[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat May 25 09:10:29 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
21fb7d50 by security tracker role at 2019-05-25T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -571,7 +571,7 @@ CVE-2019-12088
CVE-2019-12087 (** DISPUTED ** Samsung S9+, S10, and XCover 4 P(9.0) devices can becom ...)
NOT-FOR-US: Samsung devices
CVE-2019-12086 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
- {DLA-1798-1}
+ {DSA-4452-1 DLA-1798-1}
- jackson-databind 2.9.8-2 (bug #929177)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2326
NOTE: https://github.com/FasterXML/jackson-databind/commit/dda513bd7251b4f32b7b60b1c13740e3b5a43024
@@ -1388,7 +1388,7 @@ CVE-2019-11699
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11699
CVE-2019-11698
RESERVED
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -1421,7 +1421,7 @@ CVE-2019-11694
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11694
CVE-2019-11693
RESERVED
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -1431,7 +1431,7 @@ CVE-2019-11693
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11693
CVE-2019-11692
RESERVED
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -1441,7 +1441,7 @@ CVE-2019-11692
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11692
CVE-2019-11691
RESERVED
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -6771,7 +6771,7 @@ CVE-2019-9821
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9821
CVE-2019-9820
RESERVED
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -6781,7 +6781,7 @@ CVE-2019-9820
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9820
CVE-2019-9819
RESERVED
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -6799,7 +6799,7 @@ CVE-2019-9818
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9818
CVE-2019-9817
RESERVED
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -6809,7 +6809,7 @@ CVE-2019-9817
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9817
CVE-2019-9816
RESERVED
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -6879,7 +6879,7 @@ CVE-2019-9801 (Firefox will accept any registered Program ID as an external prot
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9801
CVE-2019-9800
RESERVED
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -6894,7 +6894,7 @@ CVE-2019-9798 (On Android systems, Firefox can load a library from APITRACE_LIB,
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9798
CVE-2019-9797 (Cross-origin images can be read in violation of the same-origin policy ...)
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
- firefox 66.0-1
- firefox-esr 60.7.0esr-1
- thunderbird 1:60.7.0-1
@@ -13194,7 +13194,7 @@ CVE-2019-7319
CVE-2019-7318
RESERVED
CVE-2019-7317 (png_image_free in png.c in libpng 1.6.36 has a use-after-free because ...)
- {DSA-4448-1 DSA-4435-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DSA-4435-1 DLA-1800-1}
- libpng1.6 1.6.36-4 (bug #921355)
[experimental] - firefox 67.0-1
- firefox <unfixed>
@@ -16908,7 +16908,7 @@ CVE-2019-5799 (Incorrect inheritance of a new document's policy in Content Secur
{DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5798 (Lack of correct bounds checking in Skia in Google Chrome prior to 73.0 ...)
- {DSA-4448-1 DSA-4421-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DSA-4421-1 DLA-1800-1}
- chromium 73.0.3683.75-1
- firefox-esr 60.7.0esr-1
- thunderbird 1:60.7.0-1
@@ -32723,19 +32723,19 @@ CVE-2018-19364 (hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path
CVE-2018-19363
RESERVED
CVE-2018-19362 (FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to h ...)
- {DLA-1703-1}
+ {DSA-4452-1 DLA-1703-1}
- jackson-databind 2.9.8-1
NOTE: https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
NOTE: https://github.com/FasterXML/jackson-databind/issues/2186
NOTE: https://issues.apache.org/jira/browse/TINKERPOP-2121
CVE-2018-19361 (FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to h ...)
- {DLA-1703-1}
+ {DSA-4452-1 DLA-1703-1}
- jackson-databind 2.9.8-1
NOTE: https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
NOTE: https://github.com/FasterXML/jackson-databind/issues/2186
NOTE: https://issues.apache.org/jira/browse/TINKERPOP-2121
CVE-2018-19360 (FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to h ...)
- {DLA-1703-1}
+ {DSA-4452-1 DLA-1703-1}
- jackson-databind 2.9.8-1
NOTE: https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
NOTE: https://github.com/FasterXML/jackson-databind/issues/2186
@@ -35212,7 +35212,7 @@ CVE-2018-18512 (A use-after-free vulnerability can occur while playing a sound n
- thunderbird 1:60.5.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18512
CVE-2018-18511 (Cross-origin images can be read from a canvas element in violation of ...)
- {DSA-4448-1 DLA-1800-1}
+ {DSA-4451-1 DSA-4448-1 DLA-1800-1}
- firefox 65.0.1-1
- firefox-esr 60.7.0esr-1
- thunderbird 1:60.7.0-1
@@ -45059,22 +45059,22 @@ CVE-2018-14722 (An issue was discovered in evaluate_auto_mountpoint in btrfsmain
- btrfsmaintenance 0.4.1-2 (bug #906131)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1102721
CVE-2018-14721 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote attacke ...)
- {DLA-1703-1}
+ {DSA-4452-1 DLA-1703-1}
- jackson-databind 2.9.8-1
NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
CVE-2018-14720 (FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to c ...)
- {DLA-1703-1}
+ {DSA-4452-1 DLA-1703-1}
- jackson-databind 2.9.8-1
NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
CVE-2018-14719 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote attacke ...)
- {DLA-1703-1}
+ {DSA-4452-1 DLA-1703-1}
- jackson-databind 2.9.8-1
NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
CVE-2018-14718 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote attacke ...)
- {DLA-1703-1}
+ {DSA-4452-1 DLA-1703-1}
- jackson-databind 2.9.8-1
NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
@@ -52367,12 +52367,12 @@ CVE-2018-12025 (The transferFrom function of a smart contract implementation for
CVE-2018-12024
RESERVED
CVE-2018-12023 (An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4 ...)
- {DLA-1703-1}
+ {DSA-4452-1 DLA-1703-1}
- jackson-databind 2.9.8-1
NOTE: https://github.com/FasterXML/jackson-databind/issues/2058
NOTE: https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a1
CVE-2018-12022 (An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4 ...)
- {DLA-1703-1}
+ {DSA-4452-1 DLA-1703-1}
- jackson-databind 2.9.8-1
NOTE: https://github.com/FasterXML/jackson-databind/issues/2052
NOTE: https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a1
@@ -54369,7 +54369,7 @@ CVE-2018-11308
RESERVED
CVE-2018-11307 [Potential information exfiltration with default typing, serialization gadget from MyBatis]
RESERVED
- {DLA-1703-1}
+ {DSA-4452-1 DLA-1703-1}
- jackson-databind 2.9.8-1
NOTE: https://github.com/FasterXML/jackson-databind/issues/2032
NOTE: https://github.com/FasterXML/jackson-databind/commit/27b4defc270454dea6842bd9279f17387eceb737
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/21fb7d50aea4ee6d030beea4cceb954dd1e8e05c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/21fb7d50aea4ee6d030beea4cceb954dd1e8e05c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190525/48e0bc09/attachment.html>
More information about the debian-security-tracker-commits
mailing list