[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Mar 19 20:10:29 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ce79dcba by security tracker role at 2019-03-19T20:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2019-9878 (There is an invalid memory access in the function GfxIndexedColorSpace ...)
+	TODO: check
+CVE-2019-9877 (There is an invalid memory access vulnerability in the function TextPa ...)
+	TODO: check
+CVE-2019-9876
+	RESERVED
+CVE-2019-9875
+	RESERVED
+CVE-2019-9874
+	RESERVED
+CVE-2019-9873
+	RESERVED
+CVE-2019-9872
+	RESERVED
+CVE-2019-9871
+	RESERVED
+CVE-2019-9870 (plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor m ...)
+	TODO: check
+CVE-2019-9869
+	RESERVED
+CVE-2019-9868 (An issue was discovered in the Web Console in Veritas NetBackup Applia ...)
+	TODO: check
+CVE-2019-9867 (An issue was discovered in the Web Console in Veritas NetBackup Applia ...)
+	TODO: check
+CVE-2019-9866
+	RESERVED
+CVE-2019-9865
+	RESERVED
 CVE-2019-9864
 	RESERVED
 CVE-2019-9863
@@ -8652,10 +8680,10 @@ CVE-2019-6275
 	RESERVED
 CVE-2019-6274
 	RESERVED
-CVE-2019-6273
-	RESERVED
-CVE-2019-6272
-	RESERVED
+CVE-2019-6273 (download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 all ...)
+	TODO: check
+CVE-2019-6272 (Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite ...)
+	TODO: check
 CVE-2019-6271
 	RESERVED
 CVE-2019-6270
@@ -9038,8 +9066,7 @@ CVE-2019-6118
 	RESERVED
 CVE-2019-6117
 	RESERVED
-CVE-2019-6116 [subroutines within pseudo-operators must themselves be pseudo-operators]
-	RESERVED
+CVE-2019-6116 (In Artifex Ghostscript through 9.26, ephemeral or transient procedures ...)
 	{DSA-4372-1 DLA-1670-1}
 	- ghostscript 9.26a~dfsg-1
 	NOTE: https://www.openwall.com/lists/oss-security/2019/01/23/5
@@ -9557,8 +9584,7 @@ CVE-2019-5887 (An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method
 	NOT-FOR-US: ShopXO
 CVE-2019-5886 (An issue was discovered in ShopXO 1.2.0. In the application\install\co ...)
 	NOT-FOR-US: ShopXO
-CVE-2019-5885 [Synapse: Derives macaroon_secret_key in a predictable way if none is specified]
-	RESERVED
+CVE-2019-5885 (Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentic ...)
 	- matrix-synapse 0.34.1.1-1
 	NOTE: https://matrix.org/blog/2019/01/10/critical-security-update-synapse-0-34-0-1-synapse-0-34-1-1/
 	NOTE: https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
@@ -10036,8 +10062,8 @@ CVE-2019-5731
 	RESERVED
 CVE-2019-5730
 	RESERVED
-CVE-2019-5729
-	RESERVED
+CVE-2019-5729 (Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS  ...)
+	TODO: check
 CVE-2019-5728
 	RESERVED
 CVE-2019-5727 (Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9 ...)
@@ -10048,10 +10074,10 @@ CVE-2019-5725 (qibosoft through V7 allows remote attackers to read arbitrary fil
 	NOT-FOR-US: qibosoft
 CVE-2019-5724
 	RESERVED
-CVE-2019-5723
-	RESERVED
-CVE-2019-5722
-	RESERVED
+CVE-2019-5723 (An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwor ...)
+	TODO: check
+CVE-2019-5722 (An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to  ...)
+	TODO: check
 CVE-2019-5721 (In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was ...)
 	- wireshark 2.6.1-1
 	[stretch] - wireshark 2.6.3-1~deb9u1
@@ -13414,8 +13440,8 @@ CVE-2019-4096
 	RESERVED
 CVE-2019-4095
 	RESERVED
-CVE-2019-4094
-	RESERVED
+CVE-2019-4094 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+	TODO: check
 CVE-2019-4093
 	RESERVED
 CVE-2019-4092
@@ -73525,8 +73551,8 @@ CVE-2018-1838 (IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could a
 	NOT-FOR-US: IBM
 CVE-2018-1837
 	RESERVED
-CVE-2018-1836
-	RESERVED
+CVE-2018-1836 (IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 cons ...)
+	TODO: check
 CVE-2018-1835 (IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable ...)
 	NOT-FOR-US: IBM
 CVE-2018-1834 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ce79dcba4b2f21649c3ebcf8a93c4a50e8373afc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ce79dcba4b2f21649c3ebcf8a93c4a50e8373afc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190319/fb253dc3/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list