[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Mar 26 20:10:33 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9463279a by security tracker role at 2019-03-26T20:10:21Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2019-10099
+	RESERVED
+CVE-2019-10098
+	RESERVED
+CVE-2019-10097
+	RESERVED
+CVE-2019-10096
+	RESERVED
+CVE-2019-10095
+	RESERVED
+CVE-2019-10094
+	RESERVED
+CVE-2019-10093
+	RESERVED
+CVE-2019-10092
+	RESERVED
+CVE-2019-10091
+	RESERVED
+CVE-2019-10090
+	RESERVED
+CVE-2019-10089
+	RESERVED
+CVE-2019-10088
+	RESERVED
+CVE-2019-10087
+	RESERVED
+CVE-2019-10086
+	RESERVED
+CVE-2019-10085
+	RESERVED
+CVE-2019-10084
+	RESERVED
+CVE-2019-10083
+	RESERVED
+CVE-2019-10082
+	RESERVED
+CVE-2019-10081
+	RESERVED
+CVE-2019-10080
+	RESERVED
+CVE-2019-10079
+	RESERVED
+CVE-2019-10078
+	RESERVED
+CVE-2019-10077
+	RESERVED
+CVE-2019-10076
+	RESERVED
+CVE-2019-10075
+	RESERVED
+CVE-2019-10074
+	RESERVED
+CVE-2019-10073
+	RESERVED
+CVE-2019-10072
+	RESERVED
+CVE-2019-10071
+	RESERVED
+CVE-2019-10070
+	RESERVED
+CVE-2019-10069
+	RESERVED
+CVE-2019-10068 (An issue was discovered in Kentico before 12.0.15. Due to a failure to ...)
+	TODO: check
+CVE-2019-10067
+	RESERVED
+CVE-2019-10066
+	RESERVED
+CVE-2019-10065
+	RESERVED
+CVE-2019-10064
+	RESERVED
+CVE-2019-10063 (Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1 ...)
+	TODO: check
 CVE-2019-10062
 	RESERVED
 CVE-2019-10061 (utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js)  ...)
@@ -200,8 +274,8 @@ CVE-2019-9963 (XnView MP 0.93.1 on Windows allows remote attackers to cause a de
 	NOT-FOR-US: XnView
 CVE-2019-9962 (XnView MP 0.93.1 on Windows allows remote attackers to cause a denial  ...)
 	NOT-FOR-US: XnView
-CVE-2019-9961
-	RESERVED
+CVE-2019-9961 (A cross-site scripting (XSS) vulnerability in ressource view of Wikind ...)
+	TODO: check
 CVE-2019-9960 (The downloadZip function in application/controllers/admin/export.php i ...)
 	- limesurvey <itp> (bug #472802)
 CVE-2019-9959
@@ -1022,8 +1096,7 @@ CVE-2019-1010002
 	RESERVED
 CVE-2019-1010001
 	RESERVED
-CVE-2019-6341 [SA-CORE-2019-004]
-	RESERVED
+CVE-2019-6341 (In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.1 ...)
 	{DSA-4412-1}
 	- drupal7 <removed> (bug #925176)
 	NOTE: https://www.drupal.org/SA-CORE-2019-004
@@ -1403,8 +1476,8 @@ CVE-2019-9766 (Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when conve
 	NOT-FOR-US: Free MP3 CD Ripper
 CVE-2019-9765 (In Blog_mini 1.0, XSS exists via the author name of a comment reply in ...)
 	NOT-FOR-US: Blog_mini
-CVE-2019-9764
-	RESERVED
+CVE-2019-9764 (HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to ...)
+	TODO: check
 CVE-2019-9763
 	RESERVED
 CVE-2019-9762 (A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment ...)
@@ -2730,6 +2803,7 @@ CVE-2019-9214 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissec
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c557bb0910be271e49563756411a690a1bc53ce5
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-08.html
 CVE-2019-9213 (In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lack ...)
+	{DLA-1731-1}
 	- linux 4.19.28-1
 	NOTE: Fixed by: https://git.kernel.org/linus/0a1d52994d440e21def1c2174932410b4f2a98a1 (5.0)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1792
@@ -3202,24 +3276,24 @@ CVE-2019-9063 (PHP Scripts Mall Auction website script 2.0.4 allows parameter ta
 	NOT-FOR-US: PHP Scripts Mall Auction website script
 CVE-2019-9062 (PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Reques ...)
