[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Nov 29 20:10:35 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1841e8a6 by security tracker role at 2019-11-29T20:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2020-1784
+	RESERVED
+CVE-2020-1783
+	RESERVED
+CVE-2020-1782
+	RESERVED
+CVE-2020-1781
+	RESERVED
+CVE-2020-1780
+	RESERVED
+CVE-2020-1779
+	RESERVED
+CVE-2020-1778
+	RESERVED
+CVE-2020-1777
+	RESERVED
+CVE-2020-1776
+	RESERVED
+CVE-2020-1775
+	RESERVED
+CVE-2020-1774
+	RESERVED
+CVE-2020-1773
+	RESERVED
+CVE-2020-1772
+	RESERVED
+CVE-2020-1771
+	RESERVED
+CVE-2020-1770
+	RESERVED
+CVE-2020-1769
+	RESERVED
+CVE-2020-1768
+	RESERVED
+CVE-2020-1767
+	RESERVED
+CVE-2020-1766
+	RESERVED
+CVE-2020-1765
+	RESERVED
+CVE-2019-19394
+	RESERVED
+CVE-2019-19393
+	RESERVED
+CVE-2019-19392
+	RESERVED
+CVE-2019-19391 (In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other pro ...)
+	TODO: check
+CVE-2019-19390
+	RESERVED
+CVE-2019-19389
+	RESERVED
 CVE-2019-19388 (A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_d ...)
 	NOT-FOR-US: FusionPBX
 CVE-2019-19387 (A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_inter ...)
@@ -18,10 +70,10 @@ CVE-2019-19380
 	RESERVED
 CVE-2019-19379 (In app/Controller/TagsController.php in MISP 2.4.118, users can bypass ...)
 	NOT-FOR-US: MISP
-CVE-2019-19378
-	RESERVED
-CVE-2019-19377
-	RESERVED
+CVE-2019-19378 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image  ...)
+	TODO: check
+CVE-2019-19377 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, ...)
+	TODO: check
 CVE-2019-19376 (In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdi ...)
 	NOT-FOR-US: Octopus Deploy
 CVE-2019-19375 (In Octopus Deploy before 2019.10.7, in a configuration where SSL offlo ...)
@@ -1253,8 +1305,8 @@ CVE-2019-18924 (Systematic IRIS WebForms 5.4 is vulnerable to directory traversa
 	NOT-FOR-US: Systematic IRIS WebForms
 CVE-2019-18923 (Insufficient content type validation of proxied resources in go-camo b ...)
 	NOT-FOR-US: go-camo
-CVE-2019-18922
-	RESERVED
+CVE-2019-18922 (A Directory Traversal in the Web interface of the Allied Telesis AT-GS ...)
+	TODO: check
 CVE-2019-18921
 	RESERVED
 CVE-2019-18920
@@ -8869,7 +8921,8 @@ CVE-2019-17112 (An issue was discovered in Zoho ManageEngine DataSecurity Plus b
 	NOT-FOR-US: Zoho
 CVE-2019-17111
 	RESERVED
-CVE-2019-17110 (A security issue was discovered in kube-state-metrics 1.7.x before 1.7 ...)
+CVE-2019-17110
+	REJECTED
 	NOT-FOR-US: kube-state-metrics
 CVE-2019-17109 (Koji through 1.18.0 allows remote Directory Traversal, with resultant  ...)
 	- koji <unfixed> (bug #942146)
@@ -9121,6 +9174,7 @@ CVE-2019-17008
 	RESERVED
 CVE-2019-17007 [Bug 1703979 (CVE-2019-17007) - CVE-2019-17007 nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS]
 	RESERVED
+	{DLA-2015-1}
 	- nss 2:3.45-1
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1798
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1533216
@@ -9786,10 +9840,10 @@ CVE-2019-16769
 	RESERVED
 CVE-2019-16768
 	RESERVED
-CVE-2019-16767
-	RESERVED
-CVE-2019-16766
-	RESERVED
+CVE-2019-16767 (The admin sys mode is now conditional and dedicated for the special ca ...)
+	TODO: check
+CVE-2019-16766 (When using wagtail-2fa before 1.3.0, if someone gains access to someon ...)
+	TODO: check
 CVE-2019-16765 (If an attacker can get a user to open a specially prepared directory t ...)
 	NOT-FOR-US: Vscode
 CVE-2019-16764 (The use of `String.to_atom/1` in PowAssent is susceptible to denial of ...)
@@ -12840,7 +12894,7 @@ CVE-2019-15682 (RDesktop version 1.8.4 contains multiple out-of-bound access rea
 	- rdesktop 1.8.6-1
 	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/10/30/klcert-19-032-denial-of-service-in-rdesktop-before-1-8-4/
 CVE-2019-15681 (LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains ...)
-	{DLA-1979-1 DLA-1977-1}
+	{DLA-2014-1 DLA-1979-1 DLA-1977-1}
 	[experimental] - libvncserver 0.9.12+dfsg-1
 	- libvncserver <unfixed> (bug #943793)
 	- italc <removed>
@@ -15327,8 +15381,7 @@ CVE-2019-14903
 	RESERVED
 CVE-2019-14902
 	RESERVED
-CVE-2019-14901
-	RESERVED
+CVE-2019-14901 (A heap overflow flaw was found in the Linux kernel, all versions 3.x.x ...)
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/2
 CVE-2019-14900
@@ -15338,15 +15391,13 @@ CVE-2019-14899
 CVE-2019-14898 [RHEL-7 specific incompete fix issue for CVE-2019-11599]
 	RESERVED
 	- linux <not-affected> (RHEL-7 specific incomplete fix for CVE-2019-11599)
-CVE-2019-14897 [Stack Overflow in lbs_ibss_join_existing() function of Marvell Wifi Driver in Linux kernel]
-	RESERVED
+CVE-2019-14897 (A stack-based buffer overflow was found in the Linux kernel, version k ...)
