[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Sep 24 09:10:29 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c4bff69a by security tracker role at 2019-09-24T08:10:17Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,38 @@
-CVE-2019-16746 [nl80211: validate beacon head]
+CVE-2019-16745
+ RESERVED
+CVE-2019-16744
+ RESERVED
+CVE-2019-16743
+ RESERVED
+CVE-2019-16742
+ RESERVED
+CVE-2019-16741
+ RESERVED
+CVE-2019-16740
+ RESERVED
+CVE-2019-16739
+ RESERVED
+CVE-2019-16738
+ RESERVED
+CVE-2019-16737
+ RESERVED
+CVE-2019-16736
+ RESERVED
+CVE-2019-16735
+ RESERVED
+CVE-2019-16734
+ RESERVED
+CVE-2019-16733
+ RESERVED
+CVE-2019-16732
+ RESERVED
+CVE-2019-16731
+ RESERVED
+CVE-2019-16730
+ RESERVED
+CVE-2019-16728 (DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (m ...)
+ TODO: check
+CVE-2019-16746 (An issue was discovered in net/wireless/nl80211.c in the Linux kernel ...)
- linux <unfixed>
NOTE: https://marc.info/?l=linux-wireless&m=156901391225058&w=2
CVE-2019-16727
@@ -52,7 +86,7 @@ CVE-2019-16706 (kkcms v1.3 has a CSRF vulnerablity that can add an user account
TODO: check
CVE-2018-21019 (Home Assistant before 0.67.0 was vulnerable to an information disclosu ...)
TODO: check
-CVE-2019-16729 [local root exploit in regard to the default environment variable handling of Python]
+CVE-2019-16729 (pam-python before 1.0.7-1 has an issue in regard to the default enviro ...)
- pam-python 1.0.7-1
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1
NOTE: https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/
@@ -110,7 +144,7 @@ CVE-2019-16682
RESERVED
CVE-2018-21018 (Mastodon before 2.6.3 mishandles timeouts of incompletely established ...)
TODO: check
-CVE-2019-16681 (** DISPUTED ** The Traveloka application 3.14.0 for Android exports co ...)
+CVE-2019-16681 (The Traveloka application 3.14.0 for Android exports com.traveloka.and ...)
TODO: check
CVE-2019-16680 (An issue was discovered in GNOME file-roller before 3.29.91. It allows ...)
- file-roller 3.30.0-1
@@ -528,7 +562,7 @@ CVE-2019-16520
RESERVED
CVE-2019-16519
RESERVED
-CVE-2019-16518 (An issue was discovered on e9:c8:82:d7:31:5a devices that use the Vand ...)
+CVE-2019-16518 (An issue was discovered on Swell Kit Mod devices that use the Vandy Va ...)
TODO: check
CVE-2019-16517
RESERVED
@@ -2100,7 +2134,7 @@ CVE-2019-15927 (An issue was discovered in the Linux kernel before 4.20.2. An ou
[jessie] - linux 3.16.68-1
NOTE: https://git.kernel.org/linus/f4351a199cc120ff9d59e06d02e8657d08e6cc46
CVE-2019-15926 (An issue was discovered in the Linux kernel before 5.2.3. Out of bound ...)
- {DLA-1919-1}
+ {DLA-1930-1 DLA-1919-1}
- linux 5.2.6-1
[buster] - linux 4.19.67-1
[stretch] - linux 4.9.189-1
@@ -2118,6 +2152,7 @@ CVE-2018-21009 (Poppler before 0.76.0 has an integer overflow in Parser::makeStr
- poppler 0.69.0-2
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a
CVE-2018-21008 (An issue was discovered in the Linux kernel before 4.16.7. A use-after ...)
+ {DLA-1930-1}
- linux 4.18.6-1
NOTE: https://git.kernel.org/linus/abd39c6ded9db53aa44c2540092bdd5fb6590fa8
CVE-2017-18595 (An issue was discovered in the Linux kernel before 4.14.11. A double f ...)
