[Git][security-tracker-team/security-tracker][master] automatic update

Sat Sep 28 21:10:42 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4a75f1f8 by security tracker role at 2019-09-28T20:10:22Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2019-16941 (NSA Ghidra through 9.0.4, when experimental mode is enabled, allows ar ...)
+	TODO: check
+CVE-2019-16940
+	RESERVED
+CVE-2019-16939
+	RESERVED
+CVE-2019-16938
+	RESERVED
+CVE-2019-16937
+	RESERVED
+CVE-2019-16936
+	RESERVED
 CVE-2019-16935 (The documentation XML-RPC server in Python through 2.7.16, 3.x through ...)
 	- python3.8 <unfixed>
 	- python3.7 <unfixed>
@@ -661,6 +673,7 @@ CVE-2018-21018 (Mastodon before 2.6.3 mishandles timeouts of incompletely establ
 CVE-2019-16681 (The Traveloka application 3.14.0 for Android exports com.traveloka.and ...)
 	NOT-FOR-US: Traveloka
 CVE-2019-16680 (An issue was discovered in GNOME file-roller before 3.29.91. It allows ...)
+	{DSA-4537-1}
 	- file-roller 3.30.0-1
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=794337
 	NOTE: https://gitlab.gnome.org/GNOME/file-roller/commit/57268e51e59b61c9e3125eb0f65551c7084297e2
@@ -21156,6 +21169,7 @@ CVE-2019-1010176 (JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is
 CVE-2019-1010175
 	RESERVED
 CVE-2019-1010174 (CImg The CImg Library v.2.3.3 and earlier is affected by: command inje ...)
+	{DLA-1934-1}
 	- cimg 2.3.6+dfsg-1
 	NOTE: https://framagit.org/dtschump/CImg/commit/5ce7a426b77f814973e56182a0e76a2b04904146 (v.2.3.4)
 CVE-2019-1010173 (Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is ...)
@@ -34027,7 +34041,7 @@ CVE-2019-5096
 CVE-2019-5095
 	RESERVED
 CVE-2019-5094 (An exploitable code execution vulnerability exists in the quota file f ...)
-	{DSA-4535-1}
+	{DSA-4535-1 DLA-1935-1}
 	- e2fsprogs 1.45.4-1 (bug #941139)
 	NOTE: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=8dbe7b475ec5e91ed767239f0e85880f416fc384
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887
@@ -79787,30 +79801,35 @@ CVE-2018-7642 (The swap_std_reloc_in function in aoutx.h in the Binary File Desc
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22887
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=116acb2c268c89c89186673a7c92620d21825b25
 CVE-2018-7641 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
+	{DLA-1934-1}
 	- cimg 2.3.6+dfsg-1 (low; bug #892780)
 	[stretch] - cimg <no-dsa> (Minor issue)
 	[wheezy] - cimg <no-dsa> (Minor issue)
 	NOTE: https://github.com/dtschump/CImg/issues/185
 	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
 CVE-2018-7640 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
+	{DLA-1934-1}
 	- cimg 2.3.6+dfsg-1 (low; bug #892780)
 	[stretch] - cimg <no-dsa> (Minor issue)
 	[wheezy] - cimg <no-dsa> (Minor issue)
 	NOTE: https://github.com/dtschump/CImg/issues/185
 	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
 CVE-2018-7639 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
+	{DLA-1934-1}
 	- cimg 2.3.6+dfsg-1 (low; bug #892780)
 	[stretch] - cimg <no-dsa> (Minor issue)
 	[wheezy] - cimg <no-dsa> (Minor issue)
 	NOTE: https://github.com/dtschump/CImg/issues/185
 	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
 CVE-2018-7638 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
+	{DLA-1934-1}
 	- cimg 2.3.6+dfsg-1 (low; bug #892780)
 	[stretch] - cimg <no-dsa> (Minor issue)
 	[wheezy] - cimg <no-dsa> (Minor issue)
 	NOTE: https://github.com/dtschump/CImg/issues/185
 	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
 CVE-2018-7637 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
+	{DLA-1934-1}
 	- cimg 2.3.6+dfsg-1 (low; bug #892780)
 	[stretch] - cimg <no-dsa> (Minor issue)
 	[wheezy] - cimg <no-dsa> (Minor issue)
@@ -79913,12 +79932,14 @@ CVE-2018-7591
 CVE-2018-7590 (CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in acco ...)
 	NOT-FOR-US: Hoosk
 CVE-2018-7589 (An issue was discovered in CImg v.220. A double free in load_bmp in CI ...)
+	{DLA-1934-1}
 	- cimg 2.3.6+dfsg-1 (low; bug #892780)
 	[stretch] - cimg <no-dsa> (Minor issue)
 	[wheezy] - cimg <no-dsa> (Minor issue)
 	NOTE: https://github.com/dtschump/CImg/issues/184
 	NOTE: https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4
 CVE-2018-7588 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
+	{DLA-1934-1}
 	- cimg 2.3.6+dfsg-1 (low; bug #892780)
 	[stretch] - cimg <no-dsa> (Minor issue)
 	[wheezy] - cimg <no-dsa> (Minor issue)
@@ -89856,6 +89877,7 @@ CVE-2018-4301
 	RESERVED
 	NOT-FOR-US: Apple
 CVE-2018-4300 (The session cookie generated by the CUPS web interface was easy to gue ...)
+	{DLA-1936-1}
 	- cups 2.2.10-1 (bug #915909)
 	[stretch] - cups 2.2.1-8+deb9u3
 	NOTE: https://github.com/apple/cups/commit/feb4c62b211bfbd78dc10d737d873439ccdfa58c (2.2.10)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4a75f1f8fa2a40a69e3fbe7566d6dd338d8b748a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4a75f1f8fa2a40a69e3fbe7566d6dd338d8b748a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190928/20c7ae2b/attachment.html>
