[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Oct 5 21:10:33 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
228a07fa by security tracker role at 2019-10-05T20:10:22Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2019-17199 (www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory T ...)
+	TODO: check
+CVE-2019-17198
+	RESERVED
+CVE-2019-17197 (OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic f ...)
+	TODO: check
+CVE-2019-17196
+	RESERVED
+CVE-2019-17195
+	RESERVED
+CVE-2019-17194
+	RESERVED
+CVE-2019-17193
+	RESERVED
 CVE-2019-17192 (** DISPUTED ** The WebRTC component in the Signal Private Messenger ap ...)
 	TODO: check
 CVE-2019-17191 (The Signal Private Messenger application before 4.47.7 for Android all ...)
@@ -700,6 +714,7 @@ CVE-2019-16890 (Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/c
 CVE-2019-16889 (Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause  ...)
 	NOT-FOR-US: Ubiquiti EdgeMAX
 CVE-2017-18635 (An XSS vulnerability was discovered in noVNC before 0.6.2 in which the ...)
+	{DLA-1946-1}
 	- novnc 1:1.0.0-1
 	NOTE: https://bugs.launchpad.net/horizon/+bug/1656435
 	NOTE: https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534
@@ -12580,9 +12595,9 @@ CVE-2019-13147 (In Audio File Library (aka audiofile) 0.3.6, there exists one NU
 CVE-2019-13146 (The field_test gem 0.3.0 for Ruby has unvalidated input. A method call ...)
 	NOT-FOR-US: field_test gem
 CVE-2019-13145
-	RESERVED
-CVE-2019-13144
 	REJECTED
+CVE-2019-13144 (myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. This is fixed in  ...)
+	TODO: check
 CVE-2019-13143 (An HTTP parameter pollution issue was discovered on Shenzhen Dragon Br ...)
 	NOT-FOR-US: Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50
 CVE-2019-13142 (The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe)  ...)
@@ -22333,32 +22348,32 @@ CVE-2019-9855 (LibreOffice is typically bundled with LibreLogo, a programmable t
 	- libreoffice <not-affected> (Windows-specific)
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9855/
 CVE-2019-9854 (LibreOffice has a feature where documents can specify that pre-install ...)
-	{DSA-4519-1}
+	{DSA-4519-1 DLA-1947-1}
 	- libreoffice 1:6.3.1~rc2-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9854/
 CVE-2019-9853 (LibreOffice documents can contain macros. The execution of those macro ...)
-	{DSA-4501-1}
+	{DSA-4501-1 DLA-1947-1}
 	- libreoffice 1:6.3.0-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9853
 CVE-2019-9852 (LibreOffice has a feature where documents can specify that pre-install ...)
-	{DSA-4501-1}
+	{DSA-4501-1 DLA-1947-1}
 	- libreoffice 1:6.3.0-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9852/
 CVE-2019-9851 (LibreOffice is typically bundled with LibreLogo, a programmable turtle ...)
-	{DSA-4501-1}
+	{DSA-4501-1 DLA-1947-1}
 	- libreoffice 1:6.3.0-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9851/
 CVE-2019-9850 (LibreOffice is typically bundled with LibreLogo, a programmable turtle ...)
-	{DSA-4501-1}
+	{DSA-4501-1 DLA-1947-1}
 	- libreoffice 1:6.3.0-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9850/
 CVE-2019-9849 (LibreOffice has a 'stealth mode' in which only documents from location ...)
-	{DSA-4483-1}
+	{DSA-4483-1 DLA-1947-1}
 	[experimental] - libreoffice 1:6.3.0~beta2-1
 	- libreoffice 1:6.3.0~rc1-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9849/
 CVE-2019-9848 (LibreOffice has a feature where documents can specify that pre-install ...)
-	{DSA-4483-1}
+	{DSA-4483-1 DLA-1947-1}
 	[experimental] - libreoffice 1:6.3.0~beta2-1
 	- libreoffice 1:6.3.0~rc1-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9848/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/228a07fa76c73594e791f696ac2168cd33cd5e09

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/228a07fa76c73594e791f696ac2168cd33cd5e09
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191005/0ff42f30/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list