[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Jun 26 21:10:32 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7944d342 by security tracker role at 2019-06-26T20:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2019-12984 (A NULL pointer dereference vulnerability in the function nfc_genl_deac ...)
+	TODO: check
+CVE-2019-12983 (In the Linux kernel before 5.0.15, the function do_hidp_sock_ioctl in  ...)
+	TODO: check
+CVE-2019-12982 (Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in t ...)
+	TODO: check
+CVE-2019-12981 (Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the f ...)
+	TODO: check
+CVE-2019-12980 (In Ming (aka libming) 0.4.8, there is an integer overflow (caused by a ...)
+	TODO: check
+CVE-2019-12979 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability  ...)
+	TODO: check
+CVE-2019-12978 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability  ...)
+	TODO: check
+CVE-2019-12977 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability  ...)
+	TODO: check
+CVE-2019-12976 (ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in ...)
+	TODO: check
+CVE-2019-12975 (ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXIm ...)
+	TODO: check
+CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in coders/pa ...)
+	TODO: check
+CVE-2019-12973 (In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_c ...)
+	TODO: check
+CVE-2019-12972 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
+	TODO: check
+CVE-2019-12971
+	RESERVED
+CVE-2019-12970
+	RESERVED
+CVE-2019-12969
+	RESERVED
+CVE-2019-12968 (A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_ ...)
+	TODO: check
+CVE-2019-12967
+	RESERVED
+CVE-2019-12966 (FeHelper through 2019-06-19 allows arbitrary code execution during a J ...)
+	TODO: check
+CVE-2018-20847 (An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the functi ...)
+	TODO: check
+CVE-2018-20846 (Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi ...)
+	TODO: check
+CVE-2018-20845 (Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_nex ...)
+	TODO: check
+CVE-2018-20844
+	RESERVED
 CVE-2019-XXXX [XXE vulnerability in SOAP notification server]
 	- lemonldap-ng 2.0.0+ds-1 (bug #931117)
 	[stretch] - lemonldap-ng <no-dsa> (Minor issue, can be fixed via point release, notification server not enabled by default)
@@ -171,7 +217,7 @@ CVE-2019-12890 (RedwoodHQ 2.5.5 does not require any authentication for database
 CVE-2019-12889
 	RESERVED
 CVE-2019-12888
-	RESERVED
+	REJECTED
 CVE-2019-12887
 	RESERVED
 CVE-2019-12886
@@ -3424,8 +3470,8 @@ CVE-2019-11585
 	RESERVED
 CVE-2019-11584
 	RESERVED
-CVE-2019-11583
-	RESERVED
+CVE-2019-11583 (The issue searching component in Jira before version 8.1.0 allows remo ...)
+	TODO: check
 CVE-2019-11582 (An argument injection vulnerability in Atlassian Sourcetree for Window ...)
 	NOT-FOR-US: Atlassian Sourcetree
 CVE-2019-11581
@@ -4241,8 +4287,8 @@ CVE-2019-11274
 	RESERVED
 CVE-2019-11273
 	RESERVED
-CVE-2019-11272
-	RESERVED
+CVE-2019-11272 (Spring Security, versions 4.2.x up to 4.2.12, and older unsupported ve ...)
+	TODO: check
 CVE-2019-11271 (Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Di ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2019-11270
@@ -6978,8 +7024,7 @@ CVE-2019-10166 [virDomainManagedSaveDefineXML API exposed to readonly clients]
 CVE-2019-10165
 	RESERVED
 	NOT-FOR-US: OpenShift
-CVE-2019-10164 [postgres: Stack-based buffer overflow via setting a password]
-	RESERVED
+CVE-2019-10164 (PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are ...)
 	- postgresql-11 11.4-1
 	- postgresql-9.6 <not-affected> (Only affects 10.x and later)
 	- postgresql-9.4 <not-affected> (Only affects 10.x and later)
@@ -7039,8 +7084,7 @@ CVE-2019-10155 (The Libreswan Project has found a vulnerability in the processin
 	- freeswan <removed>
 	NOTE: https://libreswan.org/security/CVE-2019-10155/
 	NOTE: Not vulnerable: libreswan 3.29 and later, strongswan 5.0 and later, freeswan
-CVE-2019-10154
-	RESERVED
+CVE-2019-10154 (A flaw was found in Moodle before versions 3.7, 3.6.4. A web service f ...)
