[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Oct 21 09:10:26 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fb427565 by security tracker role at 2019-10-21T08:10:13Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2019-18218 (cdf_read_property_info in cdf.c in file through 5.37 does not restrict ...)
+	TODO: check
+CVE-2019-18217 (ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauth ...)
+	TODO: check
 CVE-2019-18216 (** DISPUTED ** The BIOS configuration design on ASUS ROG Zephyrus M GM ...)
 	NOT-FOR-US: BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313
 CVE-2019-18215
@@ -2923,8 +2927,8 @@ CVE-2019-17411
 	RESERVED
 CVE-2019-17410
 	RESERVED
-CVE-2019-17409
-	RESERVED
+CVE-2019-17409 (Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5. ...)
+	TODO: check
 CVE-2019-17408 (parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows re ...)
 	NOT-FOR-US: ZZZCMS
 CVE-2019-17407
@@ -4247,8 +4251,8 @@ CVE-2019-16864
 	RESERVED
 CVE-2019-16863
 	RESERVED
-CVE-2019-16862
-	RESERVED
+CVE-2019-16862 (Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x befor ...)
+	TODO: check
 CVE-2019-16861
 	RESERVED
 CVE-2019-16860
@@ -8895,6 +8899,7 @@ CVE-2019-15166 (lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4
 	- tcpdump 4.9.3-1 (bug #941698)
 	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4
 CVE-2019-15165 (sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB ...)
+	{DLA-1967-1}
 	- libpcap 1.9.1-1 (bug #941697)
 	NOTE: https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab
 	NOTE: https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6
@@ -22797,10 +22802,10 @@ CVE-2019-10718 (BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Bl
 	NOT-FOR-US: BlogEngine.NET
 CVE-2019-10717 (BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via ...)
 	NOT-FOR-US: BlogEngine.NET
-CVE-2019-10716
-	RESERVED
-CVE-2019-10715
-	RESERVED
+CVE-2019-10716 (An Information Disclosure issue in Verodin Director 3.5.3.1 and earlie ...)
+	TODO: check
+CVE-2019-10715 (There is Stored XSS in Verodin Director before 3.5.4.0 via input field ...)
+	TODO: check
 CVE-2019-10714 (LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32  ...)
 	- imagemagick <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1495
@@ -44618,6 +44623,7 @@ CVE-2019-3001 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement produ
 CVE-2019-3000 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
 	NOT-FOR-US: Oracle
 CVE-2019-2999 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...)
+	{DSA-4546-1}
 	- openjdk-11 11.0.5+10-1
 	- openjdk-8 8u232-b09-1
 	- openjdk-7 <removed>
@@ -44635,6 +44641,7 @@ CVE-2019-2993 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
 	- mysql-5.7 <unfixed> (bug #942443)
 	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
 CVE-2019-2992 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
+	{DSA-4546-1}
 	- openjdk-11 11.0.5+10-1
 	- openjdk-8 8u232-b09-1
 	- openjdk-7 <removed>
@@ -44643,14 +44650,17 @@ CVE-2019-2991 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
 CVE-2019-2990 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite  ...)
 	NOT-FOR-US: Oracle
 CVE-2019-2989 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
+	{DSA-4546-1}
 	- openjdk-11 11.0.5+10-1
 	- openjdk-8 8u232-b09-1
 	- openjdk-7 <removed>
 CVE-2019-2988 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
+	{DSA-4546-1}
 	- openjdk-11 11.0.5+10-1
 	- openjdk-8 8u232-b09-1
 	- openjdk-7 <removed>
 CVE-2019-2987 (Vulnerability in the Java SE product of Oracle Java SE (component: 2D) ...)
+	{DSA-4546-1}
 	- openjdk-11 11.0.5+10-1
 	- openjdk-8 8u232-b09-1
 CVE-2019-2986 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
@@ -44661,12 +44671,14 @@ CVE-2019-2984 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtu
 	- virtualbox 6.0.14-dfsg-1
 	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
 CVE-2019-2983 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
+	{DSA-4546-1}
 	- openjdk-11 11.0.5+10-1
 	- openjdk-8 8u232-b09-1
 	- openjdk-7 <removed>
 CVE-2019-2982 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-5.7 <not-affected> (Only affects MySQL 8)
 CVE-2019-2981 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
+	{DSA-4546-1}
 	- openjdk-11 11.0.5+10-1
 	- openjdk-8 8u232-b09-1
 	- openjdk-7 <removed>
@@ -44675,20 +44687,24 @@ CVE-2019-2980 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Or
 CVE-2019-2979 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle  ...)
 	NOT-FOR-US: Oracle
 CVE-2019-2978 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
+	{DSA-4546-1}
 	- openjdk-11 11.0.5+10-1
 	- openjdk-8 8u232-b09-1
 	- openjdk-7 <removed>
 CVE-2019-2977 (Vulnerability in the Java SE product of Oracle Java SE (component: Hot ...)
+	{DSA-4546-1}
 	- openjdk-11 11.0.5+10-1
 CVE-2019-2976 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
 	NOT-FOR-US: Oracle
 CVE-2019-2975 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
+	{DSA-4546-1}
 	- openjdk-11 11.0.5+10-1
 	- openjdk-8 8u232-b09-1
 CVE-2019-2974 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-5.7 <unfixed> (bug #942443)
 	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
 CVE-2019-2973 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
+	{DSA-4546-1}
 	- openjdk-11 11.0.5+10-1
 	- openjdk-8 8u232-b09-1
 	- openjdk-7 <removed>
@@ -44710,12 +44726,14 @@ CVE-2019-2966 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
 CVE-2019-2965 (Vulnerability in the Siebel Core - DB Deployment and Configuration pro ...)
 	NOT-FOR-US: Oracle
 CVE-2019-2964 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
+	{DSA-4546-1}
 	- openjdk-11 11.0.5+10-1
 	- openjdk-8 8u232-b09-1
 	- openjdk-7 <removed>
 CVE-2019-2963 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-5.7 <not-affected> (Only affects MySQL 8)
 CVE-2019-2962 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
+	{DSA-4546-1}
 	- openjdk-11 11.0.5+10-1
 	- openjdk-8 8u232-b09-1
 	- openjdk-7 <removed>
@@ -44747,6 +44765,7 @@ CVE-2019-2951 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources pr
 CVE-2019-2950 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-5.7 <not-affected> (Only affects MySQL 8)
 CVE-2019-2949 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
+	{DSA-4546-1}
 	- openjdk-11 11.0.5+10-1
 	- openjdk-8 8u232-b09-1
 	- openjdk-7 <removed>
@@ -44759,6 +44778,7 @@ CVE-2019-2946 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
 	- mysql-5.7 <unfixed> (bug #942443)
 	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
 CVE-2019-2945 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
+	{DSA-4546-1}
 	- openjdk-11 11.0.5+10-1
 	- openjdk-8 8u232-b09-1
 	- openjdk-7 <removed>
@@ -44875,6 +44895,7 @@ CVE-2019-2896 (Vulnerability in the MICROS Relate CRM Software product of Oracle
 CVE-2019-2895 (Vulnerability in the Enterprise Manager for Exadata product of Oracle  ...)
 	NOT-FOR-US: Oracle
 CVE-2019-2894 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
+	{DSA-4546-1}
 	- openjdk-11 11.0.5+10-1
 	- openjdk-8 8u232-b09-1
 	- openjdk-7 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb42756543ed2ba87047548e7bdbc9fc44cd4a19

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb42756543ed2ba87047548e7bdbc9fc44cd4a19
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191021/dbaabf65/attachment.html>

More information about the debian-security-tracker-commits mailing list