.0.3-1
 	- firefox-esr 60.7.1esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707
@@ -3441,16 +3455,13 @@ CVE-2019-11481
 	RESERVED
 CVE-2019-11480
 	RESERVED
-CVE-2019-11479
-	RESERVED
+CVE-2019-11479 (Jonathan Looney discovered that the Linux kernel default MSS is hard-c ...)
 	{DSA-4465-1 DLA-1824-1 DLA-1823-1}
 	- linux 4.19.37-4
-CVE-2019-11478
-	RESERVED
+CVE-2019-11478 (Jonathan Looney discovered that the TCP retransmission queue implement ...)
 	{DSA-4465-1 DLA-1824-1 DLA-1823-1}
 	- linux 4.19.37-4
-CVE-2019-11477
-	RESERVED
+CVE-2019-11477 (Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs v ...)
 	{DSA-4465-1 DLA-1824-1 DLA-1823-1}
 	- linux 4.19.37-4
 CVE-2019-11476
@@ -3654,13 +3665,13 @@ CVE-2019-11411 (An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixe
 	NOT-FOR-US: MuJS
 CVE-2018-20818 (A buffer overflow vulnerability was discovered in the OpenPLC controll ...)
 	NOT-FOR-US: OpenPLC
-CVE-2019-11410 (app/backup/index.php in the Backup Module in FreePBX 4.4.3 suffers fro ...)
+CVE-2019-11410 (app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers f ...)
 	NOT-FOR-US: FreePBX
-CVE-2019-11409 (app/operator_panel/exec.php in the Operator Panel module in FreePBX 4. ...)
+CVE-2019-11409 (app/operator_panel/exec.php in the Operator Panel module in FusionPBX  ...)
 	NOT-FOR-US: FreePBX
 CVE-2019-11408 (XSS in app/operator_panel/index_inc.php in the Operator Panel module i ...)
 	NOT-FOR-US: FusionPBX
-CVE-2019-11407 (app/operator_panel/index_inc.php in the Operator Panel module in FreeP ...)
+CVE-2019-11407 (app/operator_panel/index_inc.php in the Operator Panel module in Fusio ...)
 	NOT-FOR-US: FusionPBX
 CVE-2019-11406 (Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, o ...)
 	NOT-FOR-US: Subrion CMS
@@ -3990,8 +4001,8 @@ CVE-2019-11273
 	RESERVED
 CVE-2019-11272
 	RESERVED
-CVE-2019-11271
-	RESERVED
+CVE-2019-11271 (Cloud Foundry BOSH 267.x versions prior to v267.14.0, and BOSH 270.x v ...)
+	TODO: check
 CVE-2019-11270
 	RESERVED
 CVE-2019-11269 (Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, ...)
@@ -4544,24 +4555,21 @@ CVE-2019-11042
 	RESERVED
 CVE-2019-11041
 	RESERVED
-CVE-2019-11040 [heap-buffer-overflow on php_jpg_get16]
-	RESERVED
+CVE-2019-11040 (When EXIF extension is parsing EXIF information from an image, e.g. vi ...)
 	{DLA-1813-1}
 	- php7.3 7.3.6-1
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in 7.1.30, 7.2.19, 7.3.6
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77988
-CVE-2019-11039 [Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow]
-	RESERVED
+CVE-2019-11039 (Function iconv_mime_decode_headers() in versions 7.1.x below 7.1.30, 7 ...)
 	{DLA-1813-1}
 	- php7.3 7.3.6-1
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in 7.1.30, 7.2.19, 7.3.6
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78069
-CVE-2019-11038 [Uninitialized read in gdImageCreateFromXbm]
-	RESERVED
+CVE-2019-11038 (When using gdImageCreateFromXbm() function of gd extension in versions ...)
 	{DLA-1817-1}
 	- libgd2 2.2.5-5.2 (low; bug #929821)
 	[stretch] - libgd2 <no-dsa> (Minor issue)
@@ -6970,8 +6978,8 @@ CVE-2019-10087
 	RESERVED
 CVE-2019-10086
 	RESERVED
-CVE-2019-10085
-	RESERVED
+CVE-2019-10085 (In Apache Allura prior to 1.11.0, a vulnerability exists for stored XS ...)
+	TODO: check
 CVE-2019-10084
 	RESERVED
 CVE-2019-10083
@@ -22508,10 +22516,10 @@ CVE-2019-3956 (Dameware Remote Mini Control version 12.1.0.34 and prior contains
 	NOT-FOR-US: Dameware Remote Mini Control
 CVE-2019-3955 (Dameware Remote Mini Control version 12.1.0.34 and prior contains a un ...)
 	NOT-FOR-US: Dameware Remote Mini Control
-CVE-2019-3954
-	RESERVED
-CVE-2019-3953
-	RESERVED
+CVE-2019-3954 (Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows  ...)
+	TODO: check
+CVE-2019-3953 (Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows  ...)
+	TODO: check
 CVE-2019-3952
 	RESERVED
 CVE-2019-3951
@@ -22645,8 +22653,7 @@ CVE-2019-3898
 CVE-2019-3897
 	RESERVED
 	NOT-FOR-US: redhat-certification
-CVE-2019-3896
-	RESERVED
+CVE-2019-3896 (A double-free can happen in idr_remove_all() in lib/idr.c in the Linux ...)
 	- linux 3.2.41-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1694812
 CVE-2019-3895 (An access-control flaw was found in the Octavia service when the cloud ...)
@@ -115316,26 +115323,26 @@ CVE-2017-8339 (PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cau
 	NOT-FOR-US: Panda Free Antivirus
 CVE-2017-8338 (A vulnerability in MikroTik Version 6.38.5 could allow an unauthentica ...)
 	NOT-FOR-US: MikroTik
-CVE-2017-8337
-	RESERVED
+CVE-2017-8337 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
+	TODO: check
 CVE-2017-8336 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
 	TODO: check
 CVE-2017-8335 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
 	TODO: check
-CVE-2017-8334
-	RESERVED
-CVE-2017-8333
-	RESERVED
-CVE-2017-8332
-	RESERVED
-CVE-2017-8331
-	RESERVED
-CVE-2017-8330
-	RESERVED
-CVE-2017-8329
-	RESERVED
-CVE-2017-8328
-	RESERVED
+CVE-2017-8334 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
+	TODO: check
+CVE-2017-8333 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
+	TODO: check
+CVE-2017-8332 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
+	TODO: check
+CVE-2017-8331 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
+	TODO: check
+CVE-2017-8330 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
+	TODO: check
+CVE-2017-8329 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
+	TODO: check
+CVE-2017-8328 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
+	TODO: check
 CVE-2016-10351 (Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesk ...)
 	- telegram-desktop 1.1.19-2
 	NOTE: https://github.com/telegramdesktop/tdesktop/issues/2666



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/58afb1e447306fd9786de6ab0c7780b9cd5b96d6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/58afb1e447306fd9786de6ab0c7780b9cd5b96d6
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190619/ba88aa39/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list