[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Mar 21 08:10:27 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3de58ce2 by security tracker role at 2019-03-21T08:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2019-9898 (Potential recycling of random numbers used in cryptography exists with ...)
+	TODO: check
+CVE-2019-9897 (Multiple denial-of-service attacks that can be triggered by writing to ...)
+	TODO: check
+CVE-2019-9896 (In PuTTY versions before 0.71 on Windows, local attackers could hijack ...)
+	TODO: check
+CVE-2019-9895 (In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer o ...)
+	TODO: check
+CVE-2019-9894 (A remotely triggerable memory overwrite in RSA key exchange in PuTTY b ...)
+	TODO: check
+CVE-2019-9892
+	RESERVED
+CVE-2019-9891
+	RESERVED
+CVE-2019-9890
+	RESERVED
+CVE-2019-9889 (In Vanilla before 2.6.4, a flaw exists within the getSingleIndex funct ...)
+	TODO: check
+CVE-2019-9888
+	RESERVED
 CVE-2019-1010319
 	RESERVED
 CVE-2019-1010318
@@ -640,7 +660,7 @@ CVE-2019-XXXX [SA-CORE-2019-004]
 	- drupal7 <removed> (bug #925176)
 	[stretch] - drupal7 7.52-2+deb9u7
 	NOTE: https://www.drupal.org/SA-CORE-2019-004
-CVE-2019-9893 [incorrect generation of syscall argument filters]
+CVE-2019-9893 (libseccomp before 2.4.0 did not correctly generate 64-bit syscall argu ...)
 	- libseccomp <unfixed> (unimportant; bug #924646)
 	NOTE: https://github.com/seccomp/libseccomp/issues/139
 	NOTE: No security issue by itself
@@ -895,12 +915,14 @@ CVE-2019-9797
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9797
 CVE-2019-9796
 	RESERVED
+	{DSA-4411-1}
 	- firefox-esr 60.6.0esr-1
 	- firefox 66.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9796
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9796
 CVE-2019-9795
 	RESERVED
+	{DSA-4411-1}
 	- firefox-esr 60.6.0esr-1
 	- firefox 66.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9795
@@ -913,24 +935,28 @@ CVE-2019-9794
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9794
 CVE-2019-9793
 	RESERVED
+	{DSA-4411-1}
 	- firefox-esr 60.6.0esr-1
 	- firefox 66.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9793
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9793
 CVE-2019-9792
 	RESERVED
+	{DSA-4411-1}
 	- firefox-esr 60.6.0esr-1
 	- firefox 66.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9792
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9792
 CVE-2019-9791
 	RESERVED
+	{DSA-4411-1}
 	- firefox-esr 60.6.0esr-1
 	- firefox 66.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9791
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9791
 CVE-2019-9790
 	RESERVED
+	{DSA-4411-1}
 	- firefox-esr 60.6.0esr-1
 	- firefox 66.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9790
@@ -941,6 +967,7 @@ CVE-2019-9789
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9789
 CVE-2019-9788
 	RESERVED
+	{DSA-4411-1}
 	- firefox-esr 60.6.0esr-1
 	- firefox 66.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9798
@@ -6507,32 +6534,32 @@ CVE-2019-7443 [Insecure handling of arguments in helpers]
 	NOTE: https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a
 CVE-2019-7442
 	RESERVED
-CVE-2019-7441
-	RESERVED
-CVE-2019-7440
-	RESERVED
-CVE-2019-7439
-	RESERVED
-CVE-2019-7438
-	RESERVED
-CVE-2019-7437
-	RESERVED
-CVE-2019-7436
-	RESERVED
-CVE-2019-7435
-	RESERVED
-CVE-2019-7434
-	RESERVED
-CVE-2019-7433
-	RESERVED
-CVE-2019-7432
-	RESERVED
-CVE-2019-7431
-	RESERVED
-CVE-2019-7430
-	RESERVED
-CVE-2019-7429
-	RESERVED
+CVE-2019-7441 (cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Ga ...)
+	TODO: check
+CVE-2019-7440 (JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Ke ...)
+	TODO: check
+CVE-2019-7439 (cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang ...)
+	TODO: check
+CVE-2019-7438 (cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML i ...)
+	TODO: check
+CVE-2019-7437 (PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected  ...)
+	TODO: check
+CVE-2019-7436 (PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory  ...)
+	TODO: check
+CVE-2019-7435 (PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected  ...)
+	TODO: check
+CVE-2019-7434 (PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via  ...)
+	TODO: check
+CVE-2019-7433 (PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forge ...)
+	TODO: check
+CVE-2019-7432 (PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the S ...)
+	TODO: check
+CVE-2019-7431 (PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal vi ...)
+	TODO: check
+CVE-2019-7430 (PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the ...)
+	TODO: check
+CVE-2019-7429 (PHP Scripts Mall Property Rental Software 2.1.4 has directory traversa ...)
