[Git][security-tracker-team/security-tracker][master] new linux issue
Moritz Muehlenhoff
jmm at debian.org
Mon Sep 16 16:37:14 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9ee93f0a by Moritz Muehlenhoff at 2019-09-16T15:36:18Z
new linux issue
cups CVE assigned
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16393,9 +16393,9 @@ CVE-2019-10894 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS
CVE-2019-10893 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open So ...)
NOT-FOR-US: CentOS-WebPanel.com
CVE-2019-10892 (hnap_main in /htdocs/cgibin on D-link DIR-806 v1.0 devices has a stack ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-10891 (D-Link DIR-806 devices allow remote attackers to execute arbitrary she ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-10890
RESERVED
CVE-2019-10889
@@ -16710,7 +16710,7 @@ CVE-2019-10751 (All versions of the HTTPie package prior to version 1.0.3 are vu
NOTE: https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107
NOTE: https://github.com/jakubroztocil/httpie/commit/df36d6255df5793129b02ac82f1010171bd8a0a8
CVE-2019-10750 (deeply is vulnerable to Prototype Pollution in versions before 3.1.0. ...)
- TODO: check
+ NOT-FOR-US: deeply
CVE-2019-10749
RESERVED
CVE-2019-10748
@@ -16792,7 +16792,7 @@ CVE-2019-10726
CVE-2019-10725
RESERVED
CVE-2019-10724 (There is a vulnerability with the Dolby DAX2 API system services in wh ...)
- TODO: check
+ NOT-FOR-US: Dolby
CVE-2019-10723 (An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class i ...)
- libpodofo <unfixed> (low; bug #926667)
[buster] - libpodofo <no-dsa> (Minor issue)
@@ -16934,7 +16934,7 @@ CVE-2019-10711 (Incorrect access control in the RTSP stream and web portal on al
CVE-2019-10710 (Insecure permissions in the Web management portal on all IP cameras ba ...)
NOT-FOR-US: IP cameras based on Hisilicon Hi3510 firmware
CVE-2019-10709 (AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a ...)
- TODO: check
+ NOT-FOR-US: Asus
CVE-2019-10708 (S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike i ...)
NOT-FOR-US: S-CMS PHP
CVE-2019-10707 (MKCMS V5.0 has SQL injection via the bplay.php play parameter. ...)
@@ -21331,11 +21331,11 @@ CVE-2019-9450 (In the Android kernel in the FingerTipS touchscreen driver there
CVE-2019-9449 (In the Android kernel in FingerTipS touchscreen driver there is a poss ...)
TODO: check
CVE-2019-9448 (In the Android kernel in the FingerTipS touchscreen driver there is a ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9447 (In the Android kernel in the FingerTipS touchscreen driver there is a ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9446 (In the Android kernel in the FingerTipS touchscreen driver there is a ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9445 (In the Android kernel in F2FS driver there is a possible out of bounds ...)
TODO: check
CVE-2019-9444 (In the Android kernel in sync debug fs driver there is a kernel pointe ...)
@@ -21355,7 +21355,7 @@ CVE-2019-9438
CVE-2019-9437
RESERVED
CVE-2019-9436 (In the Android kernel in the bootloader there is a possible secure boo ...)
- TODO: check
+ NOT-FOR-US: LG components for Android
CVE-2019-9435
RESERVED
CVE-2019-9434
@@ -21375,7 +21375,7 @@ CVE-2019-9428
CVE-2019-9427
RESERVED
CVE-2019-9426 (In the Android kernel in Bluetooth there is a possible out of bounds w ...)
- TODO: check
+ NOT-FOR-US: Broadcom components for Android
CVE-2019-9425
RESERVED
CVE-2019-9424
@@ -22039,11 +22039,11 @@ CVE-2019-9162 (In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snm
NOTE: Fixed by: https://git.kernel.org/linus/c4c07b4d6fa1f11880eab8e076d3d060ef3f55fc
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1776
CVE-2019-9155 (A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who ...)
- TODO: check
+ NOT-FOR-US: OpenPGP.js (not used by Enigmail in Debian)
CVE-2019-9154 (Improper Verification of a Cryptographic Signature in OpenPGP.js <= ...)
- TODO: check
+ NOT-FOR-US: OpenPGP.js (not used by Enigmail in Debian)
CVE-2019-9153 (Improper Verification of a Cryptographic Signature in OpenPGP.js <= ...)
