[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Oct 30 20:10:44 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a0099270 by security tracker role at 2019-10-30T20:10:33Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1107,14 +1107,14 @@ CVE-2019-18209 (templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the brows
- etherpad-lite <itp> (bug #576998)
CVE-2019-18208
RESERVED
-CVE-2019-18207
- RESERVED
-CVE-2019-18206
- RESERVED
-CVE-2019-18205
- RESERVED
-CVE-2019-18204
- RESERVED
+CVE-2019-18207 (In Zucchetti InfoBusiness before and including 4.4.1, an authenticated ...)
+ TODO: check
+CVE-2019-18206 (A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBus ...)
+ TODO: check
+CVE-2019-18205 (Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in ...)
+ TODO: check
+CVE-2019-18204 (Zucchetti InfoBusiness before and including 4.4.1 allows any authentic ...)
+ TODO: check
CVE-2019-18203 (On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabili ...)
NOT-FOR-US: Ricoh
CVE-2019-18202 (Information Disclosure is possible on WAGO Series PFC100 and PFC200 de ...)
@@ -7428,6 +7428,7 @@ CVE-2019-16098 (The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore
CVE-2019-16097 (core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users ...)
NOT-FOR-US: Harbor
CVE-2016-10937 (IMAPFilter through 2.6.12 does not validate the hostname in an SSL cer ...)
+ {DLA-1976-1}
- imapfilter 1:2.6.13-1 (bug #939702)
[buster] - imapfilter <no-dsa> (Minor issue)
[stretch] - imapfilter <no-dsa> (Minor issue)
@@ -8563,9 +8564,10 @@ CVE-2019-15684
RESERVED
CVE-2019-15683 (TurboVNC server code contains stack buffer overflow vulnerability in c ...)
TODO: check
-CVE-2019-15682
- RESERVED
+CVE-2019-15682 (RDesktop version 1.8.4 contains multiple out-of-bound access read vuln ...)
+ TODO: check
CVE-2019-15681 (LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains ...)
+ {DLA-1977-1}
- libvncserver <unfixed> (bug #943793)
NOTE: https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a
CVE-2019-15680 (TightVNC code version 1.3.10 contains null pointer dereference in Hand ...)
@@ -11143,6 +11145,7 @@ CVE-2019-14860
NOT-FOR-US: Syndesis
CVE-2019-14859 [DER encoding is not being verified in signatures]
RESERVED
+ {DLA-1978-1}
- python-ecdsa 0.13.3-1
NOTE: https://github.com/warner/python-ecdsa/issues/114
NOTE: Upstream patches:
@@ -11167,6 +11170,7 @@ CVE-2019-14854
NOT-FOR-US: OpenShift
CVE-2019-14853
RESERVED
+ {DLA-1978-1}
- python-ecdsa 0.13.3-1
NOTE: https://github.com/warner/python-ecdsa/issues/114
NOTE: Upstream patches:
@@ -26829,9 +26833,9 @@ CVE-2019-1010098
RESERVED
CVE-2019-1010097
RESERVED
-CVE-2019-1010096 (domainmod(https://domainmod.org/) domainmod v4.10.0 is affected by: Cr ...)
+CVE-2019-1010096 (DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). T ...)
NOT-FOR-US: domainmod
-CVE-2019-1010095 (domainmod(https://domainmod.org/) domainmod v4.10.0 is affected by: Cr ...)
+CVE-2019-1010095 (DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). T ...)
NOT-FOR-US: domainmod
CVE-2019-1010094 (domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). T ...)
