[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jun 30 21:10:39 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
637a7764 by security tracker role at 2020-06-30T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,50 @@
-CVE-2017-18922 [fix overflow and refactor websockets decode]
+CVE-2020-15415 (On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, c ...)
+ TODO: check
+CVE-2020-15414
+ RESERVED
+CVE-2020-15413
+ RESERVED
+CVE-2020-15412 (An issue was discovered in MISP 2.4.128. app/Controller/EventsControll ...)
+ TODO: check
+CVE-2020-15411 (An issue was discovered in MISP 2.4.128. app/Controller/AttributesCont ...)
+ TODO: check
+CVE-2020-15410
+ RESERVED
+CVE-2020-15409
+ RESERVED
+CVE-2020-15408
+ RESERVED
+CVE-2020-15407
+ RESERVED
+CVE-2020-15406
+ RESERVED
+CVE-2020-15405
+ RESERVED
+CVE-2020-15404
+ RESERVED
+CVE-2020-15403
+ RESERVED
+CVE-2020-15402
+ RESERVED
+CVE-2020-15401 (IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privile ...)
+ TODO: check
+CVE-2020-15400 (CakePHP before 4.0.6 mishandles CSRF token generation. This might be r ...)
+ TODO: check
+CVE-2020-15399
+ RESERVED
+CVE-2020-15398
+ RESERVED
+CVE-2020-15397 (HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execut ...)
+ TODO: check
+CVE-2020-15396 (In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility ...)
+ TODO: check
+CVE-2020-15395 (In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based b ...)
+ TODO: check
+CVE-2020-15394
+ RESERVED
+CVE-2019-20893 (An issue was discovered in Activision Infinity Ward Call of Duty Moder ...)
+ TODO: check
+CVE-2017-18922 (It was discovered that websockets.c in LibVNCServer prior to 0.9.12 di ...)
- libvncserver 0.9.12+dfsg-3
NOTE: https://github.com/LibVNC/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433
NOTE: https://www.openwall.com/lists/oss-security/2020/06/30/2
@@ -186,8 +232,8 @@ CVE-2020-15309
RESERVED
CVE-2020-15308 (Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-a ...)
NOT-FOR-US: Support Incident Tracker
-CVE-2020-15307
- RESERVED
+CVE-2020-15307 (Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS ( ...)
+ TODO: check
CVE-2020-15306 (An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount a ...)
- openexr <unfixed>
[jessie] - openexr <no-dsa> (Minor issue)
@@ -632,14 +678,14 @@ CVE-2020-15089
RESERVED
CVE-2020-15088
RESERVED
-CVE-2020-15087
- RESERVED
+CVE-2020-15087 (In Presto before version 337, authenticated users can bypass authoriza ...)
+ TODO: check
CVE-2020-15086
RESERVED
-CVE-2020-15085
- RESERVED
-CVE-2020-15084
- RESERVED
+CVE-2020-15085 (In Saleor Storefront before version 2.10.3, request data used to authe ...)
+ TODO: check
+CVE-2020-15084 (In express-jwt (NPM package) up and including version 5.3.3, the algor ...)
+ TODO: check
CVE-2020-15083
RESERVED
CVE-2020-15082
@@ -708,8 +754,8 @@ CVE-2020-15051
RESERVED
CVE-2020-15050
RESERVED
-CVE-2020-15049
- RESERVED
+CVE-2020-15049 (An issue was discovered in http/ContentLengthInterpreter.cc in Squid b ...)
+ TODO: check
CVE-2020-15048
RESERVED
CVE-2020-15047 (MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification er ...)
@@ -798,6 +844,7 @@ CVE-2020-15013
CVE-2020-15012
RESERVED
CVE-2020-15011 (GNU Mailman before 2.1.33 allows arbitrary content injection via the C ...)
+ {DLA-2265-1}
- mailman <removed>
NOTE: https://bugs.launchpad.net/mailman/+bug/1877379
CVE-2020-15010
@@ -918,10 +965,10 @@ CVE-2020-14959 (Multiple XSS vulnerabilities in the Easy Testimonials plugin bef
NOT-FOR-US: Easy Testimonials plugin for WordPress
CVE-2020-14958 (In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not ...)
NOT-FOR-US: Go Git Service
-CVE-2020-14957
- RESERVED
-CVE-2020-14956
- RESERVED
+CVE-2020-14957 (In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allow ...)
+ TODO: check
+CVE-2020-14956 (In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allow ...)
+ TODO: check
CVE-2020-14955 (In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows l ...)
NOT-FOR-US: Jiangmin Antivirus
CVE-2020-14953
@@ -1900,8 +1947,8 @@ CVE-2020-14484
RESERVED
CVE-2020-14483
RESERVED
-CVE-2020-14482
- RESERVED
+CVE-2020-14482 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Ope ...)
