[Git][security-tracker-team/security-tracker][master] automatic update

Tue May 14 09:10:24 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
476c7289 by security tracker role at 2019-05-14T08:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2019-12087 (** DISPUTED ** Samsung S9+, S10, and XCover 4 P(9.0) devices can becom ...)
+	TODO: check
+CVE-2019-12086
+	RESERVED
+CVE-2019-12085
+	RESERVED
+CVE-2019-12084
+	RESERVED
 CVE-2019-12083 (The Rust Programming Language Standard Library 1.34.x before 1.34.2 co ...)
 	TODO: check
 CVE-2019-12082
@@ -1011,8 +1019,8 @@ CVE-2019-11602
 	RESERVED
 CVE-2019-11601
 	RESERVED
-CVE-2019-11600
-	RESERVED
+CVE-2019-11600 (A SQL injection vulnerability in the activities API in OpenProject bef ...)
+	TODO: check
 CVE-2018-20835 (A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File O ...)
 	- node-tar-fs <itp> (bug #897023)
 CVE-2018-20834 (A vulnerability was found in node-tar before version 4.4.2. An Arbitra ...)
@@ -4824,8 +4832,8 @@ CVE-2019-10055
 	RESERVED
 CVE-2019-10054
 	RESERVED
-CVE-2019-10053
-	RESERVED
+CVE-2019-10053 (An issue was discovered in Suricata 4.1.x before 4.1.4. If the input o ...)
+	TODO: check
 CVE-2019-10052
 	RESERVED
 CVE-2019-10051
@@ -6715,8 +6723,8 @@ CVE-2019-9619 [not enabled pam_systemd for non-interactive sessions]
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1756
 	NOTE: For a stable release, activating pam_systemd for non-interactive sessions will
 	NOTE: likely have all sorts of unexpected/unwanted side-effects.
-CVE-2019-9618
-	RESERVED
+CVE-2019-9618 (The GraceMedia Media Player plugin 1.0 for WordPress allows Local File ...)
+	TODO: check
 CVE-2019-9617 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...)
 	NOT-FOR-US: OFCMS
 CVE-2019-9616 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...)
@@ -8465,10 +8473,10 @@ CVE-2019-8954 (In Indexhibit 2.1.5, remote attackers can execute arbitrary code
 	NOT-FOR-US: Indexhibit
 CVE-2019-8953 (The HAProxy package before 0.59_16 for pfSense has XSS via the desc (a ...)
 	NOT-FOR-US: HAProxy package for pfSense
-CVE-2019-8952
-	RESERVED
-CVE-2019-8951
-	RESERVED
+CVE-2019-8952 (A Path Traversal vulnerability located in the webserver affects severa ...)
+	TODO: check
+CVE-2019-8951 (An Open Redirect vulnerability located in the webserver affects severa ...)
+	TODO: check
 CVE-2019-1003028 (A server-side request forgery vulnerability exists in Jenkins JMS Mess ...)
 	NOT-FOR-US: Jenkins
 CVE-2019-1003027 (A server-side request forgery vulnerability exists in Jenkins OctopusD ...)
@@ -26957,8 +26965,8 @@ CVE-2019-1864
 	RESERVED
 CVE-2019-1863
 	RESERVED
-CVE-2019-1862
-	RESERVED
+CVE-2019-1862 (A vulnerability in the web-based user interface (Web UI) of Cisco IOS  ...)
+	TODO: check
 CVE-2019-1861
 	RESERVED
 CVE-2019-1860
@@ -27408,8 +27416,8 @@ CVE-2019-1651 (A vulnerability in the vContainer of the Cisco SD-WAN Solution co
 	NOT-FOR-US: Cisco
 CVE-2019-1650 (A vulnerability in the Cisco SD-WAN Solution could allow an authentica ...)
 	NOT-FOR-US: Cisco
-CVE-2019-1649
-	RESERVED
+CVE-2019-1649 (A vulnerability in the logic that handles access control to one of the ...)
+	TODO: check
 CVE-2019-1648 (A vulnerability in the user group configuration of the Cisco SD-WAN So ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1647 (A vulnerability in the Cisco SD-WAN Solution could allow an authentica ...)
@@ -27757,7 +27765,7 @@ CVE-2018-19875
 CVE-2018-19874
 	RESERVED
 CVE-2018-19873 (An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer  ...)
