[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Nov 27 08:10:33 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d34411af by security tracker role at 2019-11-27T08:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2019-19326
+	RESERVED
+CVE-2019-19325
+	RESERVED
+CVE-2019-19324
+	RESERVED
+CVE-2019-19323
+	RESERVED
+CVE-2019-19322
+	RESERVED
+CVE-2019-19321
+	RESERVED
+CVE-2019-19320
+	RESERVED
+CVE-2019-19319
+	RESERVED
+CVE-2019-19318
+	RESERVED
+CVE-2019-19317
+	RESERVED
+CVE-2019-19316
+	RESERVED
+CVE-2019-19315
+	RESERVED
+CVE-2019-19314
+	RESERVED
+CVE-2019-19313
+	RESERVED
+CVE-2019-19312
+	RESERVED
+CVE-2019-19311
+	RESERVED
+CVE-2019-19310
+	RESERVED
+CVE-2019-19309
+	RESERVED
 CVE-2019-XXXX [CRLF injection when decoding from http/2 to http/1]
 	- haproxy 2.0.10-1
 	NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=54f53ef7ce4102be596130b44c768d1818570344
@@ -7386,6 +7422,7 @@ CVE-2019-17547 (In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16537
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ecf7c6b288e11e7e7f75387c5e9e93e423b98397
 CVE-2019-17546 (tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0. ...)
+	{DLA-2009-1}
 	- gdal <unfixed> (unimportant)
 	- tiff 4.0.10+git190818-1
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443
@@ -7841,7 +7878,7 @@ CVE-2019-17408 (parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 all
 	NOT-FOR-US: ZZZCMS
 CVE-2019-17407
 	RESERVED
-CVE-2019-14842 [Remote code execution vulnerability]
+CVE-2019-14842 (Structured reply is a feature of the newstyle NBD protocol allowing th ...)
 	- libnbd 1.0.3-1 (bug #942215)
 	NOTE: https://www.redhat.com/archives/libguestfs/2019-October/msg00060.html
 	NOTE: https://github.com/libguestfs/libnbd/commit/f75f602a6361c0c5f42debfeea6980f698ce7f09 (1.1.4)
@@ -32651,6 +32688,7 @@ CVE-2019-9435 (In Bluetooth, there is a possible out of bounds read due to a mis
 CVE-2019-9434 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
 	NOT-FOR-US: Android
 CVE-2019-9433 (In libvpx, there is a possible information disclosure due to improper  ...)
+	{DLA-2012-1}
 	- libvpx 1.8.1-2
 	NOTE: https://github.com/webmproject/libvpx/commit/52add5896661d186dec284ed646a4b33b607d2c7
 CVE-2019-9432 (In Bluetooth, there is a possible out of bounds read due to improper i ...)
@@ -33066,6 +33104,7 @@ CVE-2019-9234 (In wpa_supplicant_8, there is a possible out of bounds read due t
 CVE-2019-9233 (In wpa_supplicant_8, there is a possible out of bounds read due to an  ...)
 	NOT-FOR-US: Android
 CVE-2019-9232 (In libvpx, there is a possible out of bounds read due to a missing bou ...)
+	{DLA-2012-1}
 	- libvpx 1.8.1-2
 	NOTE: https://github.com/webmproject/libvpx/commit/46e17f0cb4a80b36755c84b8bf15731d3386c08f
 CVE-2019-9231 (An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M80 ...)
@@ -41235,6 +41274,7 @@ CVE-2019-6129 (** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 h
 	NOTE: https://github.com/glennrp/libpng/issues/269
 	NOTE: Memory leak in CLI tool, no security impact
 CVE-2019-6128 (The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory l ...)
+	{DLA-2009-1}
 	- tiff 4.0.10-4 (bug #921157; unimportant)
 	- tiff3 <removed> (unimportant)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2836
@@ -60419,6 +60459,7 @@ CVE-2018-18662 (There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700043
 	NOTE: http://git.ghostscript.com/?p=mupdf.git;h=164ddc22ee0d5b63a81d5148f44c37dd132a9356
 CVE-2018-18661 (An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dere ...)
+	{DLA-2009-1}
 	- tiff 4.0.10-1 (unimportant; bug #912012)
 	- tiff3 <removed> (unimportant)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2819
@@ -75387,6 +75428,7 @@ CVE-2018-12902 (In Easy Magazine through 2012-10-26, there is XSS in the search
 CVE-2018-12901 (A vulnerability in the conferencing component of Mitel ST 14.2, versio ...)
 	NOT-FOR-US: Mitel
 CVE-2018-12900 (Heap-based buffer overflow in the cpSeparateBufToContigBuf function in ...)