NOT-FOR-US: domainmod
@@ -30310,6 +30314,7 @@ CVE-2019-8773
CVE-2019-8772
RESERVED
CVE-2019-8771
+ RESERVED
- webkit2gtk 2.26.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -30317,11 +30322,13 @@ CVE-2019-8771
CVE-2019-8770
RESERVED
CVE-2019-8769
+ RESERVED
- webkit2gtk 2.26.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
CVE-2019-8768
+ RESERVED
- webkit2gtk 2.24.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -30335,6 +30342,7 @@ CVE-2019-8765
CVE-2019-8764
RESERVED
CVE-2019-8763
+ RESERVED
- webkit2gtk 2.24.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -30394,6 +30402,7 @@ CVE-2019-8737
CVE-2019-8736
RESERVED
CVE-2019-8735
+ RESERVED
- webkit2gtk 2.24.2-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -30401,6 +30410,7 @@ CVE-2019-8735
CVE-2019-8734
RESERVED
CVE-2019-8733
+ RESERVED
- webkit2gtk 2.24.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -30418,6 +30428,7 @@ CVE-2019-8728
CVE-2019-8727
RESERVED
CVE-2019-8726
+ RESERVED
- webkit2gtk 2.24.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -30433,11 +30444,13 @@ CVE-2019-8722
CVE-2019-8721
RESERVED
CVE-2019-8720
+ RESERVED
- webkit2gtk 2.26.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
CVE-2019-8719
+ RESERVED
- webkit2gtk 2.24.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -30465,6 +30478,7 @@ CVE-2019-8709
CVE-2019-8708
RESERVED
CVE-2019-8707
+ RESERVED
- webkit2gtk 2.24.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -30609,6 +30623,7 @@ CVE-2019-8675 [stack-buffer-overflow in libcups's asn1_get_type function]
[stretch] - cups 2.2.1-8+deb9u4
NOTE: https://github.com/apple/cups/commit/f24e6cf6a39300ad0c3726a41a4aab51ad54c109
CVE-2019-8674
+ RESERVED
- webkit2gtk 2.24.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -30750,6 +30765,7 @@ CVE-2019-8627
CVE-2019-8626
RESERVED
CVE-2019-8625
+ RESERVED
- webkit2gtk 2.26.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -33162,11 +33178,9 @@ CVE-2019-7622
RESERVED
CVE-2019-7621
RESERVED
-CVE-2019-7620
- RESERVED
+CVE-2019-7620 (Logstash versions before 7.4.1 and 6.8.4 contain a denial of service f ...)
NOT-FOR-US: Logstash Beats
-CVE-2019-7619
- RESERVED
+CVE-2019-7619 (Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username ...)
- elasticsearch <removed>
CVE-2019-7618 (A local file disclosure flaw was found in Elastic Code versions 7.3.0, ...)
NOT-FOR-US: Elastic Code
@@ -56147,8 +56161,8 @@ CVE-2018-18680
RESERVED
CVE-2018-18679
RESERVED
-CVE-2018-18678
- RESERVED
+CVE-2018-18678 (GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to injec ...)
+ TODO: check
CVE-2018-18677
RESERVED
CVE-2018-18676 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
@@ -62301,8 +62315,8 @@ CVE-2018-16418 (A buffer overflow when handling string concatenation in util_acl
[stretch] - opensc 0.16.0-3+deb9u1
NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-628c8445c4e7ae92bbc4be08ba11a4c3
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
-CVE-2018-16417
- RESERVED
+CVE-2018-16417 (Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, ...)
+ TODO: check
CVE-2018-16416 (Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inl ...)
NOT-FOR-US: FUEL CMS
CVE-2018-16415
@@ -91864,8 +91878,7 @@ CVE-2018-5743 (By design, BIND is intended to limit the number of TCP clients th
NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/d01023aaac35543daffbdf48464e320150235d41
NOTE: Additionally: https://lists.isc.org/pipermail/bind-users/2019-April/101673.html
NOTE: https://gitlab.isc.org/isc-projects/bind9/merge_requests/1864.patch
-CVE-2018-5742 [Crash from assertion error when debug log level is 10 and log entries meet buffer boundary]
- RESERVED
+CVE-2018-5742 (While backporting a feature for a newer branch of BIND9, RedHat introd ...)
- bind9 <not-affected> (Introduced via RedHat specific backport of Negative Trust Anchor (NTA) feature)
NOTE: https://www.openwall.com/lists/oss-security/2018/12/19/6
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1655844
@@ -91901,8 +91914,7 @@ CVE-2018-5737 (A problem with the implementation of the new serve-stale feature
CVE-2018-5736 (An error in zone database reference counting can lead to an assertion ...)
- bind9 <not-affected> (only affects 9.12, not yet packaged)
NOTE: https://kb.isc.org/article/AA-01602
-CVE-2018-5735 [assertion failure in validator.c:1858]
- RESERVED
+CVE-2018-5735 (The Debian backport of the fix for CVE-2017-3137 leads to assertion fa ...)
