[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon May 20 21:10:30 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
690a5d4e by security tracker role at 2019-05-20T20:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2019-12238
+ RESERVED
+CVE-2019-12237
+ RESERVED
+CVE-2019-12236
+ RESERVED
+CVE-2019-12235
+ RESERVED
+CVE-2019-12234
+ RESERVED
+CVE-2019-12233
+ RESERVED
+CVE-2019-12232
+ RESERVED
+CVE-2019-12231
+ RESERVED
+CVE-2019-12230
+ RESERVED
+CVE-2019-12229
+ RESERVED
+CVE-2019-12228
+ RESERVED
+CVE-2019-12227
+ RESERVED
+CVE-2019-12226
+ RESERVED
+CVE-2019-12225
+ RESERVED
+CVE-2019-12224
+ RESERVED
+CVE-2019-12223
+ RESERVED
+CVE-2019-12222 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
+ TODO: check
+CVE-2019-12221 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
+ TODO: check
+CVE-2019-12220 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
+ TODO: check
+CVE-2019-12219 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
+ TODO: check
+CVE-2019-12218 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
+ TODO: check
+CVE-2019-12217 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
+ TODO: check
+CVE-2019-12216 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
+ TODO: check
+CVE-2019-12215 (** DISPUTED ** A full path disclosure vulnerability was discovered in ...)
+ TODO: check
+CVE-2019-12214 (In FreeImage 3.18.0, an out-of-bounds access occurs because of mishand ...)
+ TODO: check
+CVE-2019-12213 (When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory ...)
+ TODO: check
+CVE-2019-12212 (When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize ...)
+ TODO: check
+CVE-2019-12211 (When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load ...)
+ TODO: check
+CVE-2019-12210
+ RESERVED
+CVE-2019-12209
+ RESERVED
+CVE-2019-12208 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in ...)
+ TODO: check
+CVE-2019-12207 (njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in ...)
+ TODO: check
+CVE-2019-12206 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in ...)
+ TODO: check
+CVE-2019-12205
+ RESERVED
+CVE-2019-12204
+ RESERVED
CVE-2019-12203
RESERVED
CVE-2019-12202
@@ -779,7 +849,7 @@ CVE-2019-11833 (fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zer
CVE-2019-11832 (TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execut ...)
NOT-FOR-US: Typo3
CVE-2019-11831 (The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1 ...)
- {DSA-4445-1}
+ {DSA-4445-1 DLA-1797-1}
- drupal7 <removed> (bug #928688)
NOTE: https://www.drupal.org/SA-CORE-2019-007
CVE-2019-11830 (PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrap ...)
@@ -828,8 +898,8 @@ CVE-2019-11810 (An issue was discovered in the Linux kernel before 5.0.7. A NULL
- linux 4.19.37-1
[stretch] - linux 4.9.168-1
NOTE: Fixed by: https://git.kernel.org/linus/bcf3b67d16a4c8ffae0aa79de5853435e683945c
-CVE-2019-11809
- RESERVED
+CVE-2019-11809 (An issue was discovered in Joomla! before 3.9.6. The debug views of co ...)
+ TODO: check
CVE-2018-20836 (An issue was discovered in the Linux kernel before 4.20. There is a ra ...)
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/b90cd6f2b905905fb42671009dc0e27c310a16ae
@@ -1548,10 +1618,12 @@ CVE-2019-11508 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2
CVE-2019-11507 (In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9. ...)
NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2019-11506 (In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, the ...)
+ {DLA-1795-1}
- graphicsmagick 1.4~hg15968-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/57ac0ae85e2a
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/604/
CVE-2019-11505 (In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, ther ...)
+ {DLA-1795-1}
- graphicsmagick 1.4~hg15968-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/85f5bdcd246a
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/605/
@@ -1640,11 +1712,13 @@ CVE-2019-11476
CVE-2019-11475
RESERVED
CVE-2019-11474 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a deni ...)
+ {DLA-1795-1}
- graphicsmagick 1.4~hg15976-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53d4a99c6dad
CVE-2019-11473 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a deni ...)
+ {DLA-1795-1}
- graphicsmagick 1.4~hg15976-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8
@@ -2155,7 +2229,7 @@ CVE-2019-11269
CVE-2019-11268
RESERVED
CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other produc ...)
- {DSA-4434-1 DLA-1777-1}
+ {DSA-4434-1 DLA-1797-1 DLA-1777-1}
- drupal7 <removed> (bug #927330)
- jquery 3.3.1~dfsg-2 (bug #927385)
[stretch] - jquery 3.1.1-2+deb9u1
@@ -10114,8 +10188,8 @@ CVE-2019-8354 (An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_d
NOTE: https://sourceforge.net/p/sox/code/ci/f8587e2d50dad72d40453ac1191c539ee9e50381/
CVE-2019-8353
RESERVED
-CVE-2019-8352
- RESERVED
+CVE-2019-8352 (By default, BMC PATROL Agent through 11.3.01 uses a static encryption ...)
+ TODO: check
CVE-2019-8351 (Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certif ...)
NOT-FOR-US: Heimdal Thor Agent
CVE-2019-8350 (The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed i ...)