 	NOT-FOR-US: PHP Scripts Mall Online Food Ordering Script
-CVE-2019-9061
-	RESERVED
+CVE-2019-9061 (An issue was discovered in CMS Made Simple 2.2.8. In the module Module ...)
+	TODO: check
 CVE-2019-9060
 	RESERVED
-CVE-2019-9059
-	RESERVED
-CVE-2019-9058
-	RESERVED
-CVE-2019-9057
-	RESERVED
+CVE-2019-9059 (An issue was discovered in CMS Made Simple 2.2.8. It is possible, with ...)
+	TODO: check
+CVE-2019-9058 (An issue was discovered in CMS Made Simple 2.2.8. In the administrator ...)
+	TODO: check
+CVE-2019-9057 (An issue was discovered in CMS Made Simple 2.2.8. In the module FilePi ...)
+	TODO: check
 CVE-2019-9056
 	RESERVED
-CVE-2019-9055
-	RESERVED
+CVE-2019-9055 (An issue was discovered in CMS Made Simple 2.2.8. In the module Design ...)
+	TODO: check
 CVE-2019-9054
 	RESERVED
-CVE-2019-9053
-	RESERVED
+CVE-2019-9053 (An issue was discovered in CMS Made Simple 2.2.8. It is possible with  ...)
+	TODO: check
 CVE-2019-9052 (An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerabi ...)
 	NOT-FOR-US: Pluck CMS
 CVE-2019-9051 (An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerabi ...)
@@ -3451,12 +3525,12 @@ CVE-2019-8991
 	RESERVED
 CVE-2019-8990
 	RESERVED
-CVE-2019-8989
-	RESERVED
-CVE-2019-8988
-	RESERVED
-CVE-2019-8987
-	RESERVED
+CVE-2019-8989 (The application server component of TIBCO Software Inc.'s TIBCO Data S ...)
+	TODO: check
+CVE-2019-8988 (The application server component of TIBCO Software Inc.'s TIBCO Data S ...)
+	TODO: check
+CVE-2019-8987 (The application server component of TIBCO Software Inc.'s TIBCO Data S ...)
+	TODO: check
 CVE-2019-8986 (The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO Ja ...)
 	NOT-FOR-US: TIBCO
 CVE-2019-8985 (On Netis WF2880 and WF2411 2.1.36123 devices, there is a stack-based b ...)
@@ -6401,8 +6475,8 @@ CVE-2019-7648 (controller/fetchpwd.php and controller/doAction.php in Hotels_Ser
 	NOT-FOR-US: Hotels_Server
 CVE-2019-7647
 	RESERVED
-CVE-2019-7646
-	RESERVED
+CVE-2019-7646 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vu ...)
+	TODO: check
 CVE-2019-7645
 	RESERVED
 CVE-2019-7644
@@ -7604,10 +7678,12 @@ CVE-2019-7224
 CVE-2019-7223 (InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save i ...)
 	NOT-FOR-US: InvoicePlane
 CVE-2019-7222 (The KVM implementation in the Linux kernel through 4.20.5 has an Infor ...)
+	{DLA-1731-1}
 	- linux 4.19.20-1
 	NOTE: https://git.kernel.org/linus/353c0956a618a07ba4bbe7ad00ff29fe70e8412a
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1759&desc=2
 CVE-2019-7221 (The KVM implementation in the Linux kernel through 4.20.5 has a Use-af ...)
+	{DLA-1731-1}
 	- linux 4.19.20-1
 	NOTE: https://git.kernel.org/linus/ecec76885bcfe3294685dc363fd1273df0d5d65f
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1760
@@ -8139,6 +8215,7 @@ CVE-2019-6990 (A stored-self XSS exists in web/skins/classic/views/zones.php of
 	NOTE: https://github.com/ZoneMinder/zoneminder/commit/a3e8fd4fd5b579865f35aac3b964bc78d5b7a94a
 	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2444
 CVE-2016-10741 (In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users ...)
+	{DLA-1731-1}
 	- linux 4.9.6-1
 	NOTE: Fixed by: https://git.kernel.org/linus/04197b341f23b908193308b8d63d17ff23232598
 CVE-2016-10740 (Various resources in Atlassian Crowd before version 2.10.1 allow remot ...)
@@ -8211,6 +8288,7 @@ CVE-2019-6975 (Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x befo
 	NOTE: https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
 	NOTE: https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227 (1.11 branch)
 CVE-2019-6974 (In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm ...)