@@ -2162,6 +2197,7 @@ CVE-2019-15918 (An issue was discovered in the Linux kernel before 5.0.10. SMB2_
[jessie] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://git.kernel.org/linus/b57a55e2200ede754e4dc9cce4ba9402544b9365
CVE-2019-15917 (An issue was discovered in the Linux kernel before 5.0.5. There is a u ...)
+ {DLA-1930-1}
- linux 4.19.37-1
NOTE: https://git.kernel.org/linus/56897b217a1d0a91c9920cb418d6b3fe922f590a
CVE-2019-15916 (An issue was discovered in the Linux kernel before 5.0.1. There is a m ...)
@@ -2468,7 +2504,7 @@ CVE-2019-15790
CVE-2019-15789
RESERVED
CVE-2019-15807 (In the Linux kernel before 5.1.13, there is a memory leak in drivers/s ...)
- {DLA-1919-1}
+ {DLA-1930-1 DLA-1919-1}
- linux 5.2.6-1
[buster] - linux 4.19.67-1
[stretch] - linux 4.9.184-1
@@ -3980,7 +4016,7 @@ CVE-2019-15241
CVE-2019-15240
RESERVED
CVE-2019-15292 (An issue was discovered in the Linux kernel before 5.0.9. There is a u ...)
- {DLA-1919-1}
+ {DLA-1930-1 DLA-1919-1}
- linux 4.19.37-1
[stretch] - linux 4.9.184-1
CVE-2019-15291 (An issue was discovered in the Linux kernel through 5.2.9. There is a ...)
@@ -4037,25 +4073,25 @@ CVE-2019-15222 (An issue was discovered in the Linux kernel before 5.2.8. There
- linux <not-affected> (Vulnerable code not present in any released version)
NOTE: https://git.kernel.org/linus/5d78e1c2b7f4be00bbe62141603a631dc7812f35
CVE-2019-15221 (An issue was discovered in the Linux kernel before 5.1.17. There is a ...)
- {DLA-1919-1}
+ {DLA-1930-1 DLA-1919-1}
- linux 5.2.6-1
[buster] - linux 4.19.67-1
[stretch] - linux 4.9.185-1
NOTE: https://git.kernel.org/linus/3450121997ce872eb7f1248417225827ea249710
CVE-2019-15220 (An issue was discovered in the Linux kernel before 5.2.1. There is a u ...)
- {DLA-1919-1}
+ {DLA-1930-1 DLA-1919-1}
- linux 5.2.6-1
[buster] - linux 4.19.67-1
[stretch] - linux 4.9.189-1
NOTE: https://git.kernel.org/linus/6e41e2257f1094acc37618bf6c856115374c6922
CVE-2019-15219 (An issue was discovered in the Linux kernel before 5.1.8. There is a N ...)
- {DLA-1919-1}
+ {DLA-1930-1 DLA-1919-1}
- linux 5.2.6-1
[buster] - linux 4.19.67-1
[stretch] - linux 4.9.184-1
NOTE: https://git.kernel.org/linus/9a5729f68d3a82786aea110b1bfe610be318f80a
CVE-2019-15218 (An issue was discovered in the Linux kernel before 5.1.8. There is a N ...)
- {DLA-1919-1}
+ {DLA-1930-1 DLA-1919-1}
- linux 5.2.6-1
[buster] - linux 4.19.67-1
[stretch] - linux 4.9.184-1
@@ -4070,7 +4106,7 @@ CVE-2019-15216 (An issue was discovered in the Linux kernel before 5.0.14. There
[stretch] - linux 4.9.184-1
NOTE: https://git.kernel.org/linus/ef61eb43ada6c1d6b94668f0f514e4c268093ff3
CVE-2019-15215 (An issue was discovered in the Linux kernel before 5.2.6. There is a u ...)
