[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Jan 22 08:10:26 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
53ea6f13 by security tracker role at 2020-01-22T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,673 @@
+CVE-2020-7802
+	RESERVED
+CVE-2020-7801
+	RESERVED
+CVE-2020-7800
+	RESERVED
+CVE-2020-7799
+	RESERVED
+CVE-2020-7798
+	RESERVED
+CVE-2020-7797
+	RESERVED
+CVE-2020-7796
+	RESERVED
+CVE-2020-7795
+	RESERVED
+CVE-2020-7794
+	RESERVED
+CVE-2020-7793
+	RESERVED
+CVE-2020-7792
+	RESERVED
+CVE-2020-7791
+	RESERVED
+CVE-2020-7790
+	RESERVED
+CVE-2020-7789
+	RESERVED
+CVE-2020-7788
+	RESERVED
+CVE-2020-7787
+	RESERVED
+CVE-2020-7786
+	RESERVED
+CVE-2020-7785
+	RESERVED
+CVE-2020-7784
+	RESERVED
+CVE-2020-7783
+	RESERVED
+CVE-2020-7782
+	RESERVED
+CVE-2020-7781
+	RESERVED
+CVE-2020-7780
+	RESERVED
+CVE-2020-7779
+	RESERVED
+CVE-2020-7778
+	RESERVED
+CVE-2020-7777
+	RESERVED
+CVE-2020-7776
+	RESERVED
+CVE-2020-7775
+	RESERVED
+CVE-2020-7774
+	RESERVED
+CVE-2020-7773
+	RESERVED
+CVE-2020-7772
+	RESERVED
+CVE-2020-7771
+	RESERVED
+CVE-2020-7770
+	RESERVED
+CVE-2020-7769
+	RESERVED
+CVE-2020-7768
+	RESERVED
+CVE-2020-7767
+	RESERVED
+CVE-2020-7766
+	RESERVED
+CVE-2020-7765
+	RESERVED
+CVE-2020-7764
+	RESERVED
+CVE-2020-7763
+	RESERVED
+CVE-2020-7762
+	RESERVED
+CVE-2020-7761
+	RESERVED
+CVE-2020-7760
+	RESERVED
+CVE-2020-7759
+	RESERVED
+CVE-2020-7758
+	RESERVED
+CVE-2020-7757
+	RESERVED
+CVE-2020-7756
+	RESERVED
+CVE-2020-7755
+	RESERVED
+CVE-2020-7754
+	RESERVED
+CVE-2020-7753
+	RESERVED
+CVE-2020-7752
+	RESERVED
+CVE-2020-7751
+	RESERVED
+CVE-2020-7750
+	RESERVED
+CVE-2020-7749
+	RESERVED
+CVE-2020-7748
+	RESERVED
+CVE-2020-7747
+	RESERVED
+CVE-2020-7746
+	RESERVED
+CVE-2020-7745
+	RESERVED
+CVE-2020-7744
+	RESERVED
+CVE-2020-7743
+	RESERVED
+CVE-2020-7742
+	RESERVED
+CVE-2020-7741
+	RESERVED
+CVE-2020-7740
+	RESERVED
+CVE-2020-7739
+	RESERVED
+CVE-2020-7738
+	RESERVED
+CVE-2020-7737
+	RESERVED
+CVE-2020-7736
+	RESERVED
+CVE-2020-7735
+	RESERVED
+CVE-2020-7734
+	RESERVED
+CVE-2020-7733
+	RESERVED
+CVE-2020-7732
+	RESERVED
+CVE-2020-7731
+	RESERVED
+CVE-2020-7730
+	RESERVED
+CVE-2020-7729
+	RESERVED
+CVE-2020-7728
+	RESERVED
+CVE-2020-7727
+	RESERVED
+CVE-2020-7726
+	RESERVED
+CVE-2020-7725
+	RESERVED
+CVE-2020-7724
+	RESERVED
+CVE-2020-7723
+	RESERVED
+CVE-2020-7722
+	RESERVED
+CVE-2020-7721
+	RESERVED
+CVE-2020-7720
+	RESERVED
+CVE-2020-7719
+	RESERVED
+CVE-2020-7718
+	RESERVED
+CVE-2020-7717
+	RESERVED
