[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun May 19 21:10:44 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dc6cd07a by security tracker role at 2019-05-19T20:10:35Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2019-12184 (There is XSS in browser/components/MarkdownPreview.js in BoostIO Boost ...)
+	TODO: check
+CVE-2019-12183
+	RESERVED
+CVE-2019-12182
+	RESERVED
+CVE-2019-12181
+	RESERVED
+CVE-2019-12180
+	RESERVED
+CVE-2019-12179
+	RESERVED
+CVE-2019-12178
+	RESERVED
+CVE-2019-12177
+	RESERVED
+CVE-2019-12176
+	RESERVED
 CVE-2019-12175
 	RESERVED
 CVE-2019-12174
@@ -1325,6 +1343,7 @@ CVE-2019-11577 (dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna i
 	[jessie] - dhcpcd5 <not-affected> (Vulnerable code not present)
 	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6
 CVE-2019-11579 (dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO ...)
+	{DLA-1793-1}
 	- dhcpcd5 7.1.0-2 (low; bug #928104)
 	[stretch] - dhcpcd5 <no-dsa> (Minor issue)
 	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8
@@ -20667,7 +20686,7 @@ CVE-2019-3840 (A NULL pointer dereference flaw was discovered in libvirt before
 	NOTE: https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html
 	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=7cfd1fbb1332ae5df678b9f41a62156cb2e88c73
 CVE-2019-3839 (It was found that in ghostscript some privileged operators remained ac ...)
-	{DSA-4442-1}
+	{DSA-4442-1 DLA-1792-1}
 	- ghostscript 9.27~dfsg-1
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9
 	NOTE: To prevent pdf2dsc regression additionally:
@@ -22589,6 +22608,7 @@ CVE-2018-20363 (LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL
 	NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
 	NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause
 CVE-2018-20362 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
+	{DLA-1791-1}
 	- faad2 2.8.8-2 (low)
 	[stretch] - faad2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/knik0/faad2/issues/26
@@ -23199,12 +23219,14 @@ CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of lib
 	[stretch] - faad2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/knik0/faad2/issues/24
 CVE-2018-20198 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
+	{DLA-1791-1}
 	- faad2 2.8.8-2 (low)
 	[stretch] - faad2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/knik0/faad2/issues/23
 	NOTE: same underlying issue as CVE-2018-20362, same fix:
 	NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
 CVE-2018-20197 (There is a stack-based buffer underflow in the third instance of the c ...)
+	{DLA-1791-1}
 	- faad2 2.8.8-2
 	NOTE: https://github.com/knik0/faad2/issues/20
 	NOTE: very similar to CVE-2018-20194, same fix:
@@ -23218,6 +23240,7 @@ CVE-2018-20195 (A NULL pointer dereference was discovered in ic_predict of libfa
 	[stretch] - faad2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/knik0/faad2/issues/25
 CVE-2018-20194 (There is a stack-based buffer underflow in the third instance of the c ...)
+	{DLA-1791-1}
 	- faad2 2.8.8-2
 	NOTE: https://github.com/knik0/faad2/issues/21
 	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc6cd07afb75335719c506dfa9bf2cc480713562

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc6cd07afb75335719c506dfa9bf2cc480713562
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190519/7af63caf/attachment.html>

More information about the debian-security-tracker-commits mailing list