[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Nov 28 08:10:40 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e9c2bbf9 by security tracker role at 2019-11-28T08:10:26Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2019-19371
+	RESERVED
+CVE-2019-19370
+	RESERVED
+CVE-2019-19369
+	RESERVED
+CVE-2019-19368
+	RESERVED
+CVE-2019-19367 (A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in ...)
+	TODO: check
+CVE-2019-19366 (A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_sear ...)
+	TODO: check
+CVE-2019-19365
+	RESERVED
 CVE-2020-1764
 	RESERVED
 CVE-2020-1763
@@ -236,10 +250,10 @@ CVE-2019-19321
 	RESERVED
 CVE-2019-19320
 	RESERVED
-CVE-2019-19319
-	RESERVED
-CVE-2019-19318
-	RESERVED
+CVE-2019-19319 (In the Linux kernel 5.0.21, a setxattr operation, after a mount of a c ...)
+	TODO: check
+CVE-2019-19318 (In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can c ...)
+	TODO: check
 CVE-2019-19317
 	RESERVED
 CVE-2019-19316
@@ -271,6 +285,7 @@ CVE-2019-19309 [Private objects exposed through project import]
 	- gitlab <not-affected> (Only affects Gitlab EE)
 	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
 CVE-2019-19330 (The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, ...)
+	{DSA-4577-1}
 	- haproxy 2.0.10-1
 	[stretch] - haproxy <not-affected> (Vulnerable code introduced in 1.8)
 	[jessie] - haproxy <not-affected> (Vulnerable code introduced in 1.8)
@@ -3994,8 +4009,7 @@ CVE-2019-18662 (An issue was discovered in YouPHPTube through 7.7. User input pa
 	NOT-FOR-US: YouPHPTube
 CVE-2019-18661 (Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by ...)
 	NOT-FOR-US: Fastweb FASTGate
-CVE-2019-18660 [powerpc: missing Spectre-RSB mitigation]
-	RESERVED
+CVE-2019-18660 (The Linux kernel through 5.3.13 on powerpc allows Information Exposure ...)
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/11/27/1
 CVE-2019-18659 (The Wireless Emergency Alerts (WEA) protocol allows remote attackers t ...)
@@ -5060,8 +5074,8 @@ CVE-2019-18277 (A flaw was found in HAProxy before 2.0.6. In legacy mode, messag
 	[jessie] - haproxy <no-dsa> (Minor issue)
 	NOTE: https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=196a7df44d8129d1adc795da020b722614d6a581
 	NOTE: https://nathandavison.com/blog/haproxy-http-request-smuggling
-CVE-2019-18276
-	RESERVED
+CVE-2019-18276 (An issue was discovered in disable_priv_mode in shell.c in GNU Bash th ...)
+	TODO: check
 CVE-2019-18275
 	RESERVED
 CVE-2019-18274
@@ -5106,8 +5120,8 @@ CVE-2019-18255
 	RESERVED
 CVE-2019-18254
 	RESERVED
-CVE-2019-18253
-	RESERVED
+CVE-2019-18253 (An attacker could use specially crafted paths in a specific request to ...)
+	TODO: check
 CVE-2019-18252
 	RESERVED
 CVE-2019-18251 (In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervis ...)
@@ -5118,8 +5132,8 @@ CVE-2019-18249
 	RESERVED
 CVE-2019-18248
 	RESERVED
-CVE-2019-18247
-	RESERVED
+CVE-2019-18247 (An attacker may use a specially crafted message to force Relion 650 se ...)
+	TODO: check
 CVE-2019-18246
 	RESERVED
 CVE-2019-18245
@@ -12708,8 +12722,8 @@ CVE-2019-15707
 	RESERVED
 CVE-2019-15706
 	RESERVED
-CVE-2019-15705
-	RESERVED
+CVE-2019-15705 (An Improper Input Validation vulnerability in the SSL VPN portal of Fo ...)
+	TODO: check
 CVE-2019-15704 (A clear text storage of sensitive information vulnerability in FortiCl ...)
 	NOT-FOR-US: Fortinet
 CVE-2019-15703 (An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2. ...)
@@ -40134,26 +40148,26 @@ CVE-2019-6676
 	RESERVED
 CVE-2019-6675 (BIG-IP configurations using Active Directory, LDAP, or Client Certific ...)
 	NOT-FOR-US: F5 BIG-IP
-CVE-2019-6674
-	RESERVED
-CVE-2019-6673
-	RESERVED
-CVE-2019-6672
-	RESERVED
-CVE-2019-6671
-	RESERVED
-CVE-2019-6670
-	RESERVED
-CVE-2019-6669
-	RESERVED
-CVE-2019-6668
-	RESERVED
-CVE-2019-6667
-	RESERVED
-CVE-2019-6666
-	RESERVED
-CVE-2019-6665
-	RESERVED
+CVE-2019-6674 (On F5 SSL Orchestrator 15.0.0-15.0.1 and 14.0.0-14.1.2, TMM may crash  ...)