+	{DLA-1731-1}
 	- linux 4.19.20-1
 	NOTE: https://git.kernel.org/linus/cfa39381173d5f969daf43582c95ad679189cbc9
 CVE-2019-6973 (Sricam IP CCTV cameras are vulnerable to denial of service via multipl ...)
@@ -9159,8 +9237,8 @@ CVE-2019-6542
 	RESERVED
 CVE-2019-6541 (A memory corruption vulnerability has been identified in WECON LeviStu ...)
 	NOT-FOR-US: WECON
-CVE-2019-6540
-	RESERVED
+CVE-2019-6540 (The Conexus telemetry protocol utilized within Medtronic MyCareLink Mo ...)
+	TODO: check
 CVE-2019-6539 (Several heap-based buffer overflow vulnerabilities in WECON LeviStudio ...)
 	NOT-FOR-US: WECON
 CVE-2019-6538 (The Conexus telemetry protocol utilized within Medtronic MyCareLink Mo ...)
@@ -15130,8 +15208,7 @@ CVE-2019-3880
 	RESERVED
 CVE-2019-3879 (It was discovered that in the ovirt's REST API before version 4.3.2.1, ...)
 	NOT-FOR-US: ovirt-engine
-CVE-2019-3878 [authentication bypass in ECP flow]
-	RESERVED
+CVE-2019-3878 (A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache ...)
 	{DSA-4414-1}
 	- libapache2-mod-auth-mellon 0.14.2-1 (bug #925197)
 	[jessie] - libapache2-mod-auth-mellon <not-affected> (Vulnerable code not present)
@@ -15175,46 +15252,55 @@ CVE-2019-3865
 CVE-2019-3864
 	RESERVED
 CVE-2019-3863 (A flaw was found in libssh2 before 1.8.1. A server could send a multip ...)
+	{DLA-1730-1}
 	- libssh2 <unfixed> (bug #924965)
 	NOTE: https://www.libssh2.org/CVE-2019-3863.html
 	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3863.patch
 	NOTE: https://github.com/libssh2/libssh2/pull/315
 CVE-2019-3862 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 in t ...)
+	{DLA-1730-1}
 	- libssh2 <unfixed> (bug #924965)
 	NOTE: https://libssh2.org/CVE-2019-3862.html
 	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch
 	NOTE: https://github.com/libssh2/libssh2/pull/316
 CVE-2019-3861 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 in t ...)
+	{DLA-1730-1}
 	- libssh2 <unfixed> (bug #924965)
 	NOTE: https://libssh2.org/CVE-2019-3861.html
 	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch
 	NOTE: https://github.com/libssh2/libssh2/pull/316
 CVE-2019-3860 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 in t ...)
+	{DLA-1730-1}
 	- libssh2 <unfixed> (bug #924965)
 	NOTE: https://libssh2.org/CVE-2019-3860.html
 	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
 	NOTE: https://github.com/libssh2/libssh2/pull/316
 CVE-2019-3859 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 in t ...)
+	{DLA-1730-1}
 	- libssh2 <unfixed> (bug #924965)
 	NOTE: https://www.libssh2.org/CVE-2019-3859.html
 	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch
 	NOTE: https://github.com/libssh2/libssh2/pull/315
 CVE-2019-3858 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 when ...)
+	{DLA-1730-1}
 	- libssh2 <unfixed> (bug #924965)
 	NOTE: https://libssh2.org/CVE-2019-3858.html
 	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
 	NOTE: https://github.com/libssh2/libssh2/pull/316
 CVE-2019-3857 (An integer overflow flaw which could lead to an out of bounds write wa ...)
+	{DLA-1730-1}
 	- libssh2 <unfixed> (bug #924965)
 	NOTE: https://www.libssh2.org/CVE-2019-3857.html
 	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch
 	NOTE: https://github.com/libssh2/libssh2/pull/315
 CVE-2019-3856 (An integer overflow flaw, which could lead to an out of bounds write,  ...)
+	{DLA-1730-1}
 	- libssh2 <unfixed> (bug #924965)
 	NOTE: https://www.libssh2.org/CVE-2019-3856.html
 	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch
 	NOTE: https://github.com/libssh2/libssh2/pull/315
 CVE-2019-3855 (An integer overflow flaw which could lead to an out of bounds write wa ...)
