[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Mar 8 20:10:38 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fa3a275c by security tracker role at 2019-03-08T20:10:27Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-9634 (Go through 1.12 on Windows misuses certain LoadLibrary functionality, ...)
+	TODO: check
 CVE-2019-XXXX [rename() across the device may allow unwanted access during processing]
 	- php7.3 7.3.3-1
 	- php7.0 <removed>
@@ -34,8 +36,8 @@ CVE-2019-9629
 	RESERVED
 CVE-2019-9628
 	RESERVED
-CVE-2019-9627
-	RESERVED
+CVE-2019-9627 (A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk ...)
+	TODO: check
 CVE-2019-9626 (PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to ...)
 	NOT-FOR-US: PHPSHE
 CVE-2019-9625 (JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to ...)
@@ -976,6 +978,7 @@ CVE-2019-9202
 CVE-2019-9201 (Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ...)
 	NOT-FOR-US: Phoenix Contact ILC
 CVE-2019-9200 (A heap-based buffer underwrite exists in ImageStream::getLine() located ...)
+	{DLA-1706-1}
 	- poppler <unfixed> (bug #923414)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/728
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/f4136a6353162db249f63ddb0f20611622ab61b4
@@ -5424,6 +5427,7 @@ CVE-2019-7312 (Limited plaintext disclosure exists in PRIMX Zed Entreprise for W
 CVE-2019-7311
 	RESERVED
 CVE-2019-7310 (In Poppler 0.73.0, a heap-based buffer over-read (due to an integer ...)
+	{DLA-1706-1}
 	- poppler <unfixed> (bug #921215)
 	[stretch] - poppler <ignored> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797
@@ -13427,10 +13431,10 @@ CVE-2019-3782 (Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently
 	NOT-FOR-US: Cloud Foundry
 CVE-2019-3781 (Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes ...)
 	NOT-FOR-US: Cloud Foundry CLI
-CVE-2019-3780
-	RESERVED
-CVE-2019-3779
-	RESERVED
+CVE-2019-3780 (Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s ...)
+	TODO: check
+CVE-2019-3779 (Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys ...)
+	TODO: check
 CVE-2019-3778 (Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to ...)
 	TODO: check
 CVE-2019-3777 (Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, ...)
@@ -13834,6 +13838,7 @@ CVE-2018-20664 (Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has X
 CVE-2018-20663 (The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA ...)
 	NOT-FOR-US: Reporting Addon for CUBA Platform
 CVE-2018-20662 (In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause ...)
+	{DLA-1706-1}
 	- poppler <unfixed> (low; bug #918158)
 	[stretch] - poppler <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/706
@@ -14772,6 +14777,7 @@ CVE-2018-20482 (GNU Tar through 1.30, when --sparse is used, mishandles file shr
 	NOTE: https://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html
 	NOTE: Fixed by https://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42c
 CVE-2018-20481 (XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef ...)
+	{DLA-1706-1}
 	- poppler <unfixed> (low; bug #917325)
 	[stretch] - poppler <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/692
@@ -15612,12 +15618,12 @@ CVE-2018-20238 (Various rest resources in Atlassian Crowd before version 3.2.7 a
 	NOT-FOR-US: Atlassian
 CVE-2018-20237 (Atlassian Confluence Server and Data Center before version 6.13.1 ...)
 	NOT-FOR-US: Atlassian
-CVE-2018-20236
-	RESERVED
-CVE-2018-20235
-	RESERVED
-CVE-2018-20234
-	RESERVED
+CVE-2018-20236 (There was an command injection vulnerability in Sourcetree for Windows ...)
+	TODO: check
+CVE-2018-20235 (There was an argument injection vulnerability in Atlassian Sourcetree ...)
+	TODO: check
+CVE-2018-20234 (There was an argument injection vulnerability in Atlassian Sourcetree ...)
+	TODO: check
 CVE-2018-20233 (The Upload add-on resource in Atlassian Universal Plugin Manager ...)
 	NOT-FOR-US: Atlassian
 CVE-2018-20232 (The labels widget gadget in Atlassian Jira before version 7.6.11 and ...)
@@ -15749,8 +15755,7 @@ CVE-2018-20189 (In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/di
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/585/
 CVE-2018-20188 (FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator ...)
 	NOT-FOR-US: FUEL CMS
-CVE-2018-20187 [Timing side channel during ECC key generation could leak information...]
-	RESERVED
+CVE-2018-20187 (A side-channel issue was discovered in Botan before 2.9.0. An attacker ...)
 	[experimental] - botan 2.9.0-1
 	- botan 2.9.0-2 (bug #918732)
 	- botan1.10 <not-affected> (Vulnerable code introduced in 1.11.20)
@@ -20165,14 +20170,14 @@ CVE-2019-1606
 	RESERVED
 CVE-2019-1605
 	RESERVED
-CVE-2019-1604
-	RESERVED
-CVE-2019-1603
-	RESERVED
-CVE-2019-1602
-	RESERVED
-CVE-2019-1601
-	RESERVED
+CVE-2019-1604 (A vulnerability in the user account management interface of Cisco ...)
+	TODO: check
+CVE-2019-1603 (A vulnerability in the CLI of Cisco NX-OS Software could allow an ...)
+	TODO: check
+CVE-2019-1602 (A vulnerability in the filesystem permissions of Cisco NX-OS Software ...)
+	TODO: check
+CVE-2019-1601 (A vulnerability in the filesystem permissions of Cisco NX-OS Software ...)
+	TODO: check
 CVE-2019-1600 (A vulnerability in the file system permissions of Cisco FXOS Software ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1599 (A vulnerability in the network stack of Cisco NX-OS Software could ...)
@@ -25567,6 +25572,7 @@ CVE-2018-19059 (An issue was discovered in Poppler 0.71.0. There is a out-of-bou
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/77a30e94d96220d7e22dff5b3f0a7f296f01b118
 	NOTE: Issue in pdfdetach cli tool leading to crash
 CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a reachable abort ...)
+	{DLA-1706-1}
 	- poppler <unfixed> (low; bug #913177)
 	[stretch] - poppler <ignored> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/659



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa3a275cf6c014264ce260534ca2e39ffcf882fb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa3a275cf6c014264ce260534ca2e39ffcf882fb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190308/72f423b5/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list