+CVE-2020-7716
+	RESERVED
+CVE-2020-7715
+	RESERVED
+CVE-2020-7714
+	RESERVED
+CVE-2020-7713
+	RESERVED
+CVE-2020-7712
+	RESERVED
+CVE-2020-7711
+	RESERVED
+CVE-2020-7710
+	RESERVED
+CVE-2020-7709
+	RESERVED
+CVE-2020-7708
+	RESERVED
+CVE-2020-7707
+	RESERVED
+CVE-2020-7706
+	RESERVED
+CVE-2020-7705
+	RESERVED
+CVE-2020-7704
+	RESERVED
+CVE-2020-7703
+	RESERVED
+CVE-2020-7702
+	RESERVED
+CVE-2020-7701
+	RESERVED
+CVE-2020-7700
+	RESERVED
+CVE-2020-7699
+	RESERVED
+CVE-2020-7698
+	RESERVED
+CVE-2020-7697
+	RESERVED
+CVE-2020-7696
+	RESERVED
+CVE-2020-7695
+	RESERVED
+CVE-2020-7694
+	RESERVED
+CVE-2020-7693
+	RESERVED
+CVE-2020-7692
+	RESERVED
+CVE-2020-7691
+	RESERVED
+CVE-2020-7690
+	RESERVED
+CVE-2020-7689
+	RESERVED
+CVE-2020-7688
+	RESERVED
+CVE-2020-7687
+	RESERVED
+CVE-2020-7686
+	RESERVED
+CVE-2020-7685
+	RESERVED
+CVE-2020-7684
+	RESERVED
+CVE-2020-7683
+	RESERVED
+CVE-2020-7682
+	RESERVED
+CVE-2020-7681
+	RESERVED
+CVE-2020-7680
+	RESERVED
+CVE-2020-7679
+	RESERVED
+CVE-2020-7678
+	RESERVED
+CVE-2020-7677
+	RESERVED
+CVE-2020-7676
+	RESERVED
+CVE-2020-7675
+	RESERVED
+CVE-2020-7674
+	RESERVED
+CVE-2020-7673
+	RESERVED
+CVE-2020-7672
+	RESERVED
+CVE-2020-7671
+	RESERVED
+CVE-2020-7670
+	RESERVED
+CVE-2020-7669
+	RESERVED
+CVE-2020-7668
+	RESERVED
+CVE-2020-7667
+	RESERVED
+CVE-2020-7666
+	RESERVED
+CVE-2020-7665
+	RESERVED
+CVE-2020-7664
+	RESERVED
+CVE-2020-7663
+	RESERVED
+CVE-2020-7662
+	RESERVED
+CVE-2020-7661
+	RESERVED
+CVE-2020-7660
+	RESERVED
+CVE-2020-7659
+	RESERVED
+CVE-2020-7658
+	RESERVED
+CVE-2020-7657
+	RESERVED
+CVE-2020-7656
+	RESERVED
+CVE-2020-7655
+	RESERVED
+CVE-2020-7654
+	RESERVED
+CVE-2020-7653
+	RESERVED
+CVE-2020-7652
+	RESERVED
+CVE-2020-7651
+	RESERVED
+CVE-2020-7650
+	RESERVED
+CVE-2020-7649
+	RESERVED
+CVE-2020-7648
+	RESERVED
+CVE-2020-7647
+	RESERVED
+CVE-2020-7646
+	RESERVED
+CVE-2020-7645
+	RESERVED
+CVE-2020-7644
+	RESERVED
+CVE-2020-7643
+	RESERVED
+CVE-2020-7642
+	RESERVED
+CVE-2020-7641
+	RESERVED
+CVE-2020-7640
+	RESERVED
+CVE-2020-7639
+	RESERVED
+CVE-2020-7638
+	RESERVED
+CVE-2020-7637
+	RESERVED
+CVE-2020-7636
+	RESERVED
+CVE-2020-7635
+	RESERVED
+CVE-2020-7634
+	RESERVED
+CVE-2020-7633
+	RESERVED
+CVE-2020-7632
+	RESERVED
+CVE-2020-7631
+	RESERVED
+CVE-2020-7630
+	RESERVED
+CVE-2020-7629
+	RESERVED
+CVE-2020-7628
+	RESERVED
+CVE-2020-7627
+	RESERVED
+CVE-2020-7626
+	RESERVED
+CVE-2020-7625
+	RESERVED
+CVE-2020-7624
+	RESERVED
+CVE-2020-7623
+	RESERVED
+CVE-2020-7622