 	- moodle <removed>
 CVE-2019-10153 [mis-handling of non-ASCII characters in guest comment fields]
 	RESERVED
@@ -7112,10 +7156,10 @@ CVE-2019-10136
 CVE-2019-10135
 	RESERVED
 	NOTE: OpenShift Build Service client
-CVE-2019-10134
-	RESERVED
-CVE-2019-10133
-	RESERVED
+CVE-2019-10134 (A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. ...)
+	TODO: check
+CVE-2019-10133 (A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. ...)
+	TODO: check
 CVE-2019-10132 (A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admi ...)
 	- libvirt 5.0.0-3 (bug #929334)
 	[stretch] - libvirt <not-affected> (Vulnerable code introduced in 4.1.0-rc1)
@@ -10772,8 +10816,8 @@ CVE-2019-9041 (An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_t
 	NOT-FOR-US: ZZZCMS
 CVE-2019-9040 (S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via th ...)
 	NOT-FOR-US: S-CMS
-CVE-2019-9039
-	RESERVED
+CVE-2019-9039 (The Couchbase Sync Gateway 2.1.2 in combination with a Couchbase Serve ...)
+	TODO: check
 CVE-2019-9038 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
 	- libmatio 1.5.13-2 (low; bug #924185)
 	[stretch] - libmatio <no-dsa> (Minor issue)
@@ -17958,20 +18002,20 @@ CVE-2019-6171
 	RESERVED
 CVE-2019-6170
 	RESERVED
-CVE-2019-6169
-	RESERVED
-CVE-2019-6168
-	RESERVED
-CVE-2019-6167
-	RESERVED
-CVE-2019-6166
-	RESERVED
+CVE-2019-6169 (A vulnerability reported in Lenovo Service Bridge before version 4.1.0 ...)
+	TODO: check
+CVE-2019-6168 (A vulnerability reported in Lenovo Service Bridge before version 4.1.0 ...)
+	TODO: check
+CVE-2019-6167 (A vulnerability reported in Lenovo Service Bridge before version 4.1.0 ...)
+	TODO: check
+CVE-2019-6166 (A vulnerability reported in Lenovo Service Bridge before version 4.1.0 ...)
+	TODO: check
 CVE-2019-6165
 	RESERVED
 CVE-2019-6164
 	RESERVED
-CVE-2019-6163
-	RESERVED
+CVE-2019-6163 (A denial of service vulnerability was reported in Lenovo System Update ...)
+	TODO: check
 CVE-2019-6162
 	RESERVED
 CVE-2019-6161
@@ -22252,8 +22296,8 @@ CVE-2019-4243
 	RESERVED
 CVE-2019-4242
 	RESERVED
-CVE-2019-4241
-	RESERVED
+CVE-2019-4241 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an auth ...)
+	TODO: check
 CVE-2019-4240
 	RESERVED
 CVE-2019-4239 (IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stor ...)
@@ -22264,10 +22308,10 @@ CVE-2019-4237
 	RESERVED
 CVE-2019-4236
 	RESERVED
-CVE-2019-4235
-	RESERVED
-CVE-2019-4234
-	RESERVED
+CVE-2019-4235 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require th ...)
+	TODO: check
+CVE-2019-4234 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the imp ...)
+	TODO: check
 CVE-2019-4233
 	RESERVED
 CVE-2019-4232
@@ -22284,10 +22328,10 @@ CVE-2019-4227
 	RESERVED
 CVE-2019-4226
 	RESERVED
-CVE-2019-4225
-	RESERVED
-CVE-2019-4224
-	RESERVED
+CVE-2019-4225 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially  ...)
+	TODO: check
+CVE-2019-4224 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQ ...)
+	TODO: check
 CVE-2019-4223
 	RESERVED
 CVE-2019-4222 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could ...)
@@ -23892,8 +23936,7 @@ CVE-2019-3570
 	RESERVED
 	- hhvm <removed>
 	NOTE: https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html
-CVE-2019-3569
-	RESERVED
+CVE-2019-3569 (HHVM, when used with FastCGI, would bind by default to all available i ...)
 	- hhvm <removed>
 	NOTE: https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html
 CVE-2019-3568 (A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7944d3426eea7fbb08cb232a637b3c318c655cab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7944d3426eea7fbb08cb232a637b3c318c655cab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190626/85e0564f/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list