- {DLA-1919-1}
+ {DLA-1930-1 DLA-1919-1}
- linux 5.2.6-1
[buster] - linux 4.19.67-1
[stretch] - linux 4.9.189-1
@@ -4084,13 +4120,13 @@ CVE-2019-15213 (An issue was discovered in the Linux kernel before 5.2.3. There
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
CVE-2019-15212 (An issue was discovered in the Linux kernel before 5.1.8. There is a d ...)
- {DLA-1919-1}
+ {DLA-1930-1 DLA-1919-1}
- linux 5.2.6-1
[buster] - linux 4.19.67-1
[stretch] - linux 4.9.184-1
NOTE: https://git.kernel.org/linus/3864d33943b4a76c6e64616280e98d2410b1190f
CVE-2019-15211 (An issue was discovered in the Linux kernel before 5.2.6. There is a u ...)
- {DLA-1919-1}
+ {DLA-1930-1 DLA-1919-1}
- linux 5.2.6-1
[buster] - linux 4.19.67-1
[stretch] - linux 4.9.189-1
@@ -4306,6 +4342,7 @@ CVE-2019-15150 (In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF
CVE-2019-15149 (** DISPUTED ** core.py in Mitogen before 0.2.8 has a typo that drops t ...)
NOT-FOR-US: Mitogen
CVE-2018-20976 (An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel befo ...)
+ {DLA-1930-1}
- linux 4.18.6-1
NOTE: https://git.kernel.org/linus/c9fbd7bbc23dbdd73364be4d045e5d3612cf6e82
CVE-2017-18552 (An issue was discovered in net/rds/af_rds.c in the Linux kernel before ...)
@@ -4336,6 +4373,7 @@ CVE-2016-10906 (An issue was discovered in drivers/net/ethernet/arc/emac_main.c
- linux 4.5.1-1
NOTE: https://git.kernel.org/linus/c278c253f3d992c6994d08aa0efb2b6806ca396f
CVE-2016-10905 (An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4 ...)
+ {DLA-1930-1}
- linux 4.8.5-1
NOTE: https://git.kernel.org/linus/36e4ad0316c017d5b271378ed9a1c9a4b77fab5f
CVE-2019-15148 (GoPro GPMF-parser 1.2.2 has an out-of-bounds write in OpenMP4Source in ...)
@@ -4426,9 +4464,11 @@ CVE-2019-15120 (The Kunena extension before 5.1.14 for Joomla! allows XSS via BB
CVE-2019-15119 (lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permission ...)
NOT-FOR-US: cnlh nps
CVE-2019-15118 (check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2. ...)
+ {DLA-1930-1}
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/19bce474c45be69a284ecee660aa12d8f1e88f18
CVE-2019-15117 (parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel throug ...)
+ {DLA-1930-1}
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/daac07156b330b18eb5071aec4b3ddca1c377f2c
CVE-2019-15116 (The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS ...)
@@ -5359,6 +5399,7 @@ CVE-2019-14837
CVE-2019-14836
RESERVED
CVE-2019-14835 (A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in ...)
+ {DLA-1930-1}
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/09/17/1
NOTE: https://git.kernel.org/linus/060423bfdee3f8bc6e2c1bac97de24d5415e2bc4
@@ -5401,6 +5442,7 @@ CVE-2019-14822 [missing authorization flaw]
NOTE: https://launchpad.net/bugs/1844853
NOTE: https://github.com/ibus/ibus/issues/2137
CVE-2019-14821 (An out-of-bounds access issue was found in the Linux kernel, all versi ...)
+ {DLA-1930-1}
- linux <unfixed>
NOTE: https://git.kernel.org/linus/b60fe990c6b07ef6d4df67bc0530c7c90a62623a
CVE-2019-14820
@@ -5420,12 +5462,15 @@ CVE-2019-14817 (A flaw was found in, ghostscript versions prior to 9.28, in the
NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
NOTE: which changed the access to file permissions.
