[Git][security-tracker-team/security-tracker][master] automatic update

Thu Nov 28 20:10:44 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0f499464 by security tracker role at 2019-11-28T20:10:32Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2019-19383
+	RESERVED
+CVE-2019-19382
+	RESERVED
+CVE-2019-19381
+	RESERVED
+CVE-2019-19380
+	RESERVED
+CVE-2019-19379 (In app/Controller/TagsController.php in MISP 2.4.118, users can bypass ...)
+	TODO: check
+CVE-2019-19378
+	RESERVED
+CVE-2019-19377
+	RESERVED
+CVE-2019-19376 (In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdi ...)
+	TODO: check
+CVE-2019-19375 (In Octopus Deploy before 2019.10.7, in a configuration where SSL offlo ...)
+	TODO: check
+CVE-2019-19374
+	RESERVED
+CVE-2019-19373
+	RESERVED
+CVE-2019-19372 (A downloadFile.php download_file path traversal vulnerability in rConf ...)
+	TODO: check
 CVE-2019-19371
 	RESERVED
 CVE-2019-19370
@@ -32995,7 +33019,7 @@ CVE-2019-9435 (In Bluetooth, there is a possible out of bounds read due to a mis
 CVE-2019-9434 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
 	NOT-FOR-US: Android
 CVE-2019-9433 (In libvpx, there is a possible information disclosure due to improper  ...)
-	{DLA-2012-1}
+	{DSA-4578-1 DLA-2012-1}
 	- libvpx 1.8.1-2
 	NOTE: https://github.com/webmproject/libvpx/commit/52add5896661d186dec284ed646a4b33b607d2c7
 CVE-2019-9432 (In Bluetooth, there is a possible out of bounds read due to improper i ...)
@@ -33222,6 +33246,7 @@ CVE-2019-9327 (In Bluetooth, there is a possible out of bounds read due to a mis
 CVE-2019-9326 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
 	NOT-FOR-US: Android
 CVE-2019-9325 (In libvpx, there is a possible out of bounds read due to a missing bou ...)
+	{DSA-4578-1}
 	- libvpx 1.8.1-2
 	[jessie] - libvpx <not-affected> (Vunerable code introduced in 1.4.0)
 	NOTE: https://github.com/webmproject/libvpx/commit/0681cff1ad36b3ef8ec242f59b5a6c4234ccfb88
@@ -33413,7 +33438,7 @@ CVE-2019-9234 (In wpa_supplicant_8, there is a possible out of bounds read due t
 CVE-2019-9233 (In wpa_supplicant_8, there is a possible out of bounds read due to an  ...)
 	NOT-FOR-US: Android
 CVE-2019-9232 (In libvpx, there is a possible out of bounds read due to a missing bou ...)
-	{DLA-2012-1}
+	{DSA-4578-1 DLA-2012-1}
 	- libvpx 1.8.1-2
 	NOTE: https://github.com/webmproject/libvpx/commit/46e17f0cb4a80b36755c84b8bf15731d3386c08f
 CVE-2019-9231 (An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M80 ...)
@@ -53188,7 +53213,7 @@ CVE-2018-20021 (LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c co
 	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
 	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
 	- italc <removed>
-        - veyon 4.1.4+repack1-1
+	- veyon 4.1.4+repack1-1
 	NOTE: https://github.com/LibVNC/libvncserver/issues/251
 	NOTE: https://github.com/LibVNC/libvncserver/commit/c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c
 	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-031-libvnc-infinite-loop/
@@ -53196,7 +53221,7 @@ CVE-2018-20020 (LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d co
 	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
 	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
 	- italc <removed>
-        - veyon 4.1.4+repack1-1
+	- veyon 4.1.4+repack1-1
 	NOTE: https://github.com/LibVNC/libvncserver/issues/250
 	NOTE: https://github.com/LibVNC/libvncserver/commit/09f2f3fb6a5a163e453e5c2979054670c39694bc
 	NOTE: https://github.com/LibVNC/libvncserver/commit/7b1ef0ffc4815cab9a96c7278394152bdc89dc4d



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f499464e8a114430e50ee76fe2b12a64be4254e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f499464e8a114430e50ee76fe2b12a64be4254e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191128/f9083203/attachment.html>