+	{DLA-1730-1}
 	- libssh2 <unfixed> (bug #924965)
 	NOTE: https://www.libssh2.org/CVE-2019-3855.html
 	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch
@@ -15223,16 +15309,16 @@ CVE-2019-3854
 	RESERVED
 CVE-2019-3853
 	RESERVED
-CVE-2019-3852
-	RESERVED
-CVE-2019-3851
-	RESERVED
-CVE-2019-3850
-	RESERVED
-CVE-2019-3849
-	RESERVED
-CVE-2019-3848
-	RESERVED
+CVE-2019-3852 (A vulnerability was found in moodle before version 3.6.3. The get_with ...)
+	TODO: check
+CVE-2019-3851 (A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. T ...)
+	TODO: check
+CVE-2019-3850 (A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4. ...)
+	TODO: check
+CVE-2019-3849 (A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3 ...)
+	TODO: check
+CVE-2019-3848 (A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3 ...)
+	TODO: check
 CVE-2019-3847
 	RESERVED
 CVE-2019-3846
@@ -15288,8 +15374,7 @@ CVE-2019-3832 (It was discovered the fix for CVE-2018-19758 (libsndfile) was not
 	NOTE: https://github.com/erikd/libsndfile/commit/6d7ce94c020cc720a6b28719d1a7879181790008
 CVE-2019-3831 (A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 an ...)
 	- vdsm <itp> (bug #668538)
-CVE-2019-3830 [ceilometer-agent prints sensitive data from config files through log files]
-	RESERVED
+CVE-2019-3830 (A vulnerability was found in ceilometer before version 12.0.0.0rc1. An ...)
 	- ceilometer <unfixed> (bug #925298)
 	NOTE: https://bugs.launchpad.net/ceilometer/+bug/1811098/
 CVE-2019-3829
@@ -15307,8 +15392,7 @@ CVE-2019-3827 (An incorrect permission check in the admin backend in gvfs before
 	NOTE: https://gitlab.gnome.org/GNOME/gvfs/issues/355
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1665578
 	NOTE: Affecting gvfs since 1.29.4 where admin backend was introduced.
-CVE-2019-3826 [Stored DOM cross-site scripting (XSS) attack via crafted URL]
-	RESERVED
+CVE-2019-3826 (A stored, DOM based, cross-site scripting (XSS) flaw was found in Prom ...)
 	- prometheus 2.7.1+ds-1 (bug #921615)
 	[stretch] - prometheus <not-affected> (Only affects 2.1.0 onwards)
 	NOTE: https://github.com/prometheus/prometheus/pull/5163
@@ -15347,6 +15431,7 @@ CVE-2019-3820 (It was discovered that the gnome-shell lock screen since version
 	NOTE: Introduced by: https://gitlab.gnome.org/GNOME/gnome-shell/commit/c79d24b60e773262091023feb6ee1b3deef1c471
 	NOTE: Upstream issue: https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
 CVE-2019-3819 (A flaw was found in the Linux kernel in the function hid_debug_events_ ...)
+	{DLA-1731-1}
 	- linux 4.19.20-1
 	NOTE: Proposed patch: https://marc.info/?l=linux-input&m=154841031101012&w=2
 CVE-2019-3818 (The kube-rbac-proxy container before version 0.4.1 as used in Red Hat  ...)
@@ -15411,8 +15496,7 @@ CVE-2019-3806 (An issue has been found in PowerDNS Recursor versions after 4.1.3
 	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html
 CVE-2019-3805
 	RESERVED
-CVE-2019-3804 [Crash when parsing invalid base64 headers]
-	RESERVED
+CVE-2019-3804 (It was found that cockpit before version 184 used glib's base64 decode ...)
 	- cockpit 184-1
 	NOTE: https://github.com/cockpit-project/cockpit/pull/10819
 	NOTE: https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12
@@ -15621,6 +15705,7 @@ CVE-2019-3703
 CVE-2019-3702
 	RESERVED
 CVE-2019-3701 (An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux ...)
+	{DLA-1731-1}
 	- linux 4.19.20-1 (unimportant)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1120386
 	NOTE: https://marc.info/?l=linux-netdev&m=154651842302479&w=2
@@ -15812,8 +15897,8 @@ CVE-2019-3608
 	RESERVED
 CVE-2019-3607
 	RESERVED
-CVE-2019-3606
-	RESERVED
+CVE-2019-3606 (Data Leakage Attacks vulnerability in the web portal component when in ...)
