[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Sep 20 09:10:30 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2025d415 by security tracker role at 2019-09-20T08:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2019-16537
+	RESERVED
+CVE-2019-16536
+	RESERVED
+CVE-2019-16535
+	RESERVED
+CVE-2019-16534
+	RESERVED
+CVE-2019-16533
+	RESERVED
+CVE-2019-16532
+	RESERVED
+CVE-2019-16531 (LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by chan ...)
+	TODO: check
+CVE-2019-16530
+	RESERVED
+CVE-2019-16529
+	RESERVED
+CVE-2019-16528
+	RESERVED
+CVE-2019-16527
+	RESERVED
+CVE-2019-16526
+	RESERVED
 CVE-2019-16525 (An XSS issue was discovered in the checklist plugin before 1.1.9 for W ...)
 	NOT-FOR-US: checklist plugin for WordPress
 CVE-2019-16524
@@ -1680,6 +1704,7 @@ CVE-2019-15893
 CVE-2019-15891
 	RESERVED
 CVE-2019-15890 (libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reas ...)
+	{DLA-1927-1}
 	- slirp4netns <unfixed> (bug #939868)
 	[buster] - slirp4netns <no-dsa> (Minor issue)
 	- qemu <unfixed> (bug #939869)
@@ -6615,7 +6640,7 @@ CVE-2019-14379 (SubTypeValidator.java in FasterXML jackson-databind before 2.9.9
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2387
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b
 CVE-2019-14378 (ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overf ...)
-	{DSA-4512-1 DSA-4506-1}
+	{DSA-4512-1 DSA-4506-1 DLA-1927-1}
 	- qemu 1:4.1-1 (bug #933741)
 	- qemu-kvm <removed>
 	- slirp4netns 0.3.2-1 (bug #933742)
@@ -10638,7 +10663,7 @@ CVE-2019-13166
 CVE-2019-13165
 	RESERVED
 CVE-2019-13164 (qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a network inte ...)
-	{DSA-4512-1 DSA-4506-1}
+	{DSA-4512-1 DSA-4506-1 DLA-1927-1}
 	- qemu 1:4.1-1 (bug #931351)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00245.html
@@ -13374,7 +13399,7 @@ CVE-2019-12157
 CVE-2019-12156
 	RESERVED
 CVE-2019-12155 (interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NUL ...)
-	{DSA-4454-1}
+	{DSA-4454-1 DLA-1927-1}
 	- qemu 1:3.1+dfsg-8 (bug #929353)
 	[buster] - qemu 1:3.1+dfsg-8~deb10u1
 	- qemu-kvm <removed>
@@ -13607,6 +13632,7 @@ CVE-2019-12069
 	RESERVED
 CVE-2019-12068 [scsi: lsi: exit infinite loop while executing script]
 	RESERVED
+	{DLA-1927-1}
 	- qemu <unfixed> (low)
 	[buster] - qemu <postponed> (Minor issue, can be fixed along in future update)
 	[stretch] - qemu <postponed> (Minor issue, can be fixed along in future update)
@@ -16395,28 +16421,28 @@ CVE-2019-11044
 CVE-2019-11043
 	RESERVED
 CVE-2019-11042 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
-	{DLA-1878-1}
+	{DSA-4527-1 DLA-1878-1}
 	- php7.3 7.3.8-1
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in 7.1.31, 7.2.21, 7.3.8
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78256
 CVE-2019-11041 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
-	{DLA-1878-1}
+	{DSA-4527-1 DLA-1878-1}
 	- php7.3 7.3.8-1
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in 7.1.31, 7.2.21, 7.3.8
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78222
 CVE-2019-11040 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
-	{DLA-1813-1}
+	{DSA-4527-1 DLA-1813-1}
 	- php7.3 7.3.6-1
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in 7.1.30, 7.2.19, 7.3.6
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77988
 CVE-2019-11039 (Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.3 ...)
