[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jun 21 09:10:28 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d66809cb by security tracker role at 2019-06-21T08:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2019-12929
+	RESERVED
+CVE-2019-12928
+	RESERVED
+CVE-2019-12927
+	RESERVED
+CVE-2019-12926
+	RESERVED
+CVE-2019-12925
+	RESERVED
+CVE-2019-12924
+	RESERVED
+CVE-2019-12923
+	RESERVED
+CVE-2019-12922
+	RESERVED
 CVE-2019-12921
 	RESERVED
 CVE-2019-12920 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices ...)
@@ -233,7 +249,7 @@ CVE-2019-12820
 CVE-2019-12817
 	RESERVED
 CVE-2019-12816 (Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-ad ...)
-	{DSA-4463-1}
+	{DSA-4463-1 DLA-1830-1}
 	- znc 1.7.2-3
 	NOTE: Versions affected: 0.098 - 1.7.3
 	NOTE: https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311
@@ -4513,7 +4529,7 @@ CVE-2019-11093 (Unquoted service path in the installer for the Intel(R) SCS Disc
 CVE-2019-11092 (Insufficient password protection in the attestation database for Open  ...)
 	NOT-FOR-US: Open CIT
 CVE-2019-11091 (Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheab ...)
-	{DSA-4447-1 DSA-4444-1 DLA-1799-1 DLA-1789-1 DLA-1787-1}
+	{DSA-4447-1 DSA-4444-1 DLA-1789-2 DLA-1799-1 DLA-1789-1 DLA-1787-1}
 	- intel-microcode 3.20190514.1
 	- linux 4.19.37-2
 	- xen 4.11.1+92-g6c33308a8d-1 (bug #929129)
@@ -4662,21 +4678,21 @@ CVE-2019-11042
 	RESERVED
 CVE-2019-11041
 	RESERVED
-CVE-2019-11040 (When EXIF extension is parsing EXIF information from an image, e.g. vi ...)
+CVE-2019-11040 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
 	{DLA-1813-1}
 	- php7.3 7.3.6-1
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in 7.1.30, 7.2.19, 7.3.6
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77988
-CVE-2019-11039 (Function iconv_mime_decode_headers() in versions 7.1.x below 7.1.30, 7 ...)
+CVE-2019-11039 (Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.3 ...)
 	{DLA-1813-1}
 	- php7.3 7.3.6-1
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in 7.1.30, 7.2.19, 7.3.6
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78069
-CVE-2019-11038 (When using gdImageCreateFromXbm() function of gd extension in versions ...)
+CVE-2019-11038 (When using gdImageCreateFromXbm() function of PHP gd extension in PHP  ...)
 	{DLA-1817-1}
 	- libgd2 2.2.5-5.2 (low; bug #929821)
 	[stretch] - libgd2 <no-dsa> (Minor issue)
@@ -8332,7 +8348,7 @@ CVE-2019-9860 (Due to unencrypted signal communication and predictability of rol
 CVE-2019-9859
 	RESERVED
 CVE-2019-9858 (Remote code execution was discovered in Horde Groupware Webmail 5.2.22 ...)
-	{DLA-1822-1}
+	{DSA-4468-1 DLA-1822-1}
 	- php-horde-form 2.0.18-3.1 (bug #930321)
 	NOTE: https://ssd-disclosure.com/archives/3814/ssd-advisory-horde-groupware-webmail-authenticated-arbitrary-file-injection-to-rce
 	NOTE: https://github.com/horde/Form/commit/c916ba979ad1613d76a9407dd0b67968a9594c0e
@@ -23369,8 +23385,8 @@ CVE-2019-3737 (Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected
 	NOT-FOR-US: Dell EMC Avamar ADMe Web Interface
 CVE-2019-3736
 	RESERVED
-CVE-2019-3735
-	RESERVED
+CVE-2019-3735 (Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist ...)
+	TODO: check
 CVE-2019-3734
 	RESERVED
 CVE-2019-3733
@@ -29483,8 +29499,8 @@ CVE-2019-1906 (A vulnerability in the Virtual Domain system of Cisco Prime Infra
 	NOT-FOR-US: Cisco
 CVE-2019-1905 (A vulnerability in the GZIP decompression engine of Cisco AsyncOS Soft ...)