+	TODO: check
 CVE-2019-3605
 	RESERVED
 CVE-2019-3604 (Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) ...)
@@ -15830,8 +15915,8 @@ CVE-2019-3599 (Information Disclosure vulnerability in Remote logging (which is
 	NOT-FOR-US: McAfee Agent
 CVE-2019-3598 (Buffer Access with Incorrect Length Value in McAfee Agent (MA) 5.x all ...)
 	NOT-FOR-US: McAfee Agent
-CVE-2019-3597
-	RESERVED
+CVE-2019-3597 (Authentication Bypass vulnerability in McAfee Network Security Manager ...)
+	TODO: check
 CVE-2019-3596
 	RESERVED
 CVE-2019-3595
@@ -16716,6 +16801,7 @@ CVE-2018-1000888 (PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502,
 CVE-2018-1000887 (Peel shopping peel-shopping_9_1_0 version contains a Cross Site Script ...)
 	NOT-FOR-US: Peel shopping
 CVE-2018-20511 (An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ ...)
+	{DLA-1731-1}
 	- linux 4.18.20-1
 	[stretch] - linux 4.9.130-1
 	NOTE: Fixed by: https://git.kernel.org/linus/9824dfae5741275473a23a7ed5756c7b6efacc9d (4.19-rc5)
@@ -17875,6 +17961,7 @@ CVE-2018-20171 (An issue was discovered in Nagios XI before 5.5.8. The url param
 CVE-2018-20170 (** DISPUTED ** OpenStack Keystone through 14.0.1 has a user enumeratio ...)
 	NOT-FOR-US: Disputed issue in Keystone, no need to track for src:keystone
 CVE-2018-20169 (An issue was discovered in the Linux kernel before 4.19.9. The USB sub ...)
+	{DLA-1731-1}
 	- linux 4.19.9-1
 	NOTE: https://git.kernel.org/linus/704620afc70cf47abb9d6a1a57f3825d2bca49cf
 CVE-2018-20168 (Google gVisor before 2018-08-22 reuses a pagetable in a different leve ...)
@@ -21325,6 +21412,7 @@ CVE-2018-19987
 CVE-2018-19986
 	RESERVED
 CVE-2018-19985 (The function hso_get_config_data in drivers/net/usb/hso.c in the Linux ...)
+	{DLA-1731-1}
 	- linux 4.19.13-1
 	NOTE: https://git.kernel.org/linus/5146f95df782b0ac61abde36567e718692725c89
 CVE-2018-19984
@@ -22543,8 +22631,8 @@ CVE-2018-19857 (The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media pla
 	[jessie] - vlc <end-of-life> (See https://lists.debian.org/debian-security-announce/2018/msg00130.html)
 	NOTE: https://dyntopia.com/advisories/013-vlc
 	NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=0cc5ea748ee5ff7705dde61ab15dff8f58be39d0
-CVE-2018-19856
-	RESERVED
+CVE-2018-19856 (GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before  ...)
+	TODO: check
 CVE-2018-19855
 	RESERVED
 CVE-2018-19854 (An issue was discovered in the Linux kernel before 4.19.3. crypto_repo ...)
@@ -22639,6 +22727,7 @@ CVE-2018-19826 (In inspect.cpp in LibSass 3.5.5, a high memory footprint caused
 CVE-2018-19825
 	RESERVED
 CVE-2018-19824 (In the Linux kernel through 4.19.6, a local user could exploit a use-a ...)
+	{DLA-1731-1}
 	- linux 4.19.9-1
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1118152
 CVE-2018-19823
@@ -28449,7 +28538,7 @@ CVE-2016-10732 (ProjectSend (formerly cFTP) r582 allows authentication bypass vi
 CVE-2016-10731 (ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files ...)
 	NOT-FOR-US: ProjectSend
 CVE-2018-18710 (An issue was discovered in the Linux kernel through 4.19. An informati ...)
-	{DLA-1715-1}
+	{DLA-1731-1 DLA-1715-1}
 	- linux 4.18.20-1
 	[stretch] - linux 4.9.144-1
 	NOTE: https://git.kernel.org/linus/e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276
@@ -28492,7 +28581,7 @@ CVE-2018-18692 (A reflected Cross-Site scripting (XSS) vulnerability in SEMCO Se
 CVE-2018-18691
 	RESERVED
 CVE-2018-18690 (In the Linux kernel before 4.17, a local attacker able to set attribut ...)
