[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jun 19 09:10:38 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
58afb1e4 by security tracker role at 2019-06-19T08:10:28Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2019-12881 (i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c ...)
+ TODO: check
+CVE-2019-12880
+ RESERVED
+CVE-2019-12879
+ RESERVED
+CVE-2019-12878
+ RESERVED
+CVE-2019-12877
+ RESERVED
+CVE-2019-12876
+ RESERVED
CVE-2019-12875 (Alpine Linux abuild through 3.4.0 allows an unprivileged member of the ...)
TODO: check
CVE-2019-12874 (An issue was discovered in zlib_decompress_extra in modules/demux/mkv/ ...)
@@ -358,6 +370,7 @@ CVE-2019-12734
CVE-2019-12733
RESERVED
CVE-2019-12735 (getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote ...)
+ {DSA-4467-1}
- vim 2:8.1.0875-4 (bug #930020)
- neovim <unfixed> (bug #930024)
NOTE: https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
@@ -655,8 +668,8 @@ CVE-2019-12594
RESERVED
CVE-2019-12593 (IceWarp Mail Server through 10.4.4 is prone to a local file inclusion ...)
NOT-FOR-US: IceWarp Mail Server
-CVE-2019-12592
- RESERVED
+CVE-2019-12592 (A universal Cross-site scripting (UXSS) vulnerability in the Evernote ...)
+ TODO: check
CVE-2019-12591 (NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote a ...)
NOT-FOR-US: NETGEAR
CVE-2019-12590
@@ -1159,7 +1172,7 @@ CVE-2019-12397
RESERVED
CVE-2019-12396
REJECTED
-CVE-2019-12395 (In Webbukkit Dynmap 3.0-beta-3, with Spigot 1.13.2, due to a missing l ...)
+CVE-2019-12395 (In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing login check ...)
NOT-FOR-US: Webbukkit Dynmap
CVE-2019-12394
RESERVED
@@ -1844,8 +1857,8 @@ CVE-2019-12135 (An unspecified vulnerability in the application server in PaperC
NOT-FOR-US: PaperCut
CVE-2019-12134 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists ...)
NOT-FOR-US: Workday
-CVE-2019-12133
- RESERVED
+CVE-2019-12133 (Multiple Zoho ManageEngine products suffer from local privilege escala ...)
+ TODO: check
CVE-2019-12132
RESERVED
CVE-2019-12131
@@ -2769,6 +2782,7 @@ CVE-2019-11708
RESERVED
CVE-2019-11707
RESERVED
+ {DSA-4466-1}
- firefox 67.0.3-1
- firefox-esr 60.7.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707
@@ -3441,16 +3455,13 @@ CVE-2019-11481
RESERVED
CVE-2019-11480
RESERVED
-CVE-2019-11479
- RESERVED
+CVE-2019-11479 (Jonathan Looney discovered that the Linux kernel default MSS is hard-c ...)
{DSA-4465-1 DLA-1824-1 DLA-1823-1}
- linux 4.19.37-4
-CVE-2019-11478
- RESERVED
+CVE-2019-11478 (Jonathan Looney discovered that the TCP retransmission queue implement ...)
{DSA-4465-1 DLA-1824-1 DLA-1823-1}
- linux 4.19.37-4
-CVE-2019-11477
- RESERVED
+CVE-2019-11477 (Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs v ...)
{DSA-4465-1 DLA-1824-1 DLA-1823-1}
- linux 4.19.37-4
CVE-2019-11476
@@ -3654,13 +3665,13 @@ CVE-2019-11411 (An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixe
NOT-FOR-US: MuJS
CVE-2018-20818 (A buffer overflow vulnerability was discovered in the OpenPLC controll ...)
NOT-FOR-US: OpenPLC
-CVE-2019-11410 (app/backup/index.php in the Backup Module in FreePBX 4.4.3 suffers fro ...)
+CVE-2019-11410 (app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers f ...)
NOT-FOR-US: FreePBX
-CVE-2019-11409 (app/operator_panel/exec.php in the Operator Panel module in FreePBX 4. ...)
+CVE-2019-11409 (app/operator_panel/exec.php in the Operator Panel module in FusionPBX ...)
NOT-FOR-US: FreePBX
CVE-2019-11408 (XSS in app/operator_panel/index_inc.php in the Operator Panel module i ...)
NOT-FOR-US: FusionPBX
-CVE-2019-11407 (app/operator_panel/index_inc.php in the Operator Panel module in FreeP ...)
+CVE-2019-11407 (app/operator_panel/index_inc.php in the Operator Panel module in Fusio ...)
