[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Sep 6 21:10:33 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
73fcd32a by security tracker role at 2019-09-06T20:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,213 @@
+CVE-2019-16060 (The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist ...)
+	TODO: check
+CVE-2019-16059 (Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker t ...)
+	TODO: check
+CVE-2019-16058 (An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for O ...)
+	TODO: check
+CVE-2019-16057
+	RESERVED
+CVE-2019-16056 (An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3 ...)
+	TODO: check
+CVE-2019-16055
+	RESERVED
+CVE-2019-16054
+	RESERVED
+CVE-2019-16053
+	RESERVED
+CVE-2019-16052
+	RESERVED
+CVE-2019-16051
+	RESERVED
+CVE-2019-16050
+	RESERVED
+CVE-2019-16049
+	RESERVED
+CVE-2019-16048
+	RESERVED
+CVE-2019-16047
+	RESERVED
+CVE-2019-16046
+	RESERVED
+CVE-2019-16045
+	RESERVED
+CVE-2019-16044
+	RESERVED
+CVE-2019-16043
+	RESERVED
+CVE-2019-16042
+	RESERVED
+CVE-2019-16041
+	RESERVED
+CVE-2019-16040
+	RESERVED
+CVE-2019-16039
+	RESERVED
+CVE-2019-16038
+	RESERVED
+CVE-2019-16037
+	RESERVED
+CVE-2019-16036
+	RESERVED
+CVE-2019-16035
+	RESERVED
+CVE-2019-16034
+	RESERVED
+CVE-2019-16033
+	RESERVED
+CVE-2019-16032
+	RESERVED
+CVE-2019-16031
+	RESERVED
+CVE-2019-16030
+	RESERVED
+CVE-2019-16029
+	RESERVED
+CVE-2019-16028
+	RESERVED
+CVE-2019-16027
+	RESERVED
+CVE-2019-16026
+	RESERVED
+CVE-2019-16025
+	RESERVED
+CVE-2019-16024
+	RESERVED
+CVE-2019-16023
+	RESERVED
+CVE-2019-16022
+	RESERVED
+CVE-2019-16021
+	RESERVED
+CVE-2019-16020
+	RESERVED
+CVE-2019-16019
+	RESERVED
+CVE-2019-16018
+	RESERVED
+CVE-2019-16017
+	RESERVED
+CVE-2019-16016
+	RESERVED
+CVE-2019-16015
+	RESERVED
+CVE-2019-16014
+	RESERVED
+CVE-2019-16013
+	RESERVED
+CVE-2019-16012
+	RESERVED
+CVE-2019-16011
+	RESERVED
+CVE-2019-16010
+	RESERVED
+CVE-2019-16009
+	RESERVED
+CVE-2019-16008
+	RESERVED
+CVE-2019-16007
+	RESERVED
+CVE-2019-16006
+	RESERVED
+CVE-2019-16005
+	RESERVED
+CVE-2019-16004
+	RESERVED
+CVE-2019-16003
+	RESERVED
+CVE-2019-16002
+	RESERVED
+CVE-2019-16001
+	RESERVED
+CVE-2019-16000
+	RESERVED
+CVE-2019-15999
+	RESERVED
+CVE-2019-15998
+	RESERVED
+CVE-2019-15997
+	RESERVED
+CVE-2019-15996
+	RESERVED
+CVE-2019-15995
+	RESERVED
+CVE-2019-15994
+	RESERVED
+CVE-2019-15993
+	RESERVED
+CVE-2019-15992
+	RESERVED
+CVE-2019-15991
+	RESERVED
+CVE-2019-15990
+	RESERVED
+CVE-2019-15989
+	RESERVED
+CVE-2019-15988
+	RESERVED
+CVE-2019-15987
+	RESERVED
+CVE-2019-15986
+	RESERVED
+CVE-2019-15985
+	RESERVED
+CVE-2019-15984
+	RESERVED
+CVE-2019-15983
+	RESERVED
+CVE-2019-15982
+	RESERVED
+CVE-2019-15981
+	RESERVED
+CVE-2019-15980
+	RESERVED
+CVE-2019-15979
+	RESERVED
+CVE-2019-15978
+	RESERVED
+CVE-2019-15977
+	RESERVED
+CVE-2019-15976
+	RESERVED
+CVE-2019-15975
+	RESERVED
+CVE-2019-15974
+	RESERVED
+CVE-2019-15973
+	RESERVED
+CVE-2019-15972
+	RESERVED
+CVE-2019-15971
