[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed May 29 09:10:26 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cecf2d61 by security tracker role at 2019-05-29T08:10:17Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2019-12438
+ RESERVED
+CVE-2019-12437
+ RESERVED
+CVE-2019-12436
+ RESERVED
+CVE-2019-12435
+ RESERVED
+CVE-2019-12434
+ RESERVED
+CVE-2019-12433
+ RESERVED
+CVE-2019-12432
+ RESERVED
+CVE-2019-12431
+ RESERVED
+CVE-2019-12430
+ RESERVED
+CVE-2019-12429
+ RESERVED
+CVE-2019-12428
+ RESERVED
+CVE-2019-12427
+ RESERVED
+CVE-2019-12426
+ RESERVED
+CVE-2019-12425
+ RESERVED
+CVE-2019-12424
+ RESERVED
+CVE-2019-12423
+ RESERVED
+CVE-2019-12422
+ RESERVED
+CVE-2019-12421
+ RESERVED
+CVE-2019-12420
+ RESERVED
+CVE-2019-12419
+ RESERVED
+CVE-2019-12418
+ RESERVED
+CVE-2019-12417
+ RESERVED
+CVE-2019-12416
+ RESERVED
+CVE-2019-12415
+ RESERVED
+CVE-2019-12414
+ RESERVED
+CVE-2019-12413
+ RESERVED
+CVE-2019-12412
+ RESERVED
+CVE-2019-12411
+ RESERVED
+CVE-2019-12410
+ RESERVED
+CVE-2019-12409
+ RESERVED
+CVE-2019-12408
+ RESERVED
+CVE-2019-12407
+ RESERVED
+CVE-2019-12406
+ RESERVED
+CVE-2019-12405
+ RESERVED
+CVE-2019-12404
+ RESERVED
+CVE-2019-12403
+ RESERVED
+CVE-2019-12402
+ RESERVED
+CVE-2019-12401
+ RESERVED
+CVE-2019-12400
+ RESERVED
+CVE-2019-12399
+ RESERVED
+CVE-2019-12398
+ RESERVED
+CVE-2019-12397
+ RESERVED
CVE-2019-12396 (An issue was discovered in Revive Adserver before 4.2.1. In lib/OA/Dal ...)
NOT-FOR-US: Revive Adserver
CVE-2019-12395 (In Webbukkit Dynmap 3.0-beta-3, with Spigot 1.13.2, due to a missing l ...)
@@ -2564,7 +2648,7 @@ CVE-2019-11339 (The studio profile decoder in libavcodec/mpeg4videodec.c in FFmp
NOTE: https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb
NOTE: https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a
CVE-2019-11338 (libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate ...)
- {DSA-4449-1}
+ {DSA-4449-1 DLA-1809-1}
- ffmpeg 7:4.1.3-1
- libav <removed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e
@@ -3458,12 +3542,12 @@ CVE-2019-10969
RESERVED
CVE-2019-10968
RESERVED
-CVE-2019-10967
- RESERVED
+CVE-2019-10967 (In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based ...)
+ TODO: check
CVE-2019-10966
RESERVED
-CVE-2019-10965
- RESERVED
+CVE-2019-10965 (In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based b ...)
+ TODO: check
CVE-2019-10964
RESERVED
CVE-2019-10963
@@ -17743,8 +17827,8 @@ CVE-2019-5591
RESERVED
CVE-2019-5590
RESERVED
-CVE-2019-5589
- RESERVED
+CVE-2019-5589 (An Unsafe Search Path vulnerability in FortiClient Online Installer (W ...)
+ TODO: check
CVE-2019-5588
RESERVED
CVE-2019-5587
@@ -27569,8 +27653,8 @@ CVE-2018-1000862 (An information exposure vulnerability exists in Jenkins 2.153
NOT-FOR-US: Jenkins
CVE-2018-1000861 (A code execution vulnerability exists in the Stapler web framework use ...)
NOT-FOR-US: Jenkins
-CVE-2018-20008
- RESERVED
+CVE-2018-20008 (iBall Baton iB-WRB302N20122017 devices have improper access control ov ...)
+ TODO: check
CVE-2018-20007 (Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access con ...)
NOT-FOR-US: Yeelight Smart AI Speaker devices
CVE-2018-20006 (An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulne ...)
@@ -33179,8 +33263,7 @@ CVE-2019-0222 (In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT fra
[stretch] - activemq <no-dsa> (Minor issue)
[jessie] - activemq <not-affected> (MQTT support not enabled)
NOTE: http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt
-CVE-2019-0221 [XSS in SSI printenv]
- RESERVED
+CVE-2019-0221 (The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 ...)
- tomcat9 <unfixed>
- tomcat8 <removed>
- tomcat7 <removed>
@@ -33393,7 +33476,7 @@ CVE-2019-0155
RESERVED
CVE-2019-0154
RESERVED
-CVE-2019-0153 (Buffer overflow in subsystem in Intel(R) CSME before version 12.0.35 m ...)
+CVE-2019-0153 (Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 m ...)
NOT-FOR-US: Intel(R) CSME
CVE-2019-0152
RESERVED
@@ -42611,7 +42694,7 @@ CVE-2018-15824
CVE-2018-15823
RESERVED
CVE-2018-15822 (The flv_write_packet function in libavformat/flvenc.c in FFmpeg throug ...)
- {DSA-4449-1}
+ {DSA-4449-1 DLA-1809-1}
- ffmpeg 7:4.0.3-1 (low)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10
- libav <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cecf2d616104653313d8435b0bc81daebbcb1529
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cecf2d616104653313d8435b0bc81daebbcb1529
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190529/65e77d06/attachment.html>
More information about the debian-security-tracker-commits
mailing list