-	{DLA-1715-1}
+	{DLA-1731-1 DLA-1715-1}
 	- linux 4.17.3-1
 	[stretch] - linux 4.9.144-1
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199119
@@ -29646,7 +29735,7 @@ CVE-2018-18283
 CVE-2018-18282 (Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page. ...)
 	NOT-FOR-US: Next.js
 CVE-2018-18281 (Since Linux kernel version 3.2, the mremap() syscall performs TLB flus ...)
-	{DLA-1715-1}
+	{DLA-1731-1 DLA-1715-1}
 	- linux 4.18.20-1
 	[stretch] - linux 4.9.135-1
 	NOTE: https://git.kernel.org/linus/eb66ae030829605d61fbef1909ce310e29f78821
@@ -30586,7 +30675,7 @@ CVE-2018-17971
 CVE-2018-17970
 	RESERVED
 CVE-2018-17972 (An issue was discovered in the proc_pid_stack function in fs/proc/base ...)
-	{DLA-1715-1}
+	{DLA-1731-1 DLA-1715-1}
 	- linux 4.18.20-1
 	[stretch] - linux 4.9.135-1
 	NOTE: https://marc.info/?l=linux-fsdevel&m=153806242024956&w=2
@@ -33197,6 +33286,7 @@ CVE-2018-16885 (A flaw was found in the Linux kernel that allows the userspace t
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1661503
 	NOTE: https://git.kernel.org/linus/06ebb06d49486676272a3c030bfeef4bd969a8e6
 CVE-2018-16884 (A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares ...)
+	{DLA-1731-1}
 	- linux 4.19.16-1
 	NOTE: https://patchwork.kernel.org/cover/10733767/
 	NOTE: https://patchwork.kernel.org/patch/10733769/
@@ -33332,7 +33422,7 @@ CVE-2018-16863 (It was found that RHSA-2018:2918 did not fully fix CVE-2018-1650
 	- ghostscript <not-affected> (Red Hat-specific issue)
 	NOTE: Debian updates backported all fixes to released suites
 CVE-2018-16862 (A security flaw was found in the Linux kernel in a way that the cleanc ...)
-	{DLA-1715-1}
+	{DLA-1731-1 DLA-1715-1}
 	- linux 4.19.9-1
 	[stretch] - linux 4.9.144-1
 	NOTE: https://lore.kernel.org/patchwork/patch/1011367/
@@ -33353,8 +33443,7 @@ CVE-2018-16857 (Samba from version 4.9.0 and before version 4.9.3 that have AD D
 	[stretch] - samba <not-affected> (Vulnerable code not present)
 	[jessie] - samba <not-affected> (Vulnerable code not present)
 	NOTE: https://www.samba.org/samba/security/CVE-2018-16857.html
-CVE-2018-16856 [Private keys written to world-readable log files]
-	RESERVED
+CVE-2018-16856 (In a default Red Hat Openstack Platform Director installation, opensta ...)
 	- octavia <not-affected> (Red Hat-specific, see bug #920769)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649165
 CVE-2018-16855 (An issue has been found in PowerDNS Recursor before version 4.1.8 wher ...)
@@ -36135,16 +36224,16 @@ CVE-2018-15819
 	RESERVED
 CVE-2018-15818 (An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker ...)
 	NOT-FOR-US: Repute ARForms
-CVE-2018-15817
-	RESERVED
-CVE-2018-15816
-	RESERVED
-CVE-2018-15815
-	RESERVED
-CVE-2018-15814
-	RESERVED
-CVE-2018-15813
-	RESERVED
+CVE-2018-15817 (FastStone Image Viewer 6.5 has a Read Access Violation on Block Data M ...)
+	TODO: check
+CVE-2018-15816 (FastStone Image Viewer 6.5 has a Read Access Violation on Block Data M ...)
+	TODO: check
+CVE-2018-15815 (FastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted is ...)
+	TODO: check
+CVE-2018-15814 (FastStone Image Viewer 6.5 has a User Mode Write AV starting at image0 ...)
+	TODO: check
+CVE-2018-15813 (FastStone Image Viewer 6.5 has a User Mode Write AV starting at image0 ...)