+	TODO: check
+CVE-2019-6673 (On versions 15.0.0-15.0.1 and 14.0.0-14.1.2, when the BIG-IP is config ...)
+	TODO: check
+CVE-2019-6672 (On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when  ...)
+	TODO: check
+CVE-2019-6671 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1 ...)
+	TODO: check
+CVE-2019-6670 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1 ...)
+	TODO: check
+CVE-2019-6669 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1 ...)
+	TODO: check
+CVE-2019-6668 (The BIG-IP APM Edge Client for macOS bundled with BIG-IP APM 15.0.0-15 ...)
+	TODO: check
+CVE-2019-6667 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1 ...)
+	TODO: check
+CVE-2019-6666 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, and 13.1.0- ...)
+	TODO: check
+CVE-2019-6665 (On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0- ...)
+	TODO: check
 CVE-2019-6664 (On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, networ ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2019-6663 (The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12. ...)
@@ -50627,7 +50641,7 @@ CVE-2019-2943 (Vulnerability in the Oracle Data Integrator product of Oracle Fus
 	NOT-FOR-US: Oracle
 CVE-2019-2942 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...)
 	NOT-FOR-US: Oracle
-CVE-2019-2941 (Vulnerability in the Hyperion Enterprise Performance Management Archit ...)
+CVE-2019-2941 (Vulnerability in the Hyperion Profitability and Cost Management produc ...)
 	NOT-FOR-US: Oracle
 CVE-2019-2940 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
 	NOT-FOR-US: Oracle
@@ -83001,6 +83015,7 @@ CVE-2018-10395
 CVE-2018-10394
 	RESERVED
 CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-b ...)
+	{DLA-2013-1}
 	- libvorbis 1.3.6-2 (bug #876780)
 	[stretch] - libvorbis <no-dsa> (Minor issue)
 	[wheezy] - libvorbis <ignored> (Minor issue)
@@ -83008,6 +83023,7 @@ CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a s
 	NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
 	NOTE: Same patch as for CVE-2017-14160
 CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not va ...)
+	{DLA-2013-1}
 	- libvorbis 1.3.6-2 (bug #876780)
 	[stretch] - libvorbis <no-dsa> (Minor issue)
 	[wheezy] - libvorbis <ignored> (Minor issue)
@@ -122148,6 +122164,7 @@ CVE-2017-14165 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.
 	NOTE: http://www.openwall.com/lists/oss-security/2017/09/06/4
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/442/
 CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5  ...)
+	{DLA-2013-1}
 	- libvorbis 1.3.6-2 (bug #876780)
 	[stretch] - libvorbis <no-dsa> (Minor issue)
 	[wheezy] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream)
@@ -289240,8 +289257,7 @@ CVE-2011-2718 (Multiple directory traversal vulnerabilities in the relational sc
 	- phpmyadmin 4:3.4.3.2-1
 	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
 	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2011-2717
-	RESERVED
+CVE-2011-2717 (The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011- ...)
 	NOT-FOR-US: udhcp6c
 CVE-2011-2716 (The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP s ...)
 	- busybox 1:1.20.0-3 (unimportant; bug #635548)
@@ -289753,8 +289769,7 @@ CVE-2011-2525 (The qdisc_notify function in net/sched/sch_api.c in the Linux ker
 CVE-2011-2524 (Directory traversal vulnerability in soup-uri.c in SoupServer in libso ...)
 	{DSA-2369-1}
 	- libsoup2.4 2.34.3-1 (bug #635837)
-CVE-2011-2523
-	RESERVED
+CVE-2011-2523 (vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backd ...)
 	- vsftpd <not-affected> (backdoored version was never in the Debian archive)
 CVE-2011-2522 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Samb ...)
 	{DSA-2290-1}
@@ -289782,8 +289797,7 @@ CVE-2011-2517 (Multiple buffer overflows in net/wireless/nl80211.c in the Linux
 CVE-2011-2516 (Off-by-one error in the XML signature feature in Apache XML Security f ...)
 	{DSA-2277-1}
 	- xml-security-c 1.6.1-1 (low; bug #632973)
-CVE-2011-2515
-	RESERVED
+CVE-2011-2515 (PackageKit 0.6.17 allows installation of unsigned RPM packages as thou ...)
 	- packagekit 0.6.17-1
 CVE-2011-2514 (The Java Network Launching Protocol (JNLP) implementation in IcedTea6  ...)
 	- openjdk-6 6b21~pre1-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9c2bbf9366a9b151d0486f883174a775b74a67d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9c2bbf9366a9b151d0486f883174a775b74a67d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191128/6d7e56c3/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list