+	RESERVED
+CVE-2020-7621
+	RESERVED
+CVE-2020-7620
+	RESERVED
+CVE-2020-7619
+	RESERVED
+CVE-2020-7618
+	RESERVED
+CVE-2020-7617
+	RESERVED
+CVE-2020-7616
+	RESERVED
+CVE-2020-7615
+	RESERVED
+CVE-2020-7614
+	RESERVED
+CVE-2020-7613
+	RESERVED
+CVE-2020-7612
+	RESERVED
+CVE-2020-7611
+	RESERVED
+CVE-2020-7610
+	RESERVED
+CVE-2020-7609
+	RESERVED
+CVE-2020-7608
+	RESERVED
+CVE-2020-7607
+	RESERVED
+CVE-2020-7606
+	RESERVED
+CVE-2020-7605
+	RESERVED
+CVE-2020-7604
+	RESERVED
+CVE-2020-7603
+	RESERVED
+CVE-2020-7602
+	RESERVED
+CVE-2020-7601
+	RESERVED
+CVE-2020-7600
+	RESERVED
+CVE-2020-7599
+	RESERVED
+CVE-2020-7598
+	RESERVED
+CVE-2020-7597
+	RESERVED
+CVE-2020-7596
+	RESERVED
+CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...)
+	TODO: check
+CVE-2020-7594 (MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remo ...)
+	TODO: check
+CVE-2020-7593
+	RESERVED
+CVE-2020-7592
+	RESERVED
+CVE-2020-7591
+	RESERVED
+CVE-2020-7590
+	RESERVED
+CVE-2020-7589
+	RESERVED
+CVE-2020-7588
+	RESERVED
+CVE-2020-7587
+	RESERVED
+CVE-2020-7586
+	RESERVED
+CVE-2020-7585
+	RESERVED
+CVE-2020-7584
+	RESERVED
+CVE-2020-7583
+	RESERVED
+CVE-2020-7582
+	RESERVED
+CVE-2020-7581
+	RESERVED
+CVE-2020-7580
+	RESERVED
+CVE-2020-7579
+	RESERVED
+CVE-2020-7578
+	RESERVED
+CVE-2020-7577
+	RESERVED
+CVE-2020-7576
+	RESERVED
+CVE-2020-7575
+	RESERVED
+CVE-2020-7574
+	RESERVED
+CVE-2020-7573
+	RESERVED
+CVE-2020-7572
+	RESERVED
+CVE-2020-7571
+	RESERVED
+CVE-2020-7570
+	RESERVED
+CVE-2020-7569
+	RESERVED
+CVE-2020-7568
+	RESERVED
+CVE-2020-7567
+	RESERVED
+CVE-2020-7566
+	RESERVED
+CVE-2020-7565
+	RESERVED
+CVE-2020-7564
+	RESERVED
+CVE-2020-7563
+	RESERVED
+CVE-2020-7562
+	RESERVED
+CVE-2020-7561
+	RESERVED
+CVE-2020-7560
+	RESERVED
+CVE-2020-7559
+	RESERVED
+CVE-2020-7558
+	RESERVED
+CVE-2020-7557
+	RESERVED
+CVE-2020-7556
+	RESERVED
+CVE-2020-7555
+	RESERVED
+CVE-2020-7554
+	RESERVED
+CVE-2020-7553
+	RESERVED
+CVE-2020-7552
+	RESERVED
+CVE-2020-7551
+	RESERVED
+CVE-2020-7550
+	RESERVED
+CVE-2020-7549
+	RESERVED
+CVE-2020-7548
+	RESERVED
+CVE-2020-7547
+	RESERVED
+CVE-2020-7546
+	RESERVED
+CVE-2020-7545
+	RESERVED
+CVE-2020-7544
+	RESERVED
+CVE-2020-7543
+	RESERVED
+CVE-2020-7542
+	RESERVED
+CVE-2020-7541
+	RESERVED
+CVE-2020-7540
+	RESERVED
+CVE-2020-7539
+	RESERVED
+CVE-2020-7538
+	RESERVED
+CVE-2020-7537
+	RESERVED
+CVE-2020-7536
+	RESERVED
+CVE-2020-7535
+	RESERVED
+CVE-2020-7534
+	RESERVED
+CVE-2020-7533
+	RESERVED
+CVE-2020-7532
+	RESERVED
