[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Jun 25 09:10:29 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d23bce47 by security tracker role at 2019-06-25T08:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2019-12958 (In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in F ...)
+	TODO: check
+CVE-2019-12957 (In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C:: ...)
+	TODO: check
+CVE-2019-12956
+	RESERVED
+CVE-2019-12955
+	RESERVED
+CVE-2019-12954
+	RESERVED
+CVE-2019-12953
+	RESERVED
+CVE-2019-12952
+	RESERVED
+CVE-2019-12951 (An issue was discovered in Mongoose before 6.15. The parse_mqtt() func ...)
+	TODO: check
+CVE-2019-12950
+	RESERVED
+CVE-2019-12949
+	RESERVED
 CVE-2019-12948
 	RESERVED
 CVE-2019-12947
@@ -105,6 +125,7 @@ CVE-2019-12902 (Pydio Cells before 1.5.0 does incomplete cleanup of a user's dat
 CVE-2019-12901 (Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing  ...)
 	NOT-FOR-US: Pydio Cells (relates to Pydio product)
 CVE-2019-12900 (BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bo ...)
+	{DLA-1833-1}
 	- bzip2 1.0.6-9.1 (bug #930886)
 	NOTE: https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
 CVE-2019-12899 (Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV star ...)
@@ -1460,8 +1481,8 @@ CVE-2019-12348
 	RESERVED
 CVE-2019-12347 (In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers  ...)
 	NOT-FOR-US: pfSense
-CVE-2019-12346
-	RESERVED
+CVE-2019-12346 (In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for Word ...)
+	TODO: check
 CVE-2019-12345 (XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress. ...)
 	NOT-FOR-US: Kiboko Hostel plugin for WordPress
 CVE-2019-12344
@@ -5776,8 +5797,8 @@ CVE-2019-10691 (The JSON encoder in Dovecot before 2.3.5.2 allows attackers to r
 	NOTE: https://www.openwall.com/lists/oss-security/2019/04/18/3
 CVE-2019-10690
 	RESERVED
-CVE-2019-10689
-	RESERVED
+CVE-2019-10689 (VVX products using UCS software version 5.9.2 and earlier with Better  ...)
+	TODO: check
 CVE-2019-10688 (VVX products with software versions including and prior to, UCS 5.9.2  ...)
 	NOT-FOR-US: VVX products using UCS
 CVE-2019-10687
@@ -7529,11 +7550,13 @@ CVE-2019-9950 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultr
 CVE-2019-9949 (Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100 ...)
 	NOT-FOR-US: Western Digital
 CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file: scheme, w ...)
+	{DLA-1834-1}
 	- python2.7 2.7.16-2
 	[stretch] - python2.7 <no-dsa> (Minor issue)
 	NOTE: https://bugs.python.org/issue35907
 	NOTE: https://github.com/python/cpython/pull/11842
 CVE-2019-9947 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 and ur ...)
+	{DLA-1835-1 DLA-1834-1}
 	- python3.7 <unfixed>
 	[buster] - python3.7 <no-dsa> (Minor issue)
 	- python3.6 <removed>
@@ -8903,6 +8926,7 @@ CVE-2019-9741 (An issue was discovered in net/http in Go 1.11.5. CRLF injection
 	NOTE: https://github.com/golang/go/commit/829c5df58694b3345cb5ea41206783c8ccf5c3ca#diff-b97af51863ce82bf2a13003b52034aa9
 	NOTE: https://github.com/golang/go/commit/f1d662f34788f4a5f087581d0951cdf4e0f6e708#diff-b97af51863ce82bf2a13003b52034aa9
 CVE-2019-9740 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 and ur ...)
+	{DLA-1835-1 DLA-1834-1}
 	- python3.7 <unfixed>
 	[buster] - python3.7 <no-dsa> (Minor issue)
 	- python3.6 <removed>
@@ -9152,6 +9176,7 @@ CVE-2019-9643
 CVE-2019-9642 (An issue was discovered in proxy.php in pydio-core in Pydio through 8. ...)
 	- extplorer <removed>
 CVE-2019-9636 (Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Impr ...)
+	{DLA-1835-1 DLA-1834-1}
 	- python3.7 3.7.3~rc1-1 (bug #924072)
 	- python3.6 <removed>
 	- python3.5 <removed>
@@ -15274,8 +15299,8 @@ CVE-2019-7233 (In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL poi
 	NOTE: Crash in CLI tool, no security impact
 CVE-2019-7232 (The ABB IDAL HTTP server is vulnerable to a buffer overflow when a lon ...)
 	NOT-FOR-US: ABB IDAL HTTP server
-CVE-2019-7231
-	RESERVED
+CVE-2019-7231 (The ABB IDAL FTP server is vulnerable to a buffer overflow when a long ...)
+	TODO: check
 CVE-2019-7230 (The ABB IDAL FTP server mishandles format strings in a username during ...)
 	NOT-FOR-US: ABB IDAL FTP server
 CVE-2019-7229 (The ABB CP635 HMI uses two different transmission methods to upgrade i ...)
@@ -20628,7 +20653,7 @@ CVE-2019-5011 (An exploitable privilege escalation vulnerability exists in the h
 	NOT-FOR-US: CleanMyMac
 CVE-2019-5010 [NULL pointer dereference using a specially crafted X509 certificate]
 	RESERVED
-	{DLA-1663-1}
+	{DLA-1834-1 DLA-1663-1}
 	- python3.7 3.7.2-2 (bug #921064)
 	- python3.6 <removed> (bug #921063)
 	- python3.5 <removed>
@@ -47200,7 +47225,7 @@ CVE-2018-14648 (A flaw was found in 389 Directory Server. A specially crafted se
 	NOTE: 1.3.8: https://pagure.io/389-ds-base/c/bdb1af66c
 	NOTE: see https://pagure.io/389-ds-base/issue/49969
 CVE-2018-14647 (Python's elementtree C accelerator failed to initialise Expat's hash s ...)
-	{DSA-4307-1 DSA-4306-1}
+	{DSA-4307-1 DSA-4306-1 DLA-1835-1 DLA-1834-1}
 	- python3.7 3.7.0-7
 	- python3.6 3.6.7~rc1-1
 	- python3.5 <removed>
@@ -160121,6 +160146,7 @@ CVE-2016-3190 (The fill_xrgb32_lerp_opaque_spans function in cairo-image-composi
 	[wheezy] - cairo <no-dsa> (Minor issue)
 	NOTE: https://cgit.freedesktop.org/cairo/patch/src/cairo-image-compositor.c?id=5c82d91a5e15d29b1489dcb413b24ee7fdf59934
 CVE-2016-3189 (Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows rem ...)
+	{DLA-1833-1}
 	- bzip2 1.0.6-8.1 (low; bug #827744)
 	[wheezy] - bzip2 <no-dsa> (Minor issue)
 CVE-2016-3188 (The _prepopulate_request_walk function in the Prepopulate module 7.x-2 ...)
@@ -188938,8 +188964,8 @@ CVE-2014-9702
 	RESERVED
 CVE-2014-9700
 	RESERVED
-CVE-2014-9699
-	RESERVED
+CVE-2014-9699 (The MakerBot Replicator 5G printer runs an Apache HTTP Server with dir ...)
+	TODO: check
 CVE-2014-9698
 	RESERVED
 CVE-2015-2313 (Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d23bce47c4b7a80f04b13c7b73719c195b1bccd0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d23bce47c4b7a80f04b13c7b73719c195b1bccd0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190625/33fc9aeb/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list