-	{DLA-1813-1}
+	{DSA-4527-1 DLA-1813-1}
 	- php7.3 7.3.6-1
 	- php7.0 <removed>
 	- php5 <removed>
@@ -16439,7 +16465,7 @@ CVE-2019-11037 (In PHP imagick extension in versions between 3.3.0 and 3.4.4, wr
 	NOTE: https://bugs.php.net/bug.php?id=77791
 	NOTE: https://github.com/mkoppanen/imagick/commits/bugfix_77791
 CVE-2019-11036 (When processing certain files, PHP EXIF extension in versions 7.1.x be ...)
-	{DLA-1803-1}
+	{DSA-4527-1 DLA-1803-1}
 	- php7.3 7.3.6-1 (bug #928421)
 	- php7.0 <removed>
 	[stretch] - php7.0 <postponed> (Fix along in future update)
@@ -20965,18 +20991,18 @@ CVE-2019-9721 (A denial of service in the subtitle decoder in FFmpeg 4.1 allows
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc4838dedc3932e65
 	- libav <removed>
 	[jessie] - libav <not-affected> (Vulnerable code not present)
-CVE-2019-9720
-	RESERVED
-CVE-2019-9719
-	RESERVED
+CVE-2019-9720 (A stack-based buffer overflow in the subtitle decoder in Libav 12.3 al ...)
+	TODO: check
+CVE-2019-9719 (A stack-based buffer overflow in the subtitle decoder in Libav 12.3 al ...)
+	TODO: check
 CVE-2019-9718 (In FFmpeg 4.1, a denial of service in the subtitle decoder allows atta ...)
 	{DSA-4449-1}
 	- ffmpeg 7:4.1.3-1 (low; bug #926666)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982
 	- libav <removed>
 	[jessie] - libav <not-affected> (Vulnerable code not present)
-CVE-2019-9717
-	RESERVED
+CVE-2019-9717 (In Libav 12.3, a denial of service in the subtitle decoder allows atta ...)
+	TODO: check
 CVE-2019-9716
 	RESERVED
 CVE-2019-9715
@@ -37601,7 +37627,7 @@ CVE-2018-20337 (There is a stack-based buffer overflow in the parse_makernote fu
 	[stretch] - libraw <no-dsa> (Minor issue)
 	[jessie] - libraw <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/192
-CVE-2018-20336 (An issue was discovered in Asuswrt-Merlin 384.6. There is a stack-base ...)
+CVE-2018-20336 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack ...)
 	TODO: check
 CVE-2018-20335
 	RESERVED
@@ -124829,7 +124855,7 @@ CVE-2017-9377 (A command injection was identified on Barco ClickShare Base Unit
 CVE-2017-9376 (ManageEngine ServiceDesk Plus before 9314 contains a local file inclus ...)
 	NOT-FOR-US: ManageEngine ServiceDesk Plus
 CVE-2017-9375 (QEMU (aka Quick Emulator), when built with USB xHCI controller emulato ...)
-	{DSA-3991-1}
+	{DSA-3991-1 DLA-1927-1}
 	- qemu 1:2.10.0-1 (bug #864219)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (vulnerable code not present)
@@ -165554,7 +165580,7 @@ CVE-2016-5404 (The cert_revoke command in FreeIPA does not check for the "revoke
 	NOTE: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd (master)
 	NOTE: https://fedorahosted.org/freeipa/ticket/6232
 CVE-2016-5403 (The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local  ...)
-	{DLA-574-1 DLA-573-1}
+	{DLA-1927-1 DLA-574-1 DLA-573-1}
 	- qemu 1:2.6+dfsg-3.1 (bug #832619)
 	[jessie] - qemu <no-dsa> (Minor issue; can be fixed in future DSA or point release)
 	- qemu-kvm <removed>
@@ -167234,6 +167260,7 @@ CVE-2015-8882
 CVE-2015-8881
 	RESERVED
 CVE-2016-5126 (Heap-based buffer overflow in the iscsi_aio_ioctl function in block/is ...)
+	{DLA-1927-1}
 	- qemu 1:2.6+dfsg-2 (bug #826151)
 	[jessie] - qemu <no-dsa> (Minor issue, can be fixed along in a future update)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2025d415ef3a4c4ba0453a1e9be73937f5f30ac8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2025d415ef3a4c4ba0453a1e9be73937f5f30ac8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190920/f71035e1/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list