+CVE-2020-7531
+	RESERVED
+CVE-2020-7530
+	RESERVED
+CVE-2020-7529
+	RESERVED
+CVE-2020-7528
+	RESERVED
+CVE-2020-7527
+	RESERVED
+CVE-2020-7526
+	RESERVED
+CVE-2020-7525
+	RESERVED
+CVE-2020-7524
+	RESERVED
+CVE-2020-7523
+	RESERVED
+CVE-2020-7522
+	RESERVED
+CVE-2020-7521
+	RESERVED
+CVE-2020-7520
+	RESERVED
+CVE-2020-7519
+	RESERVED
+CVE-2020-7518
+	RESERVED
+CVE-2020-7517
+	RESERVED
+CVE-2020-7516
+	RESERVED
+CVE-2020-7515
+	RESERVED
+CVE-2020-7514
+	RESERVED
+CVE-2020-7513
+	RESERVED
+CVE-2020-7512
+	RESERVED
+CVE-2020-7511
+	RESERVED
+CVE-2020-7510
+	RESERVED
+CVE-2020-7509
+	RESERVED
+CVE-2020-7508
+	RESERVED
+CVE-2020-7507
+	RESERVED
+CVE-2020-7506
+	RESERVED
+CVE-2020-7505
+	RESERVED
+CVE-2020-7504
+	RESERVED
+CVE-2020-7503
+	RESERVED
+CVE-2020-7502
+	RESERVED
+CVE-2020-7501
+	RESERVED
+CVE-2020-7500
+	RESERVED
+CVE-2020-7499
+	RESERVED
+CVE-2020-7498
+	RESERVED
+CVE-2020-7497
+	RESERVED
+CVE-2020-7496
+	RESERVED
+CVE-2020-7495
+	RESERVED
+CVE-2020-7494
+	RESERVED
+CVE-2020-7493
+	RESERVED
+CVE-2020-7492
+	RESERVED
+CVE-2020-7491
+	RESERVED
+CVE-2020-7490
+	RESERVED
+CVE-2020-7489
+	RESERVED
+CVE-2020-7488
+	RESERVED
+CVE-2020-7487
+	RESERVED
+CVE-2020-7486
+	RESERVED
+CVE-2020-7485
+	RESERVED
+CVE-2020-7484
+	RESERVED
+CVE-2020-7483
+	RESERVED
+CVE-2020-7482
+	RESERVED
+CVE-2020-7481
+	RESERVED
+CVE-2020-7480
+	RESERVED
+CVE-2020-7479
+	RESERVED
+CVE-2020-7478
+	RESERVED
+CVE-2020-7477
+	RESERVED
+CVE-2020-7476
+	RESERVED
+CVE-2020-7475
+	RESERVED
+CVE-2020-7474
+	RESERVED
+CVE-2020-7473
+	RESERVED
+CVE-2020-7472
+	RESERVED
+CVE-2019-20390
+	RESERVED
+CVE-2019-20389
+	RESERVED
+CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaV ...)
+	TODO: check
+CVE-2019-20387 (repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-ba ...)
+	TODO: check
 CVE-2020-7471
 	RESERVED
 CVE-2020-7470 (Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the  ...)
@@ -905,8 +1575,7 @@ CVE-2020-7042
 	RESERVED
 CVE-2020-7041
 	RESERVED
-CVE-2020-7040 [storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock]
-	RESERVED
+CVE-2020-7040 (storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBack ...)
 	- storebackup <unfixed> (bug #949393)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1156767
 	NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/3
@@ -1772,8 +2441,8 @@ CVE-2020-6640
 	RESERVED
 CVE-2020-6639
 	RESERVED
-CVE-2020-6638
-	RESERVED
+CVE-2020-6638 (Grin through 2.1.1 has Insufficient Validation. ...)
