[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Sep 27 09:11:22 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
431ca965 by security tracker role at 2019-09-27T08:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-16919
+	RESERVED
+CVE-2019-16918
+	RESERVED
+CVE-2019-16917
+	RESERVED
 CVE-2019-16916
 	RESERVED
 CVE-2019-16915 (An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/p ...)
@@ -2631,7 +2637,7 @@ CVE-2019-15925 (An issue was discovered in the Linux kernel before 5.2.3. An out
 CVE-2018-21010 (OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_pr ...)
 	- openjpeg2 <unfixed> (bug #939553)
 	NOTE: https://github.com/uclouvain/openjpeg/commit/2e5ab1d9987831c981ff05862e8ccf1381ed58ea
-CVE-2018-21009 (Poppler before 0.76.0 has an integer overflow in Parser::makeStream in ...)
+CVE-2018-21009 (Poppler before 0.66.0 has an integer overflow in Parser::makeStream in ...)
 	- poppler 0.69.0-2
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a
 CVE-2018-21008 (An issue was discovered in the Linux kernel before 4.16.7. A use-after ...)
@@ -2741,8 +2747,8 @@ CVE-2019-15894
 	RESERVED
 CVE-2019-15893
 	RESERVED
-CVE-2019-15891
-	RESERVED
+CVE-2019-15891 (An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3. ...)
+	TODO: check
 CVE-2019-15890 (libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reas ...)
 	{DLA-1927-1}
 	- slirp4netns 0.4.1-1 (bug #939868)
@@ -2821,8 +2827,8 @@ CVE-2019-15892 (An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6
 	NOTE: https://github.com/varnishcache/varnish-cache/commit/ec3997a59a93cbc13a3cba22dfe0b4c4710a8f65
 	NOTE: https://github.com/varnishcache/varnish-cache/commit/af13de03eaa3d04f60ada52ed3235d545b8d3973
 	NOTE: https://github.com/varnishcache/varnish-cache/commit/6da64a47beff44ecdb45c82b033811f2d19819af
-CVE-2019-15862
-	RESERVED
+CVE-2019-15862 (An issue was discovered in CKFinder through 2.6.2.1. Improper checks o ...)
+	TODO: check
 CVE-2019-15861
 	RESERVED
 CVE-2019-15860 (Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2. ...)
@@ -13366,8 +13372,8 @@ CVE-2019-12564 (In DouCo DouPHP v1.5 Release 20190516, remote attackers can view
 	NOT-FOR-US: DouCo DouPHP
 CVE-2019-12563
 	RESERVED
-CVE-2019-12562
-	RESERVED
+CVE-2019-12562 (Cross-site scripting (XSS) is possible in DNN (formerly DotNetNuke) be ...)
+	TODO: check
 CVE-2019-12561
 	RESERVED
 CVE-2019-12560
@@ -16362,7 +16368,7 @@ CVE-2019-11497 (In Couchbase Server 5.0.0, when an invalid Remote Cluster Certif
 	NOT-FOR-US: Couchbase
 CVE-2019-11496 (In versions of Couchbase Server prior to 5.0, the bucket named "defaul ...)
 	NOT-FOR-US: Couchbase
-CVE-2019-11495 (Couchbase Server 5.1.1 generates insufficiently random numbers. The pr ...)
+CVE-2019-11495 (In Couchbase Server 5.1.1, the cookie used for intra-node communicatio ...)
 	NOT-FOR-US: Couchbase
 CVE-2019-11494 (In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-lo ...)
 	- dovecot 1:2.3.4.1-5 (bug #928235)
@@ -16942,10 +16948,10 @@ CVE-2019-11281
 	RESERVED
 CVE-2019-11280 (Pivotal Apps Manager, included in Pivotal Application Service versions ...)
 	NOT-FOR-US: Pivotal
-CVE-2019-11279
-	RESERVED
-CVE-2019-11278
-	RESERVED
+CVE-2019-11279 (CF UAA versions prior to 74.1.0 can request scopes for a client that s ...)
+	TODO: check
+CVE-2019-11278 (CF UAA versions prior to 74.1.0, allow external input to be directly q ...)
+	TODO: check
 CVE-2019-11277 (Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2 ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2019-11276 (Pivotal Apps Manager, included in Pivotal Application Service versions ...)
@@ -17869,7 +17875,7 @@ CVE-2019-10916 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and ea
 	NOT-FOR-US: Siemens
 CVE-2019-10915 (A vulnerability has been identified in TIA Administrator (All versions ...)
 	NOT-FOR-US: Siemens
-CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside Secure T ...)
+CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Insi ...)
 	- matrixssl <removed>
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1785
 	NOTE: https://github.com/matrixssl/matrixssl/issues/26



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/431ca965e8729e67787c4c5526c039e4929ea08f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/431ca965e8729e67787c4c5526c039e4929ea08f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190927/646d79bd/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list