+	TODO: check
 CVE-2018-15812
 	RESERVED
 CVE-2018-15811
@@ -43013,7 +43102,7 @@ CVE-2018-13055 (A cross-site scripting (XSS) vulnerability in the View Filters p
 	NOTE: https://mantisbt.org/blog/archives/mantisbt/602
 	NOTE: https://mantisbt.org/bugs/view.php?id=24580
 CVE-2018-13053 (The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Lin ...)
-	{DLA-1715-1}
+	{DLA-1731-1 DLA-1715-1}
 	- linux 4.18.20-1
 	[stretch] - linux 4.9.135-1
 	[jessie] - linux-4.9 <unfixed>
@@ -43404,7 +43493,7 @@ CVE-2018-12898
 CVE-2018-12897 (SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overf ...)
 	NOT-FOR-US: SolarWinds DameWare Mini Remote Control
 CVE-2018-12896 (An issue was discovered in the Linux kernel through 4.17.3. An Integer ...)
-	{DLA-1715-1}
+	{DLA-1731-1 DLA-1715-1}
 	- linux 4.18.20-1
 	[stretch] - linux 4.9.144-1
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200189
@@ -63426,6 +63515,7 @@ CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote attackers to cause a de
 CVE-2018-5954 (phpFreeChat 1.7 and earlier allows remote attackers to cause a denial  ...)
 	NOT-FOR-US: phpFreeChat
 CVE-2018-5953 (The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel t ...)
+	{DLA-1731-1}
 	- linux 4.15.4-1
 	[stretch] - linux <ignored> (kernel log restricted to root by default)
 CVE-2018-5952
@@ -63646,7 +63736,7 @@ CVE-2018-5850 (In the function csr_update_fils_params_rso(), insufficient valida
 CVE-2018-5849 (Due to a race condition in the QTEECOM driver in all Android releases  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5848 (In the function wmi_set_ie(), the length validation code does not hand ...)
-	{DLA-1715-1}
+	{DLA-1731-1 DLA-1715-1}
 	- linux 4.16.5-1
 	[stretch] - linux 4.9.144-1
 	NOTE: Fixed by: https://git.kernel.org/linus/b5a8ffcae4103a9d823ea3aa3a761f65779fbe2a (4.16-rc1)
@@ -69725,7 +69815,7 @@ CVE-2018-3640 (Systems with microprocessors utilizing speculative execution and
 	NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
 	NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
 CVE-2018-3639 (Systems with microprocessors utilizing speculative execution and specu ...)
-	{DSA-4273-2 DSA-4273-1 DSA-4210-1 DLA-1715-1 DLA-1529-1 DLA-1446-1 DLA-1423-1}
+	{DSA-4273-2 DSA-4273-1 DSA-4210-1 DLA-1731-1 DLA-1715-1 DLA-1529-1 DLA-1446-1 DLA-1423-1}
 	- intel-microcode 3.20180703.1
 	- linux 4.16.12-1
 	[stretch] - linux 4.9.107-1
@@ -92072,6 +92162,7 @@ CVE-2017-13307 (A elevation of privilege vulnerability in the Upstream kernel pc
 CVE-2017-13306 (A elevation of privilege vulnerability in the Upstream kernel mnh driv ...)
 	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
 CVE-2017-13305 (A information disclosure vulnerability in the Upstream kernel encrypte ...)
+	{DLA-1731-1}
 	- linux 4.12.6-1
 	[stretch] - linux 4.9.82-1+deb9u1
 	NOTE: Fixed by: https://git.kernel.org/linus/794b4bc292f5d31739d89c0202c54e7dc9bc3add
@@ -115072,6 +115163,7 @@ CVE-2017-5969 (** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows r
 CVE-2017-5968
 	RESERVED
 CVE-2017-5967 (The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIME ...)
+	{DLA-1731-1}
 	- linux 4.9.13-1 (low)
 CVE-2017-5966 (Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators ...)
 	NOT-FOR-US: Sitecore
@@ -115678,7 +115770,7 @@ CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and
 	NOTE: https://01.org/security/advisories/intel-oss-10003
 	- linux-grsec <removed>
 CVE-2017-5753 (Systems with microprocessors utilizing speculative execution and branc ...)