+	RESERVED
+CVE-2019-15970
+	RESERVED
+CVE-2019-15969
+	RESERVED
+CVE-2019-15968
+	RESERVED
+CVE-2019-15967
+	RESERVED
+CVE-2019-15966
+	RESERVED
+CVE-2019-15965
+	RESERVED
+CVE-2019-15964
+	RESERVED
+CVE-2019-15963
+	RESERVED
+CVE-2019-15962
+	RESERVED
+CVE-2019-15961
+	RESERVED
+CVE-2019-15960
+	RESERVED
+CVE-2019-15959
+	RESERVED
+CVE-2019-15958
+	RESERVED
+CVE-2019-15957
+	RESERVED
+CVE-2019-15956
+	RESERVED
 CVE-2019-XXXX [5.2.3 fixes several XSS and other security bugs]
 	- wordpress 5.2.3+dfsg1-1 (bug #939543)
 	TODO: needs proper split up after CVE assignment in individual entries
@@ -145,6 +355,7 @@ CVE-2019-15905
 CVE-2019-15904
 	RESERVED
 CVE-2019-15903 (In libexpat before 2.2.8, crafted XML input could fool the parser into ...)
+	{DLA-1912-1}
 	- expat 2.2.7-2 (bug #939394)
 	NOTE: https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43
 	NOTE: https://github.com/libexpat/libexpat/issues/317
@@ -172,8 +383,7 @@ CVE-2019-15893
 	RESERVED
 CVE-2019-15891
 	RESERVED
-CVE-2019-15890 [Slirp: use-after-free during packet reassembly]
-	RESERVED
+CVE-2019-15890 (libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reas ...)
 	- slirp4netns <unfixed>
 	- qemu <unfixed>
 	- qemu-kvm <removed>
@@ -294,8 +504,8 @@ CVE-2015-9381 (FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get
 	- freetype 2.6.1-0.1
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=7962a15d64c876870ca0ae435ea2467d9be268d9
 	NOTE: https://savannah.nongnu.org/bugs/?45955
-CVE-2019-15846 [local or remote attacker can execute programs with root privileges]
-	RESERVED
+CVE-2019-15846 (Exim before 4.92.2 allows remote attackers to execute arbitrary code a ...)
+	{DSA-4517-1 DLA-1911-1}
 	- exim4 4.92.1-3
 	NOTE: https://www.openwall.com/lists/oss-security/2019/09/04/1
 	NOTE: https://git.exim.org/exim.git/commit/2600301ba6dbac5c9d640c87007a07ee6dcea1f4
@@ -2329,8 +2539,8 @@ CVE-2019-15104 (An issue was discovered in Zoho ManageEngine OpManager through 1
 	NOT-FOR-US: Zoho ManageEngine OpManager
 CVE-2019-15103
 	RESERVED
-CVE-2019-15102
-	RESERVED
+CVE-2019-15102 (An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner ...)
+	TODO: check
 CVE-2019-15101
 	RESERVED
 CVE-2019-15100
@@ -3273,8 +3483,7 @@ CVE-2019-14815
 CVE-2019-14814
 	RESERVED
 	- linux <unfixed>
-CVE-2019-14813
-	RESERVED
+CVE-2019-14813 (A flaw was found in ghostscript, versions 9.x before 9.28, in the sets ...)
 	- ghostscript <unfixed>
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701443
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
@@ -5484,8 +5693,8 @@ CVE-2019-14225
 	RESERVED
 CVE-2019-14224 (An issue was discovered in Alfresco Community Edition 5.2 201707. By l ...)
 	TODO: check
-CVE-2019-14223
-	RESERVED
+CVE-2019-14223 (An issue was discovered in Alfresco Community Edition versions below 5 ...)
+	TODO: check
 CVE-2019-14222 (An issue was discovered in Alfresco Community Edition versions 6.0 and ...)