NOT-FOR-US: FusionPBX
CVE-2019-11406 (Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, o ...)
NOT-FOR-US: Subrion CMS
@@ -3990,8 +4001,8 @@ CVE-2019-11273
RESERVED
CVE-2019-11272
RESERVED
-CVE-2019-11271
- RESERVED
+CVE-2019-11271 (Cloud Foundry BOSH 267.x versions prior to v267.14.0, and BOSH 270.x v ...)
+ TODO: check
CVE-2019-11270
RESERVED
CVE-2019-11269 (Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, ...)
@@ -4544,24 +4555,21 @@ CVE-2019-11042
RESERVED
CVE-2019-11041
RESERVED
-CVE-2019-11040 [heap-buffer-overflow on php_jpg_get16]
- RESERVED
+CVE-2019-11040 (When EXIF extension is parsing EXIF information from an image, e.g. vi ...)
{DLA-1813-1}
- php7.3 7.3.6-1
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in 7.1.30, 7.2.19, 7.3.6
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77988
-CVE-2019-11039 [Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow]
- RESERVED
+CVE-2019-11039 (Function iconv_mime_decode_headers() in versions 7.1.x below 7.1.30, 7 ...)
{DLA-1813-1}
- php7.3 7.3.6-1
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in 7.1.30, 7.2.19, 7.3.6
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78069
-CVE-2019-11038 [Uninitialized read in gdImageCreateFromXbm]
- RESERVED
+CVE-2019-11038 (When using gdImageCreateFromXbm() function of gd extension in versions ...)
{DLA-1817-1}
- libgd2 2.2.5-5.2 (low; bug #929821)
[stretch] - libgd2 <no-dsa> (Minor issue)
@@ -6970,8 +6978,8 @@ CVE-2019-10087
RESERVED
CVE-2019-10086
RESERVED
-CVE-2019-10085
- RESERVED
+CVE-2019-10085 (In Apache Allura prior to 1.11.0, a vulnerability exists for stored XS ...)
+ TODO: check
CVE-2019-10084
RESERVED
CVE-2019-10083
@@ -22508,10 +22516,10 @@ CVE-2019-3956 (Dameware Remote Mini Control version 12.1.0.34 and prior contains
NOT-FOR-US: Dameware Remote Mini Control
CVE-2019-3955 (Dameware Remote Mini Control version 12.1.0.34 and prior contains a un ...)
NOT-FOR-US: Dameware Remote Mini Control
-CVE-2019-3954
- RESERVED
-CVE-2019-3953
- RESERVED
+CVE-2019-3954 (Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows ...)
+ TODO: check
+CVE-2019-3953 (Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows ...)
+ TODO: check
CVE-2019-3952
RESERVED
CVE-2019-3951
@@ -22645,8 +22653,7 @@ CVE-2019-3898
CVE-2019-3897
RESERVED
NOT-FOR-US: redhat-certification
-CVE-2019-3896
- RESERVED
+CVE-2019-3896 (A double-free can happen in idr_remove_all() in lib/idr.c in the Linux ...)
- linux 3.2.41-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1694812
CVE-2019-3895 (An access-control flaw was found in the Octavia service when the cloud ...)
@@ -115316,26 +115323,26 @@ CVE-2017-8339 (PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cau
NOT-FOR-US: Panda Free Antivirus
CVE-2017-8338 (A vulnerability in MikroTik Version 6.38.5 could allow an unauthentica ...)
NOT-FOR-US: MikroTik
-CVE-2017-8337
- RESERVED
+CVE-2017-8337 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
+ TODO: check
CVE-2017-8336 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
TODO: check
CVE-2017-8335 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
TODO: check
-CVE-2017-8334
- RESERVED
-CVE-2017-8333
- RESERVED
-CVE-2017-8332
- RESERVED
-CVE-2017-8331
- RESERVED
-CVE-2017-8330
- RESERVED
-CVE-2017-8329
- RESERVED
-CVE-2017-8328
- RESERVED
+CVE-2017-8334 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
+ TODO: check
+CVE-2017-8333 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
+ TODO: check
+CVE-2017-8332 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
+ TODO: check
+CVE-2017-8331 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
+ TODO: check
+CVE-2017-8330 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
+ TODO: check
+CVE-2017-8329 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
+ TODO: check
+CVE-2017-8328 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
+ TODO: check
CVE-2016-10351 (Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesk ...)
- telegram-desktop 1.1.19-2
NOTE: https://github.com/telegramdesktop/tdesktop/issues/2666
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/58afb1e447306fd9786de6ab0c7780b9cd5b96d6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/58afb1e447306fd9786de6ab0c7780b9cd5b96d6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190619/ba88aa39/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list