[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Nov 21 08:10:34 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
13ed2681 by security tracker role at 2019-11-21T08:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2019-19146
+ RESERVED
+CVE-2019-19145
+ RESERVED
+CVE-2019-19144
+ RESERVED
+CVE-2019-19143
+ RESERVED
+CVE-2019-19142
+ RESERVED
+CVE-2019-19141
+ RESERVED
+CVE-2019-19140
+ RESERVED
+CVE-2019-19139
+ RESERVED
+CVE-2019-19138
+ RESERVED
+CVE-2019-19137
+ RESERVED
+CVE-2019-19136
+ RESERVED
+CVE-2019-19135
+ RESERVED
+CVE-2019-19134
+ RESERVED
+CVE-2019-19133
+ RESERVED
+CVE-2019-19132
+ RESERVED
+CVE-2019-19131
+ RESERVED
+CVE-2019-19130
+ RESERVED
+CVE-2019-19129
+ RESERVED
+CVE-2019-19128
+ RESERVED
+CVE-2019-19127
+ RESERVED
CVE-2019-19126 (On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 ...)
- glibc <unfixed>
[buster] - glibc <no-dsa> (Minor issue)
@@ -131,14 +171,14 @@ CVE-2019-19072 (A memory leak in the predicate_parse() function in kernel/trace/
NOTE: https://git.kernel.org/linus/96c5c6e6a5b6db592acae039fed54b5c8844cd35
CVE-2019-19071 (A memory leak in the rsi_send_beacon() function in drivers/net/wireles ...)
- linux <unfixed>
-CVE-2019-19070 (A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio ...)
+CVE-2019-19070 (** DISPUTED ** A memory leak in the spi_gpio_probe() function in drive ...)
- linux <unfixed>
CVE-2019-19069 (A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc ...)
- linux 5.3.9-1
NOTE: https://git.kernel.org/linus/fc739a058d99c9297ef6bfd923b809d85855b9a9
CVE-2019-19068 (A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net ...)
- linux <unfixed>
-CVE-2019-19067 (Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd ...)
+CVE-2019-19067 (** DISPUTED ** Four memory leaks in the acp_hw_init() function in driv ...)
- linux 5.3.9-1
NOTE: https://git.kernel.org/linus/57be09c6e8747bf48704136d9e3f92bfb93f5725
CVE-2019-19066 (A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/ ...)
@@ -146,7 +186,7 @@ CVE-2019-19066 (A memory leak in the bfad_im_get_stats() function in drivers/scs
CVE-2019-19065 (A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi ...)
- linux 5.3.9-1
NOTE: https://git.kernel.org/linus/34b3be18a04ecdc610aae4c48e5d1b799d8689f6
-CVE-2019-19064 (A memory leak in the fsl_lpspi_probe() function in drivers/spi/spi-fsl ...)
+CVE-2019-19064 (** DISPUTED ** A memory leak in the fsl_lpspi_probe() function in driv ...)
- linux <unfixed>
CVE-2019-19063 (Two memory leaks in the rtl_usb_probe() function in drivers/net/wirele ...)
- linux <unfixed>
@@ -168,7 +208,7 @@ CVE-2019-19057 (Two memory leaks in the mwifiex_pcie_init_evt_ring() function in
- linux <unfixed>
CVE-2019-19056 (A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drive ...)
- linux <unfixed>
-CVE-2019-19055 (A memory leak in the nl80211_get_ftm_responder_stats() function in net ...)
+CVE-2019-19055 (** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/1399c59fa92984836db90538cf92397fe7caaa57
CVE-2019-19054 (A memory leak in the cx23888_ir_probe() function in drivers/media/pci/ ...)
@@ -193,7 +233,7 @@ CVE-2019-19048 (A memory leak in the crypto_reportstat() function in drivers/vir
CVE-2019-19047 (A memory leak in the mlx5_fw_fatal_reporter_dump() function in drivers ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/c7ed6d0183d5ea9bc31bcaeeba4070bd62546471
-CVE-2019-19046 (A memory leak in the __ipmi_bmc_register() function in drivers/char/ip ...)
+CVE-2019-19046 (** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in ...)
- linux <unfixed>
CVE-2019-19045 (A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/ne ...)
- linux <unfixed>
@@ -209,14 +249,14 @@ CVE-2019-19041 (An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61
NOT-FOR-US: Xorux
CVE-2019-19040 (KairosDB through 1.2.2 has XSS in view.html because of showErrorMessag ...)