+	{DLA-2009-1}
 	- tiff 4.0.10-4 (bug #902718)
 	[stretch] - tiff <postponed> (Minor issue, can be fixed along in future DSA)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2798
@@ -111039,7 +111081,7 @@ CVE-2017-17092 (wp-includes/functions.php in WordPress before 4.9.1 does not req
 	NOTE: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
 	NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
 CVE-2017-17095 (tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to ...)
-	{DSA-4349-1}
+	{DSA-4349-1 DLA-2009-1}
 	- tiff 4.0.9-5 (unimportant; bug #883320)
 	- tiff3 <removed> (unimportant)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2750
@@ -173820,7 +173862,7 @@ CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ext/zip
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9
 	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
 CVE-2016-6296 (Integer signedness error in the simplestring_addn function in simplest ...)
-	{DSA-3631-1 DLA-628-1 DLA-569-1}
+	{DSA-3631-1 DLA-2011-1 DLA-628-1 DLA-569-1}
 	- php7.0 7.0.9-1
 	- php5 5.6.24+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/72606
@@ -176973,7 +177015,7 @@ CVE-2016-5340 (The is_ashmem_file function in drivers/staging/android/ashmem.c i
 CVE-2016-5339
 	RESERVED
 CVE-2014-9862 (Integer signedness error in bspatch.c in bspatch in bsdiff, as used in ...)
-	{DLA-697-1}
+	{DLA-2010-1 DLA-697-1}
 	- bsdiff 4.3-17
 	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=372525
 CVE-2016-5361 (programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial ...)
@@ -204452,7 +204494,7 @@ CVE-2015-5156 (The virtnet_probe function in drivers/net/virtio_net.c in the Lin
 	- linux-2.6 <removed>
 	NOTE: http://marc.info/?l=linux-netdev&m=143868216724068&w=2
 CVE-2015-5155 [Packet with crafted "nextoffset" and "extid" values causes DoS]
-	RESERVED
+	REJECTED
 	- openslp-dfsg 1.2.1-8 (bug #623551)
 	[squeeze] - openslp-dfsg 1.2.1-7.8+deb6u1
 	NOTE: duplicate of CVE-2010-3609
@@ -283830,8 +283872,7 @@ CVE-2011-4312 (Multiple cross-site scripting (XSS) vulnerabilities in the commen
 	NOT-FOR-US: Review Board
 CVE-2011-4311 (ResourceSpace before 4.2.2833 does not properly validate access keys,  ...)
 	NOT-FOR-US: ResourceSpace
-CVE-2011-4310
-	RESERVED
+CVE-2011-4310 (The news module in CMSMS before 1.9.4.3 allows remote attackers to cor ...)
 	- cmsms <itp> (bug #608888)
 CVE-2011-4309 (Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attacke ...)
 	- moodle <not-affected> (Only affects 2.x)
@@ -290983,8 +291024,7 @@ CVE-2011-1940 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin
 	- phpmyadmin 4:3.4.1-1
 	[lenny] - phpmyadmin <not-affected> (3.3.x+ only)
 	[squeeze] - phpmyadmin <no-dsa> (may be bundled with future issues)
-CVE-2011-1939
-	RESERVED
+CVE-2011-1939 (SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and ...)
 	- zendframework 1.11.6-1 (low)
 	[squeeze] - zendframework <no-dsa> (Minor issue)
 CVE-2011-1938 (Stack-based buffer overflow in the socket_connect function in ext/sock ...)
@@ -291000,13 +291040,11 @@ CVE-2011-1935 (pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d
 	[squeeze] - libpcap 1.1.1-2+squeeze1
 	[lenny] - libpcap <not-affected>
 	NOTE: <878vsbyviu.fsf at silenus.orebokech.com>
-CVE-2011-1934 [lilo: lilo.conf world-readable]
-	RESERVED
+CVE-2011-1934 (lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1. ...)
 	- lilo 23.1-2 (low; bug #615103)
 	[squeeze] - lilo <not-affected> (Introduced in 23.1)
 	[lenny] - lilo <not-affected> (Introduced in 23.1)
-CVE-2011-1933
-	RESERVED
+CVE-2011-1933 (SQL injection vulnerability in Jifty::DBI before 0.68. ...)
 	- libjifty-dbi-perl 0.68-1 (low; bug #622919)
 	[squeeze] - libjifty-dbi-perl 0.60-1+squeeze1
 CVE-2011-1932 (Directory traversal vulnerability in io/filesystem/filesystem.cc in Wi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d34411af943a20e1f782d2fd3a694052f80fef17

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d34411af943a20e1f782d2fd3a694052f80fef17
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191127/c853ff35/attachment.html>

More information about the debian-security-tracker-commits mailing list