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
-CVE-2019-14896 (A vulnerability was found in marvell wifi chip driver in Linux kernel. ...)
+CVE-2019-14896 (A heap-based buffer overflow vulnerability was found in the Linux kern ...)
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
-CVE-2019-14895 [Heap Overflow in mwifiex_process_country_ie() function of Marvell Wifi Driver in Linux kernel]
-	RESERVED
+CVE-2019-14895 (A heap-based buffer overflow was discovered in the Linux kernel, all v ...)
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
 CVE-2019-14894
@@ -15433,8 +15484,7 @@ CVE-2019-14866 [improper input validation when writing tar header fields leads t
 	[stretch] - cpio <no-dsa> (Minor issue)
 	NOTE: https://lists.gnu.org/archive/html/bug-cpio/2019-08/msg00003.html
 	NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=7554e3e42cd72f6f8304410c47fe6f8918e9bfd7
-CVE-2019-14865
-	RESERVED
+CVE-2019-14865 (A flaw was found in the grub2-set-bootflag utility of grub2. A local a ...)
 	- grub2 <not-affected> (Red Hat-specific patch)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1764925
 	NOTE: https://seclists.org/oss-sec/2019/q4/101
@@ -43945,10 +43995,10 @@ CVE-2019-5228 (Certain detection module of P30, P30 Pro, Honor V20 smartphone wh
 	NOT-FOR-US: Huawei
 CVE-2019-5227
 	RESERVED
-CVE-2019-5226
-	RESERVED
-CVE-2019-5225
-	RESERVED
+CVE-2019-5226 (P30, P30 Pro, Mate 20 smartphones with software of versions earlier th ...)
+	TODO: check
+CVE-2019-5225 (P30, Mate 20, P30 Pro smartphones with software of versions earlier th ...)
+	TODO: check
 CVE-2019-5224
 	RESERVED
 CVE-2019-5223 (PCManager 9.1.3.1 has an improper authentication vulnerability. The ce ...)
@@ -53235,7 +53285,7 @@ CVE-2018-20026 (Improper Communication Address Filtering exists in CODESYS V3 pr
 CVE-2018-20025 (Use of Insufficiently Random Values exists in CODESYS V3 products vers ...)
 	NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS V3 Products
 CVE-2018-20024 (LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains ...)
-	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
+	{DSA-4383-1 DLA-2016-1 DLA-1979-1 DLA-1617-1}
 	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
 	- italc <removed>
 	- ssvnc <unfixed> (bug #945827)
@@ -53252,7 +53302,7 @@ CVE-2018-20023 (LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains
 	NOTE: https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
 	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/
 CVE-2018-20022 (LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multip ...)
-	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
+	{DSA-4383-1 DLA-2016-1 DLA-1979-1 DLA-1617-1}
 	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
 	- italc <removed>
 	- ssvnc <unfixed> (bug #945827)
@@ -53261,7 +53311,7 @@ CVE-2018-20022 (LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains
 	NOTE: https://github.com/LibVNC/libvncserver/commit/2f5b2ad1c6c99b1ac6482c95844a84d66bb52838
 	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/
 CVE-2018-20021 (LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains ...)
-	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
+	{DSA-4383-1 DLA-2016-1 DLA-1979-1 DLA-1617-1}
 	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
 	- italc <removed>
 	- ssvnc <unfixed> (bug #945827)
@@ -53270,7 +53320,7 @@ CVE-2018-20021 (LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c co
 	NOTE: https://github.com/LibVNC/libvncserver/commit/c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c
 	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-031-libvnc-infinite-loop/
 CVE-2018-20020 (LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains ...)
-	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
+	{DSA-4383-1 DLA-2016-1 DLA-1979-1 DLA-1617-1}
 	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
 	- italc <removed>
 	- ssvnc <unfixed> (bug #945827)
@@ -91759,7 +91809,7 @@ CVE-2018-7226 (An issue was discovered in vcSetXCutTextProc() in VNConsole.c in
 	[stretch] - vncterm <no-dsa> (Minor issue)
 	NOTE: https://github.com/LibVNC/vncterm/issues/6
 CVE-2018-7225 (An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClie ...)
-	{DSA-4221-1 DLA-1979-1 DLA-1332-1}
+	{DSA-4221-1 DLA-2014-1 DLA-1979-1 DLA-1332-1}
 	- libvncserver 0.9.11+dfsg-1.1 (bug #894045)
 	- italc <removed>
 	- vino <unfixed> (bug #945784)
@@ -229698,7 +229748,7 @@ CVE-2014-6054 (The rfbProcessClientNormalMessage function in libvncserver/rfbser
 	NOTE: https://github.com/newsoft/libvncserver/commit/819481c5e2003cd36d002336c248de8c75de362e (hardening)
 	NOTE: https://github.com/newsoft/libvncserver/commit/e5d9b6a07257c12bf3b6242ddea79ea1c95353a8 (hardening)
 CVE-2014-6053 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c ...)
-	{DSA-3081-1 DLA-1979-1 DLA-197-1}
+	{DSA-3081-1 DLA-2014-1 DLA-1979-1 DLA-197-1}
 	- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
 	- italc 1:3.0.1+dfsg1-1
 	- vino <unfixed> (bug #945784)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1841e8a6d431dbc86f7a778b0c2758db69ad6217

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1841e8a6d431dbc86f7a778b0c2758db69ad6217
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191129/99cce255/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list