{DLA-1285-1}
- bind9 1:9.9.3.dfsg.P2-1 (bug #889285)
NOTE: Issue similar/closely related to the CVE-2017-3139 issue in Red Hat.
@@ -96172,19 +96184,19 @@ CVE-2018-4082 (An issue was discovered in certain Apple products. iOS before 11.
CVE-2018-4081
RESERVED
CVE-2018-4080
- RESERVED
+ REJECTED
CVE-2018-4079
- RESERVED
+ REJECTED
CVE-2018-4078
- RESERVED
+ REJECTED
CVE-2018-4077
- RESERVED
+ REJECTED
CVE-2018-4076
- RESERVED
+ REJECTED
CVE-2018-4075
- RESERVED
+ REJECTED
CVE-2018-4074
- RESERVED
+ REJECTED
CVE-2018-4073 (An exploitable Permission Assignment vulnerability exists in the ACEMa ...)
NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4072 (An exploitable Permission Assignment vulnerability exists in the ACEMa ...)
@@ -96212,7 +96224,7 @@ CVE-2018-4062 (A hard-coded credentials vulnerability exists in the snmpd functi
CVE-2018-4061 (An exploitable command injection vulnerability exists in the ACEManage ...)
NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4060
- RESERVED
+ REJECTED
CVE-2018-4059 (An exploitable unsafe default configuration vulnerability exists in th ...)
{DSA-4373-1 DLA-1671-1}
- coturn 4.5.1.0-1
@@ -96617,7 +96629,7 @@ CVE-2018-3871 (An exploitable out-of-bounds write exists in the PCX parsing func
CVE-2018-3870 (An exploitable out-of-bounds write exists in the PCX parsing functiona ...)
NOT-FOR-US: Canvas Draw
CVE-2018-3869
- RESERVED
+ REJECTED
CVE-2018-3868 (A specially crafted TIFF image processed via the application can lead ...)
NOT-FOR-US: Computerinsel Photoline
CVE-2018-3867 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
@@ -108529,65 +108541,65 @@ CVE-2017-16994 (The walk_hugetlb_range function in mm/pagewalk.c in the Linux ke
[wheezy] - linux <not-affected> (Vulnerable code introduced in 4.0)
NOTE: Fixed by: https://git.kernel.org/linus/373c4557d2aa362702c4c2d41288fb1e54990b7c (4.15-rc1)
CVE-2017-16993
- RESERVED
+ REJECTED
CVE-2017-16992
- RESERVED
+ REJECTED
CVE-2017-16991
- RESERVED
+ REJECTED
CVE-2017-16990
- RESERVED
+ REJECTED
CVE-2017-16989
- RESERVED
+ REJECTED
CVE-2017-16988
- RESERVED
+ REJECTED
CVE-2017-16987
- RESERVED
+ REJECTED
CVE-2017-16986
- RESERVED
+ REJECTED
CVE-2017-16985
- RESERVED
+ REJECTED
CVE-2017-16984
- RESERVED
+ REJECTED
CVE-2017-16983
- RESERVED
+ REJECTED
CVE-2017-16982
- RESERVED
+ REJECTED
CVE-2017-16981
- RESERVED
+ REJECTED
CVE-2017-16980
- RESERVED
+ REJECTED
CVE-2017-16979
- RESERVED
+ REJECTED
CVE-2017-16978
- RESERVED
+ REJECTED
CVE-2017-16977
- RESERVED
+ REJECTED
CVE-2017-16976
- RESERVED
+ REJECTED
CVE-2017-16975
- RESERVED
+ REJECTED
CVE-2017-16974
- RESERVED
+ REJECTED
CVE-2017-16973
- RESERVED
+ REJECTED
CVE-2017-16972
- RESERVED
+ REJECTED
CVE-2017-16971
- RESERVED
+ REJECTED
CVE-2017-16970
- RESERVED
+ REJECTED
CVE-2017-16969
- RESERVED
+ REJECTED
CVE-2017-16968
- RESERVED
+ REJECTED
CVE-2017-16967
- RESERVED
+ REJECTED
CVE-2017-16966
- RESERVED
+ REJECTED
CVE-2017-16965
- RESERVED
+ REJECTED
CVE-2017-16964
- RESERVED
+ REJECTED
CVE-2017-16963
RESERVED
CVE-2017-16962 (The WebMail components (Crystal, pronto, and pronto4) in CommuniGate P ...)