 	TODO: check
 CVE-2019-14221 (1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishan ...)
@@ -6088,8 +6297,8 @@ CVE-2019-13955 (Mikrotik RouterOS before 6.44.5 (long-term release tree) is vuln
 	NOT-FOR-US: Mikrotik RouterOS
 CVE-2019-13954 (Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable ...)
 	NOT-FOR-US: Mikrotik RouterOS
-CVE-2019-13953
-	RESERVED
+CVE-2019-13953 (An exploitable authentication bypass vulnerability exists in the Bluet ...)
+	TODO: check
 CVE-2019-13952 (The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and  ...)
 	- gdnsd <unfixed> (unimportant; bug #932407)
 	NOTE: https://github.com/gdnsd/gdnsd/issues/185
@@ -6694,8 +6903,8 @@ CVE-2019-13658
 	RESERVED
 CVE-2019-13657
 	RESERVED
-CVE-2019-13656
-	RESERVED
+CVE-2019-13656 (An access vulnerability in CA Common Services DIA of CA Technologies C ...)
+	TODO: check
 CVE-2019-13655 (Imgix through 2019-06-19 allows remote attackers to cause a denial of  ...)
 	NOT-FOR-US: Imgix
 CVE-2019-13654
@@ -8071,8 +8280,8 @@ CVE-2019-13519
 	RESERVED
 CVE-2019-13518 (An attacker could use a specially crafted project file to overflow the ...)
 	TODO: check
-CVE-2019-13517
-	RESERVED
+CVE-2019-13517 (In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Serve ...)
+	TODO: check
 CVE-2019-13516 (In OSIsoft PI Web API and prior, the affected product is vulnerable to ...)
 	NOT-FOR-US: OSIsoft LLC
 CVE-2019-13515 (OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive in ...)
@@ -12250,10 +12459,10 @@ CVE-2019-11928
 	RESERVED
 CVE-2019-11927
 	RESERVED
-CVE-2019-11926
-	RESERVED
-CVE-2019-11925
-	RESERVED
+CVE-2019-11926 (Insufficient boundary checks when processing M_SOFx markers from JPEG  ...)
+	TODO: check
+CVE-2019-11925 (Insufficient boundary checks when processing the JPEG APP12 block mark ...)
+	TODO: check
 CVE-2019-11924 (A peer could send empty handshake fragments containing only padding wh ...)
 	TODO: check
 CVE-2019-11923
@@ -12657,7 +12866,7 @@ CVE-2019-11753
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11753
 CVE-2019-11752
 	RESERVED
-	{DSA-4516-1}
+	{DSA-4516-1 DLA-1910-1}
 	- firefox 69.0-1
 	- firefox-esr 68.1.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11752
@@ -12703,7 +12912,7 @@ CVE-2019-11747
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11747
 CVE-2019-11746
 	RESERVED
-	{DSA-4516-1}
+	{DSA-4516-1 DLA-1910-1}
 	- firefox 69.0-1
 	- firefox-esr 68.1.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11746
@@ -12713,7 +12922,7 @@ CVE-2019-11745
 	RESERVED
 CVE-2019-11744
 	RESERVED
-	{DSA-4516-1}
+	{DSA-4516-1 DLA-1910-1}
 	- firefox 69.0-1
 	- firefox-esr 68.1.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11744
@@ -12721,7 +12930,7 @@ CVE-2019-11744
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11744
 CVE-2019-11743
 	RESERVED
-	{DSA-4516-1}
+	{DSA-4516-1 DLA-1910-1}
 	- firefox 69.0-1
 	- firefox-esr 68.1.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11743
@@ -12729,7 +12938,7 @@ CVE-2019-11743
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11743
 CVE-2019-11742
 	RESERVED
-	{DSA-4516-1}
+	{DSA-4516-1 DLA-1910-1}
 	- firefox 69.0-1
 	- firefox-esr 68.1.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11742
@@ -12741,7 +12950,7 @@ CVE-2019-11741
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11741
 CVE-2019-11740
 	RESERVED
-	{DSA-4516-1}
+	{DSA-4516-1 DLA-1910-1}
 	- firefox 69.0-1
 	- firefox-esr 68.1.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11740
@@ -18721,10 +18930,10 @@ CVE-2019-9858 (Remote code execution was discovered in Horde Groupware Webmail 5
 	NOTE: https://github.com/horde/Form/commit/c916ba979ad1613d76a9407dd0b67968a9594c0e
 CVE-2019-9856
 	RESERVED
-CVE-2019-9855
-	RESERVED
-CVE-2019-9854
-	RESERVED
+CVE-2019-9855 (LibreOffice is typically bundled with LibreLogo, a programmable turtle ...)