- TODO: check
+ NOT-FOR-US: OpenPGP.js (not used by Enigmail in Debian)
CVE-2019-9152 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
- hdf5 <unfixed>
[buster] - hdf5 <no-dsa> (Minor issue)
@@ -23969,11 +23969,11 @@ CVE-2019-8453 (Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 a
CVE-2019-8452 (A hard-link created from log file archive of Check Point ZoneAlarm up ...)
NOT-FOR-US: Check Point ZoneAlarm
CVE-2019-8451 (The /plugins/servlet/gadgets/makeRequest resource in Jira before versi ...)
- TODO: check
+ NOT-FOR-US: Jira
CVE-2019-8450 (Various templates of the Optimization plugin in Jira before version 7. ...)
- TODO: check
+ NOT-FOR-US: Jira
CVE-2019-8449 (The /rest/api/latest/groupuserpicker resource in Jira before version 8 ...)
- TODO: check
+ NOT-FOR-US: Jira
CVE-2019-8448 (The login.jsp resource in Jira before version 7.13.4, and from version ...)
NOT-FOR-US: Atlassian Jira
CVE-2019-8447 (The ServiceExecutor resource in Jira before version 8.3.2 allows remot ...)
@@ -24843,7 +24843,7 @@ CVE-2019-8078
CVE-2019-8077 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
NOT-FOR-US: Adobe
CVE-2019-8076 (Adobe application manager installer version 10.0 have an Insecure Libr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8075
RESERVED
CVE-2019-8074
@@ -30053,7 +30053,7 @@ CVE-2019-6011
CVE-2019-6010
RESERVED
CVE-2019-6009 (Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows rem ...)
- TODO: check
+ NOT-FOR-US: SHIRASAGI
CVE-2019-6008
RESERVED
CVE-2019-6007 (Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows ...)
@@ -30061,11 +30061,11 @@ CVE-2019-6007 (Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 al
CVE-2019-6006
RESERVED
CVE-2019-6005 (Smart TV Box firmware version prior to 1300 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Smart TV Box
CVE-2019-6004 (Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 ...)
- TODO: check
+ NOT-FOR-US: ApeosWare Management Suite
CVE-2019-6003 (Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugi ...)
- TODO: check
+ NOT-FOR-US: EC-CUBE
CVE-2019-6002 (Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 a ...)
NOT-FOR-US: Central Dogma
CVE-2019-6001 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...)
@@ -30079,17 +30079,17 @@ CVE-2019-5998 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series
CVE-2019-5997
RESERVED
CVE-2019-5996 (SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earli ...)
- TODO: check
+ NOT-FOR-US: Video Insight VMS
CVE-2019-5995 (Missing authorization vulnerability exists in EOS series digital camer ...)
NOT-FOR-US: Canon
CVE-2019-5994 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...)
NOT-FOR-US: Canon
CVE-2019-5993 (Cross-site request forgery (CSRF) vulnerability in Category Specific R ...)
- TODO: check
+ NOT-FOR-US: Category Specific RSS feed Subscription
CVE-2019-5992 (Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Sim ...)
- TODO: check
+ NOT-FOR-US: WordPress Ultra Simple Paypal Shopping Cart
CVE-2019-5991 (SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allow ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5990
RESERVED
CVE-2019-5989
@@ -30099,9 +30099,9 @@ CVE-2019-5988
CVE-2019-5987
RESERVED
CVE-2019-5986 (Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router ...)
- TODO: check
+ NOT-FOR-US: Hikari
CVE-2019-5985 (Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay ...)
- TODO: check
+ NOT-FOR-US: Hikari
CVE-2019-5984 (Cross-site request forgery (CSRF) vulnerability in Custom CSS Pro 1.0. ...)
NOT-FOR-US: Custom CSS Pro
CVE-2019-5983 (Cross-site request forgery (CSRF) vulnerability in HTML5 Maps 1.6.5.6 ...)
@@ -30115,13 +30115,13 @@ CVE-2019-5980 (Cross-site request forgery (CSRF) vulnerability in Related YouTub
CVE-2019-5979 (Cross-site request forgery (CSRF) vulnerability in Personalized WooCom ...)
NOT-FOR-US: Personalized WooCommerce Cart Page
CVE-2019-5978 (Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows re ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5977 (Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 m ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5976 (Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative r ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5975 (DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5974 (Cross-site request forgery (CSRF) vulnerability in Contest Gallery ver ...)
NOT-FOR-US: Contest Gallery
CVE-2019-5973 (Cross-site request forgery (CSRF) vulnerability in Online Lesson Booki ...)
@@ -30159,7 +30159,7 @@ CVE-2019-5958 (Untrusted search path vulnerability in Electronic reception and e
CVE-2019-5957 (Untrusted search path vulnerability in Installer of Electronic recepti ...)
