[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Jun 29 21:10:38 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aecb6ccf by security tracker role at 2019-06-29T20:10:28Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,48 @@
-CVE-2019-13045 [IRSSI-SA-2019-06 Irssi Security Advisory]
+CVE-2019-13055 (Certain Logitech Unifying devices allow attackers to dump AES keys and ...)
+	TODO: check
+CVE-2019-13054 (The Logitech R500 presentation clicker allows attackers to determine t ...)
+	TODO: check
+CVE-2019-13053 (Logitech Unifying devices allow keystroke injection, bypassing encrypt ...)
+	TODO: check
+CVE-2019-13052 (Logitech Unifying devices allow live decryption if the pairing of a ke ...)
+	TODO: check
+CVE-2019-13051
+	RESERVED
+CVE-2019-13050 (Interaction between the sks-keyserver code through 1.2.0 of the SKS ke ...)
+	TODO: check
+CVE-2019-13049 (An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows user ...)
+	TODO: check
+CVE-2019-13048 (kernel/sys/syscall.c in ToaruOS through 1.10.9 allows a denial of serv ...)
+	TODO: check
+CVE-2019-13047 (kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access co ...)
+	TODO: check
+CVE-2019-13046 (linker/linker.c in ToaruOS through 1.10.9 has insecure LD_LIBRARY_PATH ...)
+	TODO: check
+CVE-2019-13044 (An insecure login process was discovered in Panduit IntraVUE before 3. ...)
+	TODO: check
+CVE-2019-13043
+	RESERVED
+CVE-2019-13042
+	RESERVED
+CVE-2019-13041
+	RESERVED
+CVE-2019-13040
+	RESERVED
+CVE-2019-13039
+	RESERVED
+CVE-2019-13038 (mod_auth_mellon through 0.14.2 has an Open Redirect via the login?Retu ...)
+	TODO: check
+CVE-2019-13037
+	RESERVED
+CVE-2019-13036
+	RESERVED
+CVE-2019-13035 (Artica Pandora FMS 7.0 NG before 735 suffers from local privilege esca ...)
+	TODO: check
+CVE-2019-13034
+	RESERVED
+CVE-2016-10761 (Logitech Unifying devices before 2016-02-26 allow keystroke injection, ...)
+	TODO: check
+CVE-2019-13045 (Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when S ...)
 	- irssi <unfixed> (bug #931264)
 	NOTE: https://irssi.org/security/irssi_sa_2019_06.txt
 	NOTE: https://github.com/irssi/irssi/pull/1058
@@ -227,7 +271,7 @@ CVE-2019-12939 (LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection i
 CVE-2019-12938 (The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to p ...)
 	NOT-FOR-US: Roundcube component of Analogic Poste.io
 CVE-2018-20843 (In libexpat in Expat before 2.2.7, XML input including XML names that  ...)
-	{DSA-4472-1}
+	{DSA-4472-1 DLA-1839-1}
 	- expat 2.2.6-2 (bug #931031)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
 	NOTE: https://github.com/libexpat/libexpat/issues/186
@@ -40129,6 +40173,7 @@ CVE-2018-17461 (An out of bounds read in PDFium in Google Chrome prior to 68.0.3
 	- chromium-browser 68.0.3440.75-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-17460 (Insufficient data validation in filesystem URIs in Google Chrome prior ...)
+	{DSA-4256-1}
 	- chromium-browser 68.0.3440.75-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-17457 (An object lifecycle issue in Blink could lead to a use after free in W ...)
@@ -43870,6 +43915,7 @@ CVE-2018-16065 (A Javascript reentrancy issues that caused a use-after-free in V
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16064 (Insufficient data validation in Extensions API in Google Chrome prior  ...)
+	{DSA-4256-1}
 	- chromium-browser 68.0.3440.75-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16063
@@ -127127,6 +127173,7 @@ CVE-2017-5029 (The xsltAddTextString function in transform.c in libxslt 1.1.29,
 	[jessie] - libxslt 1.1.28-2+deb8u3
 	NOTE: Upstream fix in libxslt: https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
 CVE-2017-5028 (Insufficient data validation in V8 in Google Chrome prior to 56.0.2924 ...)
+	{DSA-3776-1}
 	- chromium-browser 56.0.2924.76-3
 CVE-2017-5027 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...)
 	{DSA-3776-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aecb6ccfdbf6ca6f0535b18dd3a0a826ad772011

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aecb6ccfdbf6ca6f0535b18dd3a0a826ad772011
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190629/6d10979f/attachment.html>

More information about the debian-security-tracker-commits mailing list