NOT-FOR-US: KairosDB
-CVE-2019-19039
- RESERVED
+CVE-2019-19039 (__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel thro ...)
+ TODO: check
CVE-2019-19038
RESERVED
-CVE-2019-19037
- RESERVED
-CVE-2019-19036
- RESERVED
+CVE-2019-19037 (ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 a ...)
+ TODO: check
+CVE-2019-19036 (btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 ...)
+ TODO: check
CVE-2019-19035 (jhead 3.03 is affected by: heap-based buffer over-read. The impact is: ...)
- jhead <unfixed> (unimportant; bug #944961)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765647
@@ -38989,10 +39029,10 @@ CVE-2019-6855
RESERVED
CVE-2019-6854
RESERVED
-CVE-2019-6853
- RESERVED
-CVE-2019-6852
- RESERVED
+CVE-2019-6853 (A CWE-79: Failure to Preserve Web Page Structure vulnerability exists ...)
+ TODO: check
+CVE-2019-6852 (A CWE-200: Information Exposure vulnerability exists in Modicon Contro ...)
+ TODO: check
CVE-2019-6851 (A CWE-538: File and Directory Information Exposure vulnerability exist ...)
NOT-FOR-US: Modicon
CVE-2019-6850 (A CWE-200: Information Exposure vulnerability exists in Modicon M580, ...)
@@ -209727,16 +209767,14 @@ CVE-2015-3169 (Cross-site scripting (XSS) vulnerability in askbot 0.7.51-4.el6.n
- askbot <itp> (bug #687966)
CVE-2015-3168
REJECTED
-CVE-2015-3167
- RESERVED
+CVE-2015-3167 (contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2 ...)
{DSA-3270-1 DSA-3269-1 DLA-227-1}
- postgresql-9.4 9.4.2-1
- postgresql-9.1 <removed>
NOTE: Since 9.1.1-2 src:postgresql-9.1 builds only postgresql-plperl-9.1, source-wise fixed
- postgresql-8.4 <removed>
[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl; EOL upstream)
-CVE-2015-3166
- RESERVED
+CVE-2015-3166 (The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before ...)
{DSA-3270-1 DSA-3269-1 DLA-227-1}
- postgresql-9.4 9.4.2-1
- postgresql-9.1 <removed>
@@ -258474,14 +258512,11 @@ CVE-2013-2094 (The perf_swevent_init function in kernel/events/core.c in the Lin
{DSA-2669-1}
- linux 3.8.11-1
[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
-CVE-2013-2093
- RESERVED
+CVE-2013-2093 (Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewim ...)
- dolibarr 3.3.4-1 (high)
-CVE-2013-2092
- RESERVED
+CVE-2013-2092 (Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote att ...)
- dolibarr 3.3.4-1
-CVE-2013-2091
- RESERVED
+CVE-2013-2091 (SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote at ...)
- dolibarr 3.3.4-1
CVE-2013-2090 (The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche ...)
NOT-FOR-US: Creme Fraiche Ruby Gem
@@ -259414,12 +259449,10 @@ CVE-2013-1819 (The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kerne
CVE-2013-1818 (maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote ...)
- mediawiki <not-affected> (mwdoc-filter.php introduced in 1.20)
NOTE: register_globals is not supported in Debian anyway, see PHP's README.Debian.security
-CVE-2013-1817 [mediawiki information disclosure in unblock API]
- RESERVED
+CVE-2013-1817 (MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in ...)
- mediawiki 1:1.19.4-1 (bug #702305)
[squeeze] - mediawiki <end-of-life>
-CVE-2013-1816 [mediawiki insecure curl usage]
- RESERVED
+CVE-2013-1816 (MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attacke ...)
- mediawiki 1:1.19.4-1
[squeeze] - mediawiki <end-of-life>
CVE-2013-1815 (PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create th ...)
@@ -278259,8 +278292,7 @@ CVE-2012-1259
RESERVED
CVE-2012-1258
RESERVED
-CVE-2012-1257
- RESERVED
+CVE-2012-1257 (Pidgin 2.10.0 uses DBUS for certain cleartext communication, which all ...)
- pidgin <unfixed> (unimportant)
NOTE: Negligible local information disclosure
CVE-2012-1256 (The single sign-on (SSO) implementation in EasyVista before 2010.1.1.8 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/13ed26814b0cc6e99d24117a6ea5e0fbfe68db92
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/13ed26814b0cc6e99d24117a6ea5e0fbfe68db92
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191121/9106371a/attachment.html>
More information about the debian-security-tracker-commits
mailing list