[Git][security-tracker-team/security-tracker][master] automatic update

Thu Oct 17 09:10:38 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
33a29c4c by security tracker role at 2019-10-17T08:10:24Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-17666 (rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Lin ...)
+	TODO: check
+CVE-2019-17665 (NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it load ...)
+	TODO: check
+CVE-2019-17664 (NSA Ghidra through 9.0.4 uses a potentially untrusted search path. Whe ...)
+	TODO: check
 CVE-2019-17663 (D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in t ...)
 	NOT-FOR-US: D-Link
 CVE-2019-17662 (ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a c ...)
@@ -109,16 +115,16 @@ CVE-2019-17613 (qibosoft 7 allows remote code execution because do/jf.php makes
 	NOT-FOR-US: qibosoft
 CVE-2019-17612 (An issue was discovered in 74CMS v5.2.8. There is a SQL Injection gene ...)
 	NOT-FOR-US: 74CMS
-CVE-2019-17611
-	RESERVED
-CVE-2019-17610
-	RESERVED
-CVE-2019-17609
-	RESERVED
-CVE-2019-17608
-	RESERVED
-CVE-2019-17607
-	RESERVED
+CVE-2019-17611 (HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. ...)
+	TODO: check
+CVE-2019-17610 (HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. ...)
+	TODO: check
+CVE-2019-17609 (HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. ...)
+	TODO: check
+CVE-2019-17608 (HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. ...)
+	TODO: check
+CVE-2019-17607 (HongCMS 3.0.0 has XSS via the install/index.php servername parameter. ...)
+	TODO: check
 CVE-2019-17606
 	RESERVED
 CVE-2019-17605
@@ -456,6 +462,7 @@ CVE-2019-17506 (There are some web interfaces without authentication requirement
 CVE-2019-17505 (D-Link DAP-1320 A2-V1.21 routers have some web interfaces without auth ...)
 	NOT-FOR-US: D-Link
 CVE-2017-18638 (send_email in graphite-web/webapp/graphite/composer/views.py in Graphi ...)
+	{DLA-1962-1}
 	- graphite-web <unfixed>
 	NOTE: https://github.com/graphite-project/graphite-web/issues/2008
 	NOTE: https://github.com/graphite-project/graphite-web/pull/2499
@@ -8817,12 +8824,14 @@ CVE-2019-14498 (A divide-by-zero error exists in the Control function of demux/c
 	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
 	NOTE: https://www.videolan.org/security/sb-vlc308.html
 CVE-2019-14497 (ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTr ...)
+	{DLA-1961-1}
 	- milkytracker <unfixed> (bug #933964)
 	[buster] - milkytracker <no-dsa> (Minor issue)
 	[stretch] - milkytracker <no-dsa> (Minor issue)
 	NOTE: https://github.com/milkytracker/MilkyTracker/issues/182
 	NOTE: https://github.com/milkytracker/MilkyTracker/commit/ea7772a3fae0a9dd0a322e8fec441d15843703b7
 CVE-2019-14496 (LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 ha ...)
+	{DLA-1961-1}
 	- milkytracker <unfixed> (bug #933964)
 	[buster] - milkytracker <no-dsa> (Minor issue)
 	[stretch] - milkytracker <no-dsa> (Minor issue)
@@ -8933,6 +8942,7 @@ CVE-2019-14465 (fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a
 	NOTE: https://github.com/schismtracker/schismtracker/issues/198
 	NOTE: https://github.com/schismtracker/schismtracker/commit/b78e8d32883f8a865035436af4fa6d541b6ebb42
 CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a  ...)
+	{DLA-1961-1}
 	- milkytracker <unfixed> (bug #933964)
 	[buster] - milkytracker <no-dsa> (Minor issue)
 	[stretch] - milkytracker <no-dsa> (Minor issue)
@@ -20118,6 +20128,7 @@ CVE-2019-10872 (An issue was discovered in Poppler 0.74.0. There is a heap-based
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/750
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/6a1580e84f492b5671d23be98192267bb73de250
 CVE-2019-10871 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...)
+	{DLA-1963-1}
 	[experimental] - poppler 0.81.0-1
 	- poppler <unfixed> (low; bug #926529)
 	[buster] - poppler <postponed> (Revisit when fixed upstream)
@@ -22549,6 +22560,7 @@ CVE-2019-9961 (A cross-site scripting (XSS) vulnerability in ressource view in c
 CVE-2019-9960 (The downloadZip function in application/controllers/admin/export.php i ...)
 	- limesurvey <itp> (bug #472802)
 CVE-2019-9959 (The JPXStream::init function in Poppler 0.78.0 and earlier doesn't che ...)
+	{DLA-1963-1}
 	[experimental] - poppler 0.81.0-1
 	- poppler <unfixed> (low; bug #941776)
 	[buster] - poppler <ignored> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/33a29c4cfc19dcdf0bdd04593743ebd54bd0630a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/33a29c4cfc19dcdf0bdd04593743ebd54bd0630a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191017/4f9f9913/attachment.html>