NOT-FOR-US: Electronic reception and examination of application for radio licenses Online
CVE-2019-5956 (Directory traversal vulnerability in WonderCMS 2.6.0 and earlier allow ...)
- TODO: check
+ NOT-FOR-US: WonderCMS
CVE-2019-5955 (CREATE SD official App for Android version 1.0.2 and earlier allows re ...)
NOT-FOR-US: CREATE SD official App for Android
CVE-2019-5954 (JR East Japan train operation information push notification App for An ...)
@@ -31171,15 +31171,18 @@ CVE-2019-5614
CVE-2019-5613
RESERVED
CVE-2019-5612 (In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEAS ...)
- TODO: check
+ - kfreebsd-10 <unfixed> (unimportant)
+ NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:23.midi.asc
CVE-2019-5611 (In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEAS ...)
- TODO: check
+ - kfreebsd-10 <unfixed> (unimportant)
+ NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:22.mbuf.asc
CVE-2019-5610 (In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEAS ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2019-5609 (In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEAS ...)
- TODO: check
+ - kfreebsd-10 <unfixed> (unimportant)
+ NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:21.bhyve.asc
CVE-2019-5608 (In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEAS ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2019-5607 (In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEAS ...)
NOT-FOR-US: FreeBSD userspace
CVE-2019-5606 (In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEAS ...)
@@ -31222,11 +31225,11 @@ CVE-2019-5595 (In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STA
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:01.syscall.asc
NOTE: kfreebsd not covered by security support
CVE-2019-5594 (An Improper Neutralization of Input During Web Page Generation ("Cross ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2019-5593
RESERVED
CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2019-5591
RESERVED
CVE-2019-5590 (The URL part of the report message is not encoded in Fortinet FortiWeb ...)
@@ -40753,8 +40756,10 @@ CVE-2019-2192
RESERVED
CVE-2019-2191
RESERVED
+ NOT-FOR-US: LG components for Android
CVE-2019-2190
RESERVED
+ NOT-FOR-US: LG components for Android
CVE-2019-2189
RESERVED
CVE-2019-2188
@@ -40773,21 +40778,25 @@ CVE-2019-2182 (In the Android kernel in the kernel MMU code there is a possible
- linux 4.16.5-1
NOTE: Fixed by: https://git.kernel.org/linus/15122ee2c515a253b0c66a3e618bc7ebe35105eb
CVE-2019-2181 (In binder_transaction of binder.c in the Android kernel, there is a po ...)
- TODO: check
+ - linux 5.2.6-1
CVE-2019-2180 (In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possi ...)
- TODO: check
+ - cups 2.2.12-1 (bug #934957)
+ [buster] - cups 2.2.10-6+deb10u1
+ [stretch] - cups 2.2.1-8+deb9u4
+ NOTE: Covers the "Fixed IPP buffer overflow (rdar://50035411)" angle of
+ NOTE: https://github.com/apple/cups/commit/f24e6cf6a39300ad0c3726a41a4aab51ad54c109
CVE-2019-2179 (In NDEF_MsgValidate of ndef_utils in Android 7.1.1, 7.1.2, 8.0, 8.1 an ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-2178 (In rw_t4t_sm_read_ndef of rw_t4t in Android 7.1.1, 7.1.2, 8.0, 8.1 and ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-2177 (In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 an ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-2176 (In ihevcd_parse_buffering_period_sei of ihevcd_parse_headers.c in Andr ...)
- TODO: check
+ NOT-FOR-US: Android media framework
CVE-2019-2175 (In checkAccess of SliceManagerService.java in Android 9, there is a po ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-2174 (In SensorManager::assertStateLocked of SensorManager.cpp in Android 7. ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-2173
RESERVED
CVE-2019-2172
@@ -40887,9 +40896,9 @@ CVE-2019-2126 (In ParseContentEncodingEntry of mkvparser.cc, there is a possible
CVE-2019-2125 (In ChangeDefaultDialerDialog.java, there is a possible escalation of p ...)
NOT-FOR-US: Android
CVE-2019-2124 (In ComposeActivityEmailExternal of ComposeActivityEmailExternal.java i ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-2123 (In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-2122 (In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.j ...)
NOT-FOR-US: Android
CVE-2019-2121 (In ActivityManagerService.attachApplication of ActivityManagerService, ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ee93f0ab35ba4b45947672435db8116f7c33c35
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ee93f0ab35ba4b45947672435db8116f7c33c35
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190916/26062ab9/attachment.html>
More information about the debian-security-tracker-commits
mailing list