 	NOT-FOR-US: Cisco
-CVE-2019-1904
-	RESERVED
+CVE-2019-1904 (A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software  ...)
+	TODO: check
 CVE-2019-1903 (A vulnerability in Cisco Security Manager could allow an unauthenticat ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1902
@@ -43981,15 +43997,17 @@ CVE-2018-15881 (An issue was discovered in Joomla! before 3.8.12. Inadequate che
 CVE-2018-15880 (An issue was discovered in Joomla! before 3.8.12. Inadequate output fi ...)
 	NOT-FOR-US: Joomla!
 CVE-2018-15879 (The GD Graphics Library (aka libgd) through 2.2.5 has a Double Free Vu ...)
-        - libgd2 2.2.5-4.1 (low)
-        [stretch] - libgd2 2.2.4-2+deb9u3
-        NOTE: https://github.com/libgd/libgd/issues/447
-        NOTE: https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
+	{DLA-1651-1}
+	- libgd2 2.2.5-4.1 (low)
+	[stretch] - libgd2 2.2.4-2+deb9u3
+	NOTE: https://github.com/libgd/libgd/issues/447
+	NOTE: https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
 CVE-2018-15878 (The GD Graphics Library (aka libgd) through 2.2.5 has a Double Free Vu ...)
-        - libgd2 2.2.5-4.1 (low)
-        [stretch] - libgd2 2.2.4-2+deb9u3
-        NOTE: https://github.com/libgd/libgd/issues/447
-        NOTE: https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
+	{DLA-1651-1}
+	- libgd2 2.2.5-4.1 (low)
+	[stretch] - libgd2 2.2.4-2+deb9u3
+	NOTE: https://github.com/libgd/libgd/issues/447
+	NOTE: https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
 CVE-2017-18345 (The Joomanager component through 2.0.0 for Joomla! has an arbitrary fi ...)
 	NOT-FOR-US: Joomla addon
 CVE-2018-16543 (In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolutio ...)
@@ -53837,7 +53855,7 @@ CVE-2018-12132
 CVE-2018-12131 (Permissions in the driver pack installers for Intel NVMe before versio ...)
 	NOT-FOR-US: Intel
 CVE-2018-12130 (Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on  ...)
-	{DSA-4447-1 DSA-4444-1 DLA-1799-1 DLA-1789-1 DLA-1787-1}
+	{DSA-4447-1 DSA-4444-1 DLA-1789-2 DLA-1799-1 DLA-1789-1 DLA-1787-1}
 	- intel-microcode 3.20190514.1
 	- linux 4.19.37-2
 	- xen 4.11.1+92-g6c33308a8d-1 (bug #929129)
@@ -53852,7 +53870,7 @@ CVE-2018-12129
 CVE-2018-12128
 	RESERVED
 CVE-2018-12127 (Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some ...)
-	{DSA-4447-1 DSA-4444-1 DLA-1799-1 DLA-1789-1 DLA-1787-1}
+	{DSA-4447-1 DSA-4444-1 DLA-1789-2 DLA-1799-1 DLA-1789-1 DLA-1787-1}
 	- intel-microcode 3.20190514.1
 	- linux 4.19.37-2
 	- xen 4.11.1+92-g6c33308a8d-1 (bug #929129)
@@ -53863,7 +53881,7 @@ CVE-2018-12127 (Microarchitectural Load Port Data Sampling (MLPDS): Load ports o
 	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
 	NOTE: qemu and libvirt need updates to passthrough md-clear, see #929067 for qemu and #929154 for libvirt
 CVE-2018-12126 (Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers o ...)
-	{DSA-4447-1 DSA-4444-1 DLA-1799-1 DLA-1789-1 DLA-1787-1}
+	{DSA-4447-1 DSA-4444-1 DLA-1789-2 DLA-1799-1 DLA-1789-1 DLA-1787-1}
 	- intel-microcode 3.20190514.1
 	- linux 4.19.37-2
 	- xen 4.11.1+92-g6c33308a8d-1 (bug #929129)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d66809cb4c4cf43d98ceae6f9573fa9990f6d535

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d66809cb4c4cf43d98ceae6f9573fa9990f6d535
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190621/8aa6f83b/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list