+	TODO: check
+CVE-2019-9854 (LibreOffice has a feature where documents can specify that pre-install ...)
+	TODO: check
 CVE-2019-9853
 	RESERVED
 CVE-2019-9852 (LibreOffice has a feature where documents can specify that pre-install ...)
@@ -18922,7 +19131,7 @@ CVE-2019-9813 (Incorrect handling of __proto__ mutations may lead to type confus
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/#CVE-2019-9813
 CVE-2019-9812
 	RESERVED
-	{DSA-4516-1}
+	{DSA-4516-1 DLA-1910-1}
 	- firefox 69.0-1
 	- firefox-esr 68.1.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-9812
@@ -47492,8 +47701,8 @@ CVE-2018-18883 (An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x8
 	NOTE: https://xenbits.xen.org/xsa/advisory-278.txt
 CVE-2018-18631 (mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 befo ...)
 	NOT-FOR-US: Synacor Zimbra Collaboration Suite
-CVE-2018-18630
-	RESERVED
+CVE-2018-18630 (A vulnerability was found in McKesson Cardiology product 13.x and 14.x ...)
+	TODO: check
 CVE-2018-18629 (An issue was discovered in the Keybase command-line client before 2.8. ...)
 	NOT-FOR-US: Keybase command-line client
 CVE-2018-18628 (An issue was discovered in Pippo 1.11.0. The function SerializationSes ...)
@@ -81237,8 +81446,8 @@ CVE-2018-6242 (Some NVIDIA Tegra mobile processors released prior to 2016 contai
 	NOT-FOR-US: NVIDIA
 CVE-2018-6241 (NVIDIA Tegra Gralloc module contains a vulnerability in driver in whic ...)
 	NOT-FOR-US: NVIDIA
-CVE-2018-6240
-	RESERVED
+CVE-2018-6240 (NVIDIA Tegra contains a vulnerability in BootRom where a user with ker ...)
+	TODO: check
 CVE-2018-6239 (NVIDIA Jetson TX2 contains a vulnerability by means of speculative exe ...)
 	NOT-FOR-US: NVIDIA
 CVE-2018-6238
@@ -95064,7 +95273,7 @@ CVE-2017-17546
 	RESERVED
 CVE-2017-17545
 	RESERVED
-CVE-2017-17544 (A privilege escalation vulnerability in Fortinet FortiOS all versions  ...)
+CVE-2017-17544 (A privilege escalation vulnerability in Fortinet FortiOS before 5.6.11 ...)
 	NOT-FOR-US: Fortinet FortiOS
 CVE-2017-17543 (Users' VPN authentication credentials are unsafely encrypted in Fortin ...)
 	NOT-FOR-US: Fortinet FortiClient
@@ -157152,8 +157361,8 @@ CVE-2016-7400 (Multiple SQL injection vulnerabilities in Exponent CMS before 2.4
 	NOT-FOR-US: Exponent CMS
 CVE-2016-7399 (scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6. ...)
 	NOT-FOR-US: Veritas NetBackup Applianc
-CVE-2016-7398
-	RESERVED
+CVE-2016-7398 (A type confusion vulnerability in the merge_param() function of php_ht ...)
+	TODO: check
 CVE-2016-7397 (The Frontend component in Sophos UTM with firmware 9.405-5 and earlier ...)
 	NOT-FOR-US: Sophos UTM
 CVE-2016-7396



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/73fcd32a0430721592c2406e82944b596d13e1c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/73fcd32a0430721592c2406e82944b596d13e1c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190906/df9f3168/attachment.html>

More information about the debian-security-tracker-commits mailing list