+	TODO: check
 CVE-2019-7428
 	RESERVED
 CVE-2019-7427
@@ -14692,8 +14719,7 @@ CVE-2019-3863 [Integer overflow in user authenicate keyboard interactive allows
 	NOTE: https://www.libssh2.org/CVE-2019-3863.html
 	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3863.patch
 	NOTE: https://github.com/libssh2/libssh2/pull/315
-CVE-2019-3862 [Out-of-bounds memory comparison]
-	RESERVED
+CVE-2019-3862 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 in t ...)
 	- libssh2 <unfixed> (bug #924965)
 	NOTE: https://libssh2.org/CVE-2019-3862.html
 	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch
@@ -14710,8 +14736,7 @@ CVE-2019-3860 [Out-of-bounds reads with specially crafted SFTP packets]
 	NOTE: https://libssh2.org/CVE-2019-3860.html
 	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
 	NOTE: https://github.com/libssh2/libssh2/pull/316
-CVE-2019-3859 [Out-of-bounds reads with specially crafted payloads due to unchecked use of `_libssh2_packet_require` and `_libssh2_packet_requirev`]
-	RESERVED
+CVE-2019-3859 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 in t ...)
 	- libssh2 <unfixed> (bug #924965)
 	NOTE: https://www.libssh2.org/CVE-2019-3859.html
 	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
@@ -14791,8 +14816,7 @@ CVE-2019-3834
 	RESERVED
 CVE-2019-3833 (Openwsman, versions up to and including 2.6.9, are vulnerable to infin ...)
 	- openwsman <itp> (bug #754501)
-CVE-2019-3832 [incomplete fix for CVE-2018-19758]
-	RESERVED
+CVE-2019-3832 (It was discovered the fix for CVE-2018-19758 (libsndfile) was not comp ...)
 	{DLA-1712-1}
 	- libsndfile 1.0.28-6 (bug #922372)
 	[stretch] - libsndfile <not-affected> (Incomplete fix for CVE-2018-19758 not applied)
@@ -15620,16 +15644,16 @@ CVE-2018-20650 (A reachable Object::dictLookup assertion in Poppler 0.72.0 allow
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/704
 CVE-2018-20649
 	RESERVED
-CVE-2018-20648
-	RESERVED
-CVE-2018-20647
-	RESERVED
-CVE-2018-20646
-	RESERVED
-CVE-2018-20645
-	RESERVED
-CVE-2018-20644
-	RESERVED
+CVE-2018-20648 (PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forger ...)
+	TODO: check
+CVE-2018-20647 (PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a ...)
+	TODO: check
+CVE-2018-20646 (PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal vi ...)
+	TODO: check
+CVE-2018-20645 (PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the Fir ...)
+	TODO: check
+CVE-2018-20644 (PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery ...)
+	TODO: check
 CVE-2018-20643 (PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory tr ...)
 	NOT-FOR-US: PHP Scripts Mall Entrepreneur Job Portal Script
 CVE-2018-20642 (PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote at ...)
@@ -19422,6 +19446,7 @@ CVE-2019-2424
 CVE-2019-2423 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
 	NOT-FOR-US: Oracle
 CVE-2019-2422 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
+	{DSA-4410-1}
 	- openjdk-7 <unfixed>
 	- openjdk-8 8u202-b26-1
 	- openjdk-11 11.0.2+9-1
@@ -28483,6 +28508,7 @@ CVE-2018-18508 [NULL pointer dereference in several CMS functions resulting in a
 CVE-2018-18507
 	RESERVED
 CVE-2018-18506 (When proxy auto-detection is enabled, if a web server serves a Proxy A ...)
+	{DSA-4411-1}
 	- firefox 65.0-1
 	- firefox-esr 60.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2018-18506
@@ -32008,8 +32034,8 @@ CVE-2018-17169
 	RESERVED
 CVE-2018-17168
 	RESERVED
-CVE-2018-17167
-	RESERVED
+CVE-2018-17167 (PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored  ...)
+	TODO: check
 CVE-2018-17166
 	RESERVED
 CVE-2018-17165
@@ -124818,8 +124844,7 @@ CVE-2017-2661 (ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-s
 	NOTE: http://www.openwall.com/lists/oss-security/2017/03/23/2
 CVE-2017-2660
 	RESERVED
-CVE-2017-2659 [Information leak when given invalid username]
-	RESERVED
+CVE-2017-2659 (It was found that dropbear before version 2013.59 with GSSAPI leaks wh ...)
 	- dropbear 2013.60-1
 	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a#l1.86
 CVE-2017-2658 (It was discovered that the Dashbuilder login page as used in Red Hat J ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3de58ce2482fe91468bda5305ec66d247e5dcffe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3de58ce2482fe91468bda5305ec66d247e5dcffe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190321/7e97f803/attachment.html>

More information about the debian-security-tracker-commits mailing list