+	TODO: check
 CVE-2020-6637
 	RESERVED
 CVE-2020-6636
@@ -4177,7 +4846,7 @@ CVE-2020-5500
 CVE-2020-5499 (Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non ...)
 	NOT-FOR-US: Baidu Rust SGX SDK
 CVE-2020-5498
-	RESERVED
+	REJECTED
 CVE-2020-5497 (The OpenID Connect reference implementation for MITREid Connect throug ...)
 	NOT-FOR-US: MITREid Connect
 CVE-2020-5496 (FontForge 20190801 has a heap-based buffer overflow in the Type2NotDef ...)
@@ -8702,8 +9371,7 @@ CVE-2019-19888 (jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a divide-
 	NOT-FOR-US: ffjpeg
 CVE-2019-19887 (bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointe ...)
 	NOT-FOR-US: ffjpeg
-CVE-2019-19886
-	RESERVED
+CVE-2019-19886 (Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send c ...)
 	- modsecurity 3.0.4-1
 	[buster] - modsecurity <no-dsa> (Minor issue)
 	NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2202
@@ -10540,7 +11208,7 @@ CVE-2019-19742 (On D-Link DIR-615 devices, the User Account Configuration page i
 	NOT-FOR-US: D-Link
 CVE-2019-19741
 	RESERVED
-CVE-2019-19740 (Octeth Oempro 4.7 allows SQL injection. The parameter CampaignID in Ca ...)
+CVE-2019-19740 (Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignI ...)
 	NOT-FOR-US: Octeth Oempro
 CVE-2019-19739 (MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag o ...)
 	NOT-FOR-US: MFScripts YetiShare
@@ -11994,7 +12662,7 @@ CVE-2019-19683 (RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable t
 	NOT-FOR-US: RoxyFileman in nopCommerce
 CVE-2019-19682 (nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the co ...)
 	NOT-FOR-US: nopCommerce
-CVE-2019-19681 (Pandora FMS 7.x suffers from remote code execution vulnerability. With ...)
+CVE-2019-19681 (** DISPUTED ** Pandora FMS 7.x suffers from remote code execution vuln ...)
 	NOT-FOR-US: Pandora FMS
 CVE-2019-19680 (A file-extension filtering vulnerability in Proofpoint Enterprise Prot ...)
 	NOT-FOR-US: ProofPoint Protection Server Email Firewall
@@ -13357,6 +14025,7 @@ CVE-2019-19557
 CVE-2019-19556
 	RESERVED
 CVE-2019-19555 (read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buf ...)
+	{DLA-2073-1}
 	- fig2dev 1:3.2.7b-2 (unimportant; bug #946176)
 	- transfig <removed> (unimportant)
 	NOTE: https://sourceforge.net/p/mcj/tickets/55/
@@ -13934,7 +14603,7 @@ CVE-2020-1812
 	RESERVED
 CVE-2020-1811
 	RESERVED
-CVE-2020-1810 (Huawei products CloudEngine 12800;S5700;S6700 have a weak algorithm vu ...)
+CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei products. The a ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1809
 	RESERVED
@@ -13978,8 +14647,8 @@ CVE-2020-1790
 	RESERVED
 CVE-2020-1789
 	RESERVED
-CVE-2020-1788
-	RESERVED
+CVE-2020-1788 (Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P ...)
+	TODO: check
 CVE-2020-1787 (HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1 ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1786 (HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69 ...)
@@ -14099,10 +14768,10 @@ CVE-2019-19416
 	RESERVED
 CVE-2019-19415
 	RESERVED
-CVE-2019-19414
-	RESERVED
-CVE-2019-19413
-	RESERVED
+CVE-2019-19414 (There is an integer overflow vulnerability in LDAP server of some Huaw ...)
+	TODO: check
+CVE-2019-19413 (There is an integer overflow vulnerability in LDAP client of some Huaw ...)
+	TODO: check
 CVE-2019-19412
 	RESERVED
 CVE-2019-19411 (USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R00 ...)
@@ -19187,8 +19856,8 @@ CVE-2019-18428
 	RESERVED
 CVE-2019-18427
 	RESERVED
-CVE-2019-18426
-	RESERVED
+CVE-2019-18426 (A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when pa ...)
