[Git][security-tracker-team/security-tracker][master] automatic update

Sun Oct 6 21:10:34 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
70933710 by security tracker role at 2019-10-06T20:10:22Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2019-17240 (bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypas ...)
+	TODO: check
+CVE-2019-17239
+	RESERVED
+CVE-2019-17238
+	RESERVED
+CVE-2019-17237
+	RESERVED
+CVE-2019-17236
+	RESERVED
+CVE-2019-17235
+	RESERVED
+CVE-2019-17234
+	RESERVED
+CVE-2019-17233
+	RESERVED
+CVE-2019-17232
+	RESERVED
+CVE-2019-17231
+	RESERVED
+CVE-2019-17230
+	RESERVED
+CVE-2019-17229
+	RESERVED
+CVE-2019-17228
+	RESERVED
+CVE-2019-17227
+	RESERVED
+CVE-2019-17226 (CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Modu ...)
+	TODO: check
+CVE-2019-17225 (Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, o ...)
+	TODO: check
+CVE-2019-17224
+	RESERVED
+CVE-2019-17223
+	RESERVED
+CVE-2019-17222
+	RESERVED
+CVE-2019-17221
+	RESERVED
+CVE-2019-17220
+	RESERVED
+CVE-2019-17219 (An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ether ...)
+	TODO: check
+CVE-2019-17218 (An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ether ...)
+	TODO: check
+CVE-2019-17217 (An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ether ...)
+	TODO: check
+CVE-2019-17216 (An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ether ...)
+	TODO: check
+CVE-2019-17215 (An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ether ...)
+	TODO: check
+CVE-2019-17214 (The WebARX plugin 1.3.0 for WordPress allows firewall bypass by append ...)
+	TODO: check
+CVE-2019-17213 (The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS v ...)
+	TODO: check
 CVE-2019-17212
 	RESERVED
 CVE-2019-17211
@@ -580,11 +636,11 @@ CVE-2019-16945
 CVE-2019-16944
 	RESERVED
 CVE-2019-16943 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
-	{DLA-1943-1}
+	{DSA-4542-1 DLA-1943-1}
 	- jackson-databind 2.10.0-2 (bug #941530)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2478
 CVE-2019-16942 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
-	{DLA-1943-1}
+	{DSA-4542-1 DLA-1943-1}
 	- jackson-databind 2.10.0-2 (bug #941530)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2478
 CVE-2019-16941 (NSA Ghidra through 9.0.4, when experimental mode is enabled, allows ar ...)
@@ -2163,7 +2219,7 @@ CVE-2019-16337
 CVE-2019-16336
 	RESERVED
 CVE-2019-16335 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
-	{DLA-1943-1}
+	{DSA-4542-1 DLA-1943-1}
 	- jackson-databind 2.10.0-1 (bug #940498)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2449
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/73c1c2cc76e6cdd7f3a5615cbe3207fe96e4d3db
@@ -7450,7 +7506,7 @@ CVE-2019-14541 (GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_prog
 	[jessie] - open-cobol <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/open-cobol/bugs/584/
 CVE-2019-14540 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
-	{DLA-1943-1}
+	{DSA-4542-1 DLA-1943-1}
 	- jackson-databind 2.10.0-1 (bug #940498)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2410
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2449
@@ -8346,7 +8402,7 @@ CVE-2019-14441 (An issue was discovered in Libav 12.3. An access violation allow
 CVE-2019-14440
 	RESERVED
 CVE-2019-14439 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
-	{DLA-1879-1}
+	{DSA-4542-1 DLA-1879-1}
 	- jackson-databind 2.9.9.3-1 (bug #933393)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2389
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b
@@ -8498,7 +8554,7 @@ CVE-2019-14380 (libopenmpt before 0.4.5 allows a crash during playback due to an
 	[stretch] - libopenmpt <not-affected> (Vulnerable code not present in 0.2 branch)
 	NOTE: https://lib.openmpt.org/libopenmpt/2019/05/27/security-update-0.4.5/
 CVE-2019-14379 (SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mis ...)
-	{DLA-1879-1}
+	{DSA-4542-1 DLA-1879-1}
 	- jackson-databind 2.9.9.3-1 (bug #933393)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2387
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/709337107699d4ece424a82a706924bad350eff3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/709337107699d4ece424a82a706924bad350eff3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191006/a7001f29/attachment-0001.html>