-	{DSA-4188-1 DSA-4187-1 DLA-1423-1 DLA-1422-1}
+	{DSA-4188-1 DSA-4187-1 DLA-1731-1 DLA-1423-1 DLA-1422-1}
 	- linux 4.15.11-1
 	- nvidia-graphics-drivers 384.111-1 (bug #886852)
 	[stretch] - nvidia-graphics-drivers 384.111-4~deb9u1
@@ -116807,6 +116899,7 @@ CVE-2016-10151 (The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compare
 	NOTE: https://github.com/achernya/hesiod/pull/9
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332508
 CVE-2016-10150 (Use-after-free vulnerability in the kvm_ioctl_create_device function i ...)
+	{DLA-1731-1}
 	- linux 4.8.15-1
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -125316,7 +125409,7 @@ CVE-2017-2661 (ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-s
 	NOTE: https://github.com/ClusterLabs/pcs/commit/1874a769b5720ae5430f10c6cedd234430bc703f
 	NOTE: http://www.openwall.com/lists/oss-security/2017/03/23/2
 CVE-2017-2660
-	RESERVED
+	REJECTED
 CVE-2017-2659 (It was found that dropbear before version 2013.59 with GSSAPI leaks wh ...)
 	- dropbear 2013.60-1
 	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a#l1.86
@@ -196858,8 +196951,8 @@ CVE-2014-6229 (The HashContext class in hphp/runtime/ext/ext_hash.cpp in Faceboo
 	NOT-FOR-US: Facebook HipHop Virtual Machine
 CVE-2014-6228 (Integer overflow in the string_chunk_split function in hphp/runtime/ba ...)
 	NOT-FOR-US: Facebook HipHop Virtual Machine
-CVE-2010-5305
-	RESERVED
+CVE-2010-5305 (The potential exists for exposure of the product's password used to re ...)
+	TODO: check
 CVE-2014-3618 (Heap-based buffer overflow in formisc.c in formail in procmail 3.22 al ...)
 	{DSA-3019-1 DLA-46-1}
 	- procmail 3.22-22 (bug #760443)
@@ -198518,14 +198611,14 @@ CVE-2014-5436
 	RESERVED
 CVE-2014-5435
 	RESERVED
-CVE-2014-5434
-	RESERVED
-CVE-2014-5433
-	RESERVED
-CVE-2014-5432
-	RESERVED
-CVE-2014-5431
-	RESERVED
+CVE-2014-5434 (Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) wi ...)
+	TODO: check
+CVE-2014-5433 (An unauthenticated remote attacker may be able to execute commands to  ...)
+	TODO: check
+CVE-2014-5432 (Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) wi ...)
+	TODO: check
+CVE-2014-5431 (Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) wi ...)
+	TODO: check
 CVE-2014-5430 (Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.6 ...)
 	NOT-FOR-US: ABB RobotStudio
 CVE-2014-5429 (DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and  ...)
@@ -198584,8 +198677,8 @@ CVE-2014-5403 (Hospira MedNet before 6.1 uses hardcoded cryptographic keys for p
 	NOT-FOR-US: Hospira MedNet
 CVE-2014-5402
 	REJECTED
-CVE-2014-5401
-	RESERVED
+CVE-2014-5401 (Hospira MedNet software version 5.8 and prior uses vulnerable versions ...)
+	TODO: check
 CVE-2014-5400 (The installation component in Hospira MedNet before 6.1 places clearte ...)
 	NOT-FOR-US: Hospira MedNet
 CVE-2014-5399 (SQL injection vulnerability in Schneider Electric Wonderware Informati ...)
@@ -224820,12 +224913,12 @@ CVE-2013-2809 (The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54
 	NOT-FOR-US: OSIsoft PI Interface
 CVE-2013-2808 (Heap-based buffer overflow in Xper in Philips Xper Information Managem ...)
 	NOT-FOR-US: Xper
-CVE-2013-2807
-	RESERVED
-CVE-2013-2806
-	RESERVED
-CVE-2013-2805
-	RESERVED
+CVE-2013-2807 (Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, ...)
+	TODO: check
+CVE-2013-2806 (Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, ...)
+	TODO: check
+CVE-2013-2805 (Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, ...)
+	TODO: check
 CVE-2013-2804 (The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 ...)
 	NOT-FOR-US: TOP Server OPC Server
 CVE-2013-2803 (ProSoft RadioLinx ControlScape before 6.00.040 uses a deficient PRNG a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9463279ac07a001c23892cd290e90bf02fe7a430

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9463279ac07a001c23892cd290e90bf02fe7a430
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190326/c7a30bba/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list