@@ -110823,9 +110835,9 @@ CVE-2017-1000243 (Jenkins Favorite Plugin 2.1.4 and older does not perform permi
CVE-2017-1000242 (Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file wit ...)
NOT-FOR-US: Jenkins plugin
CVE-2017-16351
- RESERVED
+ REJECTED
CVE-2017-16350
- RESERVED
+ REJECTED
CVE-2017-16349 (An exploitable XML external entity vulnerability exists in the reporti ...)
NOT-FOR-US: SAP
CVE-2017-16348 (An exploitable denial of service vulnerability exists in Insteon Hub r ...)
@@ -116739,7 +116751,7 @@ CVE-2017-14458 (An exploitable use-after-free vulnerability exists in the JavaSc
CVE-2017-14457 (An exploitable information leak/denial of service vulnerability exists ...)
- cpp-etherum <itp> (bug #860434)
CVE-2017-14456
- RESERVED
+ REJECTED
CVE-2017-14455 (On Insteon Hub 2245-222 devices with firmware version 1012, specially ...)
NOT-FOR-US: Insteon Hub
CVE-2017-14454
@@ -152582,7 +152594,7 @@ CVE-2017-2861 (An exploitable Denial of Service vulnerability exists in the use
CVE-2017-2860 (An exploitable denial-of-service vulnerability exists in the lookup en ...)
NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2859
- RESERVED
+ REJECTED
CVE-2017-2858 (An exploitable denial-of-service vulnerability exists in the traversal ...)
NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2857 (An exploitable buffer overflow vulnerability exists in the DDNS client ...)
@@ -152827,11 +152839,11 @@ CVE-2017-2780 (An exploitable heap buffer overflow vulnerability exists in the X
CVE-2017-2779 (An exploitable memory corruption vulnerability exists in the RSRC segm ...)
NOT-FOR-US: Labview
CVE-2017-2778
- RESERVED
+ REJECTED
CVE-2017-2777 (An exploitable heap overflow vulnerability exists in the ipStringCreat ...)
NOT-FOR-US: Iceni Argus
CVE-2017-2776
- RESERVED
+ REJECTED
CVE-2017-2775 (An exploitable memory corruption vulnerability exists in the LvVariant ...)
NOT-FOR-US: Labview
CVE-2017-2774
@@ -160839,9 +160851,9 @@ CVE-2016-9049 (An exploitable denial-of-service vulnerability exists in the fabr
CVE-2016-9048 (Multiple exploitable SQL Injection vulnerabilities exists in ProcessMa ...)
NOT-FOR-US: ProcessMaker Enterprise Core
CVE-2016-9047
- RESERVED
+ REJECTED
CVE-2016-9046
- RESERVED
+ REJECTED
CVE-2016-9045 (A code execution vulnerability exists in ProcessMaker Enterprise Core ...)
NOT-FOR-US: ProcessMaker Enterprise Core
CVE-2016-9044 (An exploitable command execution vulnerability exists in Information B ...)
@@ -162856,7 +162868,7 @@ CVE-2016-8383 (An exploitable heap corruption vulnerability exists in the Doc_Ge
CVE-2016-8382 (An exploitable heap corruption vulnerability exists in the Doc_SetSumm ...)
NOT-FOR-US: AntennaHouse
CVE-2016-8381
- RESERVED
+ REJECTED
CVE-2016-8380 (The web server in Phoenix Contact ILC PLCs allows access to read and w ...)
NOT-FOR-US: web server in Phoenix Contact ILC PLCs
CVE-2016-8379 (An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 a ...)
@@ -286293,7 +286305,7 @@ CVE-2011-2187
- xscreensaver 5.14-1 (bug #627382)
[squeeze] - xscreensaver <not-affected> (introduced in 5.13)
CVE-2011-2186
- RESERVED
+ REJECTED
NOTE: Disputed gitweb non-issue: https://bugzilla.redhat.com/show_bug.cgi?id=713298
CVE-2011-2181 (Multiple SQL injection vulnerabilities in A Really Simple Chat (ARSC) ...)
NOT-FOR-US: A Really Simple Chat
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0099270af077cce58fc32faea6cca0d7d2abb3a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0099270af077cce58fc32faea6cca0d7d2abb3a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191030/33647980/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list