[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat May 11 09:10:26 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c645e690 by security tracker role at 2019-05-11T08:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,4 @@
-CVE-2019-11884 [Bluetooth: hidp: fix buffer overflow]
+CVE-2019-11884 (The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Li ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/a1616a5ac99ede5d605047a9012481ce7ff18b16
 CVE-2019-11883
@@ -1923,8 +1923,8 @@ CVE-2019-1003050 (The f:validateButton form control for the Jenkins UI did not p
 	NOT-FOR-US: Jenkins
 CVE-2019-1003049 (Users who cached their CLI authentication before Jenkins was updated t ...)
 	NOT-FOR-US: Jenkins
-CVE-2019-11066
-	RESERVED
+CVE-2019-11066 (openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted Open ...)
+	TODO: check
 CVE-2019-11065 (Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download ...)
 	- gradle <unfixed> (bug #926923)
 	[buster] - gradle <no-dsa> (Minor issue)
@@ -1948,8 +1948,8 @@ CVE-2019-11061
 	RESERVED
 CVE-2019-11060
 	RESERVED
-CVE-2019-11059
-	RESERVED
+CVE-2019-11059 (Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit exte ...)
+	TODO: check
 CVE-2019-11058
 	RESERVED
 CVE-2019-11057
@@ -2115,8 +2115,7 @@ CVE-2019-11002 (In Materialize through 1.0.0, XSS is possible via the Tooltip fe
 	NOT-FOR-US: Materialize
 CVE-2019-11001 (On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices th ...)
 	NOT-FOR-US: Reolink devices
-CVE-2019-11000
-	RESERVED
+CVE-2019-11000 (An issue was discovered in GitLab Enterprise Edition before 11.7.11, 1 ...)
 	- gitlab <not-affected> (Only affects Gitlab EE)
 	NOTE: https://about.gitlab.com/2019/04/10/critical-security-release-gitlab-11-dot-9-dot-7-released/
 CVE-2019-10999 (The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer o ...)
@@ -16119,12 +16118,12 @@ CVE-2019-5679
 	RESERVED
 CVE-2019-5678
 	RESERVED
-CVE-2019-5677
-	RESERVED
-CVE-2019-5676
-	RESERVED
-CVE-2019-5675
-	RESERVED
+CVE-2019-5677 (NVIDIA Windows GPU Display driver software for Windows (all versions)  ...)
+	TODO: check
+CVE-2019-5676 (NVIDIA Windows GPU Display driver software for Windows (all versions)  ...)
+	TODO: check
+CVE-2019-5675 (NVIDIA Windows GPU Display driver software for Windows (all versions)  ...)
+	TODO: check
 CVE-2019-5674 (NVIDIA GeForce Experience before 3.18 contains a vulnerability when Sh ...)
 	NOT-FOR-US: NVIDIA GeForce Experience
 CVE-2019-5673 (NVIDIA Jetson TX2 contains a vulnerability in the kernel driver (on al ...)
@@ -16485,11 +16484,11 @@ CVE-2019-5498
 	RESERVED
 CVE-2019-5497
 	RESERVED
-CVE-2019-5496
-	RESERVED
-CVE-2019-5495
-	RESERVED
-CVE-2019-5494 (Oncommand Unified Manager in 7-mode prior to version 5.2.3 shipped wit ...)
+CVE-2019-5496 (Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP ...)
+	TODO: check
+CVE-2019-5495 (OnCommand Unified Manager for VMware vSphere, Linux and Windows prior  ...)
+	TODO: check
+CVE-2019-5494 (OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped withou ...)
 	TODO: check
 CVE-2019-5493
 	RESERVED
@@ -16601,10 +16600,10 @@ CVE-2019-5440
 	RESERVED
 CVE-2019-5439
 	RESERVED
-CVE-2019-5438
-	RESERVED
-CVE-2019-5437
-	RESERVED
+CVE-2019-5438 (Path traversal using symlink in npm harp module versions <= 0.29.0. ...)
+	TODO: check
+CVE-2019-5437 (Information exposure through the directory listing in npm's harp modul ...)
+	TODO: check
 CVE-2019-5436
 	RESERVED
 CVE-2019-5435
@@ -20681,8 +20680,8 @@ CVE-2019-3568
 	RESERVED
 CVE-2019-3567
 	RESERVED
-CVE-2019-3566
-	RESERVED
+CVE-2019-3566 (A bug in WhatsApp for Android's messaging logic would potentially allo ...)
+	TODO: check
 CVE-2019-3565 (Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would n ...)
 	TODO: check
 CVE-2019-3564 (Go Facebook Thrift servers would not error upon receiving messages wit ...)
@@ -59672,8 +59671,8 @@ CVE-2018-8814 (Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.
 	NOT-FOR-US: WolfCMS
 CVE-2018-8813 (Open redirect vulnerability in the login[redirect] parameter login fun ...)
 	NOT-FOR-US: WolfCMS
-CVE-2018-8812
-	RESERVED
+CVE-2018-8812 (An issue was discovered in Avaya one-X Portal for IP Office 9.1.2.0 an ...)
+	TODO: check
 CVE-2018-8811 (Cross-site request forgery (CSRF) vulnerability in system/workplace/ad ...)
 	NOT-FOR-US: OpenCMS
 CVE-2018-8810 (In radare2 2.4.0, there is a heap-based buffer over-read in the get_iv ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c645e690be226e7752e438f5fa922f18a538c5e7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c645e690be226e7752e438f5fa922f18a538c5e7
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190511/3754fbc4/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list