+	TODO: check
 CVE-2019-18425 (An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest ...)
 	{DSA-4602-1}
 	- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
@@ -22053,8 +22722,8 @@ CVE-2019-17586
 	RESERVED
 CVE-2019-17585
 	RESERVED
-CVE-2019-17584
-	RESERVED
+CVE-2019-17584 (The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which all ...)
+	TODO: check
 CVE-2019-17583 (idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of se ...)
 	NOT-FOR-US: idreamsoft iCMS
 CVE-2019-17582
@@ -22239,7 +22908,7 @@ CVE-2019-17547 (In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16537
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ecf7c6b288e11e7e7f75387c5e9e93e423b98397
 CVE-2019-17546 (tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0. ...)
-	{DLA-2009-1}
+	{DSA-4608-1 DLA-2009-1}
 	- gdal <unfixed> (unimportant)
 	- tiff 4.0.10+git190818-1
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443
@@ -24316,8 +24985,8 @@ CVE-2019-16793
 	RESERVED
 CVE-2019-16792
 	RESERVED
-CVE-2019-16791
-	RESERVED
+CVE-2019-16791 (In postfix-mta-sts-resolver before 0.5.1, All users can receive incorr ...)
+	TODO: check
 CVE-2019-16790 (In Tiny File Manager before 2.3.9, there is a remote code execution vi ...)
 	NOT-FOR-US: Tiny File Manager
 CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used in front  ...)
@@ -29743,7 +30412,7 @@ CVE-2019-14975 (Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in
 CVE-2019-14974 (SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.h ...)
 	NOT-FOR-US: SugarCRM
 CVE-2019-14973 (_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through ...)
-	{DLA-1897-1}
+	{DSA-4608-1 DLA-1897-1}
 	- tiff 4.0.10+git190814-1 (low; bug #934780)
 	[stretch] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed>
@@ -32589,6 +33258,7 @@ CVE-2019-14277 (** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x thr
 CVE-2019-14276 (WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. ...)
 	NOT-FOR-US: WUSTL XNAT
 CVE-2019-14275 (Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arro ...)
+	{DLA-2073-1}
 	- fig2dev 1:3.2.7a-7 (unimportant; bug #933075)
 	[buster] - fig2dev 1:3.2.7a-5+deb10u1
 	[stretch] - fig2dev 1:3.2.6a-2+deb9u2
@@ -38223,8 +38893,8 @@ CVE-2019-12492 (Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961
 	NOT-FOR-US: Gallagher Command Centre
 CVE-2019-12491 (OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to r ...)
 	NOT-FOR-US: OnApp
-CVE-2019-12490
-	RESERVED
+CVE-2019-12490 (An issue was discovered in Simple Machines Forum (SMF) before 2.0.16.  ...)
+	TODO: check
 CVE-2019-12489 (An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Aske ...)
 	NOT-FOR-US: Fastweb Askey RTV1907VW devices
 CVE-2019-12488
@@ -77789,8 +78459,8 @@ CVE-2018-17984 (An unanchored /[a-z]{2}/ regular expression in ISPConfig before
 	NOT-FOR-US: ISPConfig
 CVE-2018-17982
 	RESERVED
-CVE-2018-17981
-	RESERVED
+CVE-2018-17981 (Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via the int ...)
+	TODO: check
 CVE-2018-17980 (NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain  ...)
 	NOT-FOR-US: NoMachine
 CVE-2015-9273 (The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for Wor ...)
@@ -82609,6 +83279,7 @@ CVE-2018-16142 (PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www
 CVE-2018-16141 (ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_ava ...)
 	NOT-FOR-US: ThinkCMF
 CVE-2018-16140 (A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3. ...)
+	{DLA-2073-1}
 	- fig2dev 1:3.2.7a-3 (unimportant; bug #907660)
 	- transfig <removed> (unimportant)
 	NOTE: https://sourceforge.net/p/mcj/tickets/28/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/53ea6f1352c9b6b63b64ed07eaba88f42b604749

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/53ea6f1352c9b6b63b64ed07eaba88f42b604749
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200122/33990d75/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list