@@ -10179,7 +10253,7 @@ CVE-2019-8326
RESERVED
CVE-2019-8325 [Escape sequence injection vulnerability in errors]
RESERVED
- {DSA-4433-1 DLA-1735-1}
+ {DSA-4433-1 DLA-1796-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -10190,7 +10264,7 @@ CVE-2019-8325 [Escape sequence injection vulnerability in errors]
NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8324 [Installing a malicious gem may lead to arbitrary code execution]
RESERVED
- {DSA-4433-1 DLA-1735-1}
+ {DSA-4433-1 DLA-1796-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -10201,7 +10275,7 @@ CVE-2019-8324 [Installing a malicious gem may lead to arbitrary code execution]
NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8323 [Escape sequence injection vulnerability in API response handling]
RESERVED
- {DSA-4433-1 DLA-1735-1}
+ {DSA-4433-1 DLA-1796-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -10212,7 +10286,7 @@ CVE-2019-8323 [Escape sequence injection vulnerability in API response handling]
NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8322 [Escape sequence injection vulnerability in gem owner]
RESERVED
- {DSA-4433-1 DLA-1735-1}
+ {DSA-4433-1 DLA-1796-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -10223,7 +10297,7 @@ CVE-2019-8322 [Escape sequence injection vulnerability in gem owner]
NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8321 [Escape sequence injection vulnerability in verbose]
RESERVED
- {DSA-4433-1}
+ {DSA-4433-1 DLA-1796-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -19677,8 +19751,8 @@ CVE-2019-4295
RESERVED
CVE-2019-4294
RESERVED
-CVE-2019-4293
- RESERVED
+CVE-2019-4293 (IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attac ...)
+ TODO: check
CVE-2019-4292
RESERVED
CVE-2019-4291
@@ -20147,8 +20221,8 @@ CVE-2019-4060
RESERVED
CVE-2019-4059 (IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently pro ...)
NOT-FOR-US: IBM
-CVE-2019-4058
- RESERVED
+CVE-2019-4058 (IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to ma ...)
+ TODO: check
CVE-2019-4057
RESERVED
CVE-2019-4056
@@ -20241,8 +20315,8 @@ CVE-2019-4013 (IBM BigFix Platform 9.5 could allow any authenticated user to upl
NOT-FOR-US: IBM
CVE-2019-4012 (IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is ...)
NOT-FOR-US: IBM
-CVE-2019-4011
- RESERVED
+CVE-2019-4011 (IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. ...)
+ TODO: check
CVE-2019-4010
RESERVED
CVE-2019-4009
@@ -51125,8 +51199,8 @@ CVE-2018-12272 (xowl/request.php in Ximdex 4.0 has XSS via the content parameter
NOT-FOR-US: Ximdex
CVE-2018-12271 (** DISPUTED ** An issue was discovered in the com.getdropbox.Dropbox a ...)
NOT-FOR-US: com.getdropbox.Dropbox app for IOS
-CVE-2018-12270
- RESERVED
+CVE-2018-12270 (In Valve Steam 1528829181 BETA, it is possible to perform a homograph ...)
+ TODO: check
CVE-2018-12269
RESERVED
CVE-2018-12268 (acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metac ...)
@@ -64800,7 +64874,7 @@ CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
NOTE: https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
- {DSA-4259-1 DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
+ {DSA-4259-1 DSA-4219-1 DLA-1796-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
- ruby2.5 2.5.0-5
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -64810,7 +64884,7 @@ CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
NOTE: https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
- {DSA-4259-1 DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
+ {DSA-4259-1 DSA-4219-1 DLA-1796-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
- ruby2.5 2.5.0-5
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -64820,7 +64894,7 @@ CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
NOTE: https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
- {DSA-4259-1 DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
+ {DSA-4259-1 DSA-4219-1 DLA-1796-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
- ruby2.5 2.5.0-5
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -64830,7 +64904,7 @@ CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
NOTE: https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
- {DSA-4259-1 DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
+ {DSA-4259-1 DSA-4219-1 DLA-1796-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
- ruby2.5 2.5.0-5
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -64840,7 +64914,7 @@ CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
NOTE: https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000074 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
- {DSA-4259-1 DSA-4219-1 DLA-1480-1 DLA-1352-1}
+ {DSA-4259-1 DSA-4219-1 DLA-1796-1 DLA-1480-1 DLA-1352-1}
- ruby2.5 2.5.0-5
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -80272,8 +80346,8 @@ CVE-2018-2007 (IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected c
NOT-FOR-US: IBM
CVE-2018-2006 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
NOT-FOR-US: IBM
-CVE-2018-2005
- RESERVED
+CVE-2018-2005 (IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive informati ...)
+ TODO: check
CVE-2018-2004 (IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 is vulnerable to cr ...)
NOT-FOR-US: IBM
CVE-2018-2003
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/690a5d4e20c4cff51fda8e31fa4e939a5fbb4efc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/690a5d4e20c4cff51fda8e31fa4e939a5fbb4efc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190520/d4b9084c/attachment.html>
More information about the debian-security-tracker-commits
mailing list