-	{DSA-4374-1 DLA-1627-1}
+	{DSA-4374-1 DLA-1786-1 DLA-1627-1}
 	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
 	- qtbase-opensource-src 5.11.3+dfsg-2 (low)
 	- qt4-x11 4:4.8.7+dfsg-18 (low; bug #923003)
@@ -27775,6 +27783,7 @@ CVE-2018-19872 (An issue was discovered in Qt 5.11. A malformed PPM image causes
 	NOTE: https://bugreports.qt.io/browse/QTBUG-69449
 	NOTE: qt4-x11: POC doesn't crash on neither jessie nor stretch, it's possibly incomplete; patch applies though.
 CVE-2018-19871 (An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontr ...)
+	{DLA-1786-1}
 	- qtimageformats-opensource-src 5.11.3-2 (low)
 	[stretch] - qtimageformats-opensource-src <no-dsa> (Minor issue)
 	[jessie] - qtimageformats-opensource-src <postponed> (Minor issue)
@@ -27785,7 +27794,7 @@ CVE-2018-19871 (An issue was discovered in Qt before 5.11.3. There is QTgaFile U
 	NOTE: qt4-x11 affected in src/plugins/imageformats/tga/qtgafile.cpp
 	NOTE: https://github.com/qt/qtimageformats/commit/7cfe47a8fe2f987fb2a066a696fb3d9d0afe4d65
 CVE-2018-19870 (An issue was discovered in Qt before 5.11.3. A malformed GIF image cau ...)
-	{DSA-4374-1 DLA-1627-1}
+	{DSA-4374-1 DLA-1786-1 DLA-1627-1}
 	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
 	- qtbase-opensource-src 5.11.3+dfsg-2 (low)
 	- qt4-x11 4:4.8.7+dfsg-18 (low; bug #923003)
@@ -27796,6 +27805,7 @@ CVE-2018-19870 (An issue was discovered in Qt before 5.11.3. A malformed GIF ima
 	NOTE: src/plugins/imageformats/gif/qgifhandler.cpp depending on the version
 	NOTE: https://github.com/qt/qtbase/commit/2841e2b61e32f26900bde987d469c8b97ea31999
 CVE-2018-19869 (An issue was discovered in Qt before 5.11.3. A malformed SVG image cau ...)
+	{DLA-1786-1}
 	[experimental] - qtsvg-opensource-src 5.11.3-1
 	- qtsvg-opensource-src 5.11.3-2 (low)
 	[stretch] - qtsvg-opensource-src <no-dsa> (Minor issue)
@@ -40685,14 +40695,14 @@ CVE-2018-16140 (A buffer underwrite vulnerability in get_line() (read.c) in fig2
 	NOTE: https://sourceforge.net/p/mcj/tickets/28/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/e0c4b02429116b15ad1568c2c425f06b95b95830
 	NOTE: Crash in CLI tool, no security impact
-CVE-2018-16139
-	RESERVED
-CVE-2018-16138
-	RESERVED
-CVE-2018-16137
-	RESERVED
-CVE-2018-16136
-	RESERVED
+CVE-2018-16139 (Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008  ...)
+	TODO: check
+CVE-2018-16138 (An issue was discovered in the administration page in IPBRICK OS 6.3.  ...)
+	TODO: check
+CVE-2018-16137 (An issue was discovered in the Web Management Console in IPBRICK OS 6. ...)
+	TODO: check
+CVE-2018-16136 (An issue was discovered in the administrator interface in IPBRICK OS 6 ...)
+	TODO: check
 CVE-2018-16135
 	RESERVED
 CVE-2018-16134 (Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI. ...)
@@ -42345,7 +42355,7 @@ CVE-2018-15520
 CVE-2018-15519
 	RESERVED
 CVE-2018-15518 (QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption dur ...)
-	{DSA-4374-1 DLA-1627-1}
+	{DSA-4374-1 DLA-1786-1 DLA-1627-1}
 	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
 	- qtbase-opensource-src 5.11.3+dfsg-2
 	- qt4-x11 4:4.8.7+dfsg-18 (low)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/476c728935d46edbcce35719f9811c5e61f5e90f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/476c728935d46edbcce35719f9811c5e61f5e90f
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190514/65bd7987/attachment-0001.html>