CVE-2019-14816 (There is heap-based buffer overflow in kernel, all versions up to, exc ...)
+ {DLA-1930-1}
- linux <unfixed>
CVE-2019-14815
RESERVED
+ {DLA-1930-1}
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerability introduced later)
CVE-2019-14814 (There is heap-based buffer overflow in Linux kernel, all versions up t ...)
+ {DLA-1930-1}
- linux <unfixed>
CVE-2019-14813 (A flaw was found in ghostscript, versions 9.x before 9.28, in the sets ...)
{DSA-4518-1 DLA-1915-1}
@@ -17742,10 +17787,10 @@ CVE-2019-10757
RESERVED
CVE-2019-10756
RESERVED
-CVE-2019-10755
- RESERVED
-CVE-2019-10754
- RESERVED
+CVE-2019-10755 (The SAML identifier generated within SAML2Utils.java was found to make ...)
+ TODO: check
+CVE-2019-10754 (Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes ...)
+ TODO: check
CVE-2019-10753 (In all versions prior to version 3.9.6 for eclipse-wtp, all versions p ...)
TODO: check
CVE-2019-10752
@@ -22218,7 +22263,7 @@ CVE-2019-9508
CVE-2019-9507
RESERVED
CVE-2019-9506 (The Bluetooth BR/EDR specification up to and including version 5.1 per ...)
- {DLA-1919-1}
+ {DLA-1930-1 DLA-1919-1}
- linux 5.2.6-1
[buster] - linux 4.19.67-1
[stretch] - linux 4.9.185-1
@@ -44763,8 +44808,8 @@ CVE-2019-1369
RESERVED
CVE-2019-1368
RESERVED
-CVE-2019-1367
- RESERVED
+CVE-2019-1367 (A remote code execution vulnerability exists in the way that the scrip ...)
+ TODO: check
CVE-2019-1366
RESERVED
CVE-2019-1365
@@ -44987,8 +45032,8 @@ CVE-2019-1257 (A remote code execution vulnerability exists in Microsoft SharePo
NOT-FOR-US: Microsoft
CVE-2019-1256 (An elevation of privilege vulnerability exists in Windows when the Win ...)
NOT-FOR-US: Microsoft
-CVE-2019-1255
- RESERVED
+CVE-2019-1255 (A denial of service vulnerability exists when Microsoft Defender impro ...)
+ TODO: check
CVE-2019-1254 (An information disclosure vulnerability exists when Windows Hyper-V wr ...)
NOT-FOR-US: Microsoft
CVE-2019-1253 (An elevation of privilege vulnerability exists when the Windows AppX D ...)
@@ -48264,7 +48309,7 @@ CVE-2019-0138 (Improper directory permissions in Intel(R) ACU Wizard version 12.
CVE-2019-0137
RESERVED
CVE-2019-0136 (Insufficient access control in the Intel(R) PROSet/Wireless WiFi Softw ...)
- {DLA-1919-1}
+ {DLA-1930-1 DLA-1919-1}
- linux 5.2.6-1
[buster] - linux 4.19.67-1
[stretch] - linux 4.9.185-1
@@ -108707,7 +108752,7 @@ CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in I
NOTE: https://github.com/ImageMagick/ImageMagick/issues/781
NOTE: https://github.com/ImageMagick/ImageMagick/commit/97740ccc177ee264e79091fa573d994eb6b05628
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/28bad01242898d7f863deedbfa8502c348293093
-CVE-2017-14988 (Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remot ...)
+CVE-2017-14988 (** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2 ...)
- openexr <unfixed> (bug #878551; unimportant)
NOTE: https://github.com/openexr/openexr/issues/248
NOTE: Issue in the use of openexr via ImageMagick, no real security impact
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4bff69af243752cca5019a06ba844308b1335d7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4bff69af243752cca5019a06ba844308b1335d7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190924/457bc217/attachment.html>
More information about the debian-security-tracker-commits
mailing list