[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed May 29 09:10:26 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cecf2d61 by security tracker role at 2019-05-29T08:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2019-12438
+	RESERVED
+CVE-2019-12437
+	RESERVED
+CVE-2019-12436
+	RESERVED
+CVE-2019-12435
+	RESERVED
+CVE-2019-12434
+	RESERVED
+CVE-2019-12433
+	RESERVED
+CVE-2019-12432
+	RESERVED
+CVE-2019-12431
+	RESERVED
+CVE-2019-12430
+	RESERVED
+CVE-2019-12429
+	RESERVED
+CVE-2019-12428
+	RESERVED
+CVE-2019-12427
+	RESERVED
+CVE-2019-12426
+	RESERVED
+CVE-2019-12425
+	RESERVED
+CVE-2019-12424
+	RESERVED
+CVE-2019-12423
+	RESERVED
+CVE-2019-12422
+	RESERVED
+CVE-2019-12421
+	RESERVED
+CVE-2019-12420
+	RESERVED
+CVE-2019-12419
+	RESERVED
+CVE-2019-12418
+	RESERVED
+CVE-2019-12417
+	RESERVED
+CVE-2019-12416
+	RESERVED
+CVE-2019-12415
+	RESERVED
+CVE-2019-12414
+	RESERVED
+CVE-2019-12413
+	RESERVED
+CVE-2019-12412
+	RESERVED
+CVE-2019-12411
+	RESERVED
+CVE-2019-12410
+	RESERVED
+CVE-2019-12409
+	RESERVED
+CVE-2019-12408
+	RESERVED
+CVE-2019-12407
+	RESERVED
+CVE-2019-12406
+	RESERVED
+CVE-2019-12405
+	RESERVED
+CVE-2019-12404
+	RESERVED
+CVE-2019-12403
+	RESERVED
+CVE-2019-12402
+	RESERVED
+CVE-2019-12401
+	RESERVED
+CVE-2019-12400
+	RESERVED
+CVE-2019-12399
+	RESERVED
+CVE-2019-12398
+	RESERVED
+CVE-2019-12397
+	RESERVED
 CVE-2019-12396 (An issue was discovered in Revive Adserver before 4.2.1. In lib/OA/Dal ...)
 	NOT-FOR-US: Revive Adserver
 CVE-2019-12395 (In Webbukkit Dynmap 3.0-beta-3, with Spigot 1.13.2, due to a missing l ...)
@@ -2564,7 +2648,7 @@ CVE-2019-11339 (The studio profile decoder in libavcodec/mpeg4videodec.c in FFmp
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a
 CVE-2019-11338 (libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate ...)
-	{DSA-4449-1}
+	{DSA-4449-1 DLA-1809-1}
 	- ffmpeg 7:4.1.3-1
 	- libav <removed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e
@@ -3458,12 +3542,12 @@ CVE-2019-10969
 	RESERVED
 CVE-2019-10968
 	RESERVED
-CVE-2019-10967
-	RESERVED
+CVE-2019-10967 (In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based  ...)
+	TODO: check
 CVE-2019-10966
 	RESERVED
-CVE-2019-10965
-	RESERVED
+CVE-2019-10965 (In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based b ...)
+	TODO: check
 CVE-2019-10964
 	RESERVED
 CVE-2019-10963
@@ -17743,8 +17827,8 @@ CVE-2019-5591
 	RESERVED
 CVE-2019-5590
 	RESERVED
-CVE-2019-5589
-	RESERVED
+CVE-2019-5589 (An Unsafe Search Path vulnerability in FortiClient Online Installer (W ...)
+	TODO: check
 CVE-2019-5588
 	RESERVED
 CVE-2019-5587
@@ -27569,8 +27653,8 @@ CVE-2018-1000862 (An information exposure vulnerability exists in Jenkins 2.153
 	NOT-FOR-US: Jenkins
 CVE-2018-1000861 (A code execution vulnerability exists in the Stapler web framework use ...)
 	NOT-FOR-US: Jenkins
-CVE-2018-20008
-	RESERVED
+CVE-2018-20008 (iBall Baton iB-WRB302N20122017 devices have improper access control ov ...)
+	TODO: check
 CVE-2018-20007 (Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access con ...)
 	NOT-FOR-US: Yeelight Smart AI Speaker devices
 CVE-2018-20006 (An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulne ...)
@@ -33179,8 +33263,7 @@ CVE-2019-0222 (In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT fra
 	[stretch] - activemq <no-dsa> (Minor issue)
 	[jessie] - activemq <not-affected> (MQTT support not enabled)
 	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt
-CVE-2019-0221 [XSS in SSI printenv]
-	RESERVED
+CVE-2019-0221 (The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0  ...)
 	- tomcat9 <unfixed>
 	- tomcat8 <removed>
 	- tomcat7 <removed>
@@ -33393,7 +33476,7 @@ CVE-2019-0155
 	RESERVED
 CVE-2019-0154
 	RESERVED
-CVE-2019-0153 (Buffer overflow in subsystem in Intel(R) CSME before version 12.0.35 m ...)
+CVE-2019-0153 (Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 m ...)
 	NOT-FOR-US: Intel(R) CSME
 CVE-2019-0152
 	RESERVED
@@ -42611,7 +42694,7 @@ CVE-2018-15824
 CVE-2018-15823
 	RESERVED
 CVE-2018-15822 (The flv_write_packet function in libavformat/flvenc.c in FFmpeg throug ...)
-	{DSA-4449-1}
+	{DSA-4449-1 DLA-1809-1}
 	- ffmpeg 7:4.0.3-1 (low)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10
 	- libav <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cecf2d616104653313d8435b0bc81daebbcb1529

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cecf2d616104653313d8435b0bc81daebbcb1529
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190529/65e77d06/attachment.html>


More information about the debian-security-tracker-commits mailing list