+ TODO: check
CVE-2020-14481
RESERVED
CVE-2020-14480
@@ -1917,8 +1964,8 @@ CVE-2020-14476
CVE-2020-14475 (A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0. ...)
- dolibarr <removed>
NOTE: https://github.com/Dolibarr/dolibarr/commit/22ca5e067189bffe8066df26df923a386f044c08
-CVE-2020-14474
- RESERVED
+CVE-2020-14474 (The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on ke ...)
+ TODO: check
CVE-2020-14473 (Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and ...)
NOT-FOR-US: DrayTek
CVE-2020-14472 (DrayTek Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1 ...)
@@ -2367,24 +2414,31 @@ CVE-2020-14407
CVE-2020-14406
RESERVED
CVE-2020-14405 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rf ...)
+ {DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
NOTE: https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365
CVE-2020-14404 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rr ...)
+ {DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
CVE-2020-14403 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/he ...)
+ {DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
CVE-2020-14402 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/co ...)
+ {DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
CVE-2020-14401 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/sc ...)
+ {DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
NOTE: https://github.com/LibVNC/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af
CVE-2020-14400 (An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned da ...)
+ {DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
NOTE: https://github.com/LibVNC/libvncserver/commit/53073c8d7e232151ea2ecd8a1243124121e10e2d
CVE-2020-14399 (An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned da ...)
+ {DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
NOTE: https://github.com/LibVNC/libvncserver/commit/23e5cbe6b090d7f22982aee909a6a618174d3c2d
CVE-2020-14398 (An issue was discovered in LibVNCServer before 0.9.13. An improperly c ...)
@@ -2392,6 +2446,7 @@ CVE-2020-14398 (An issue was discovered in LibVNCServer before 0.9.13. An improp
[jessie] - libvncserver <ignored> (Proposed patch might break ABI consumers)
NOTE: https://github.com/LibVNC/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b
CVE-2020-14397 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rf ...)
+ {DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
NOTE: https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0
CVE-2020-14396 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tl ...)
@@ -2778,6 +2833,7 @@ CVE-2019-20840 (An issue was discovered in LibVNCServer before 0.9.13. libvncser
[jessie] - libvncserver <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibVNC/libvncserver/commit/0cf1400c61850065de590d403f6d49e32882fd76
CVE-2019-20839 (libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer over ...)
+ {DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
NOTE: https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1
CVE-2018-21247 (An issue was discovered in LibVNCServer before 0.9.13. There is an inf ...)
@@ -3180,10 +3236,10 @@ CVE-2020-14060 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the in
NOTE: https://github.com/FasterXML/jackson-databind/issues/2688
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
-CVE-2020-14059
- RESERVED
-CVE-2020-14058
- RESERVED
+CVE-2020-14059 (An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect ...)
+ TODO: check
+CVE-2020-14058 (An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due ...)
+ TODO: check
CVE-2020-14057
RESERVED
CVE-2020-14056
@@ -5544,8 +5600,8 @@ CVE-2020-13097
RESERVED
CVE-2020-13096
RESERVED
-CVE-2020-13095
- RESERVED
+CVE-2020-13095 (Little Snitch version 4.5.1 and older changed ownership of a directory ...)
+ TODO: check
CVE-2020-13094 (Dolibarr before 11.0.4 allows XSS. ...)
- dolibarr <removed>
CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. ...)
@@ -7224,6 +7280,7 @@ CVE-2020-12403
RESERVED
CVE-2020-12402 [Side channel vulnerabilities during RSA key generation]
RESERVED
+ {DLA-2266-1}
- nss 2:3.53.1-1 (bug #963152)
NOTE: https://hg.mozilla.org/projects/nss/rev/699541a7793bbe9b20f1d73dc49e25c6054aa4c1
NOTE: Fixed upstream in 3.53.1
@@ -7233,7 +7290,7 @@ CVE-2020-12400
RESERVED
CVE-2020-12399 [Force a fixed length for DSA exponentiation]
RESERVED
- {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
+ {DSA-4702-1 DSA-4695-1 DLA-2266-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- nss 2:3.53-1 (bug #961752)
@@ -13387,7 +13444,7 @@ CVE-2020-10599 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module
NOT-FOR-US: VISAM VBASE Editor
CVE-2020-10598 (In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES ...)
NOT-FOR-US: Pyxis
-CVE-2020-10597 (The affected insulin pump is designed to communicate using a wireless ...)
+CVE-2020-10597 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Mul ...)
NOT-FOR-US: Insulet
CVE-2020-10596 (OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS atta ...)
NOT-FOR-US: OpenCart
@@ -15868,8 +15925,7 @@ CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M
NOTE: https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222 (9.0.35)
NOTE: https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f (8.5.55)
NOTE: https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06 (7.0.104)
-CVE-2020-9483
- RESERVED
+CVE-2020-9483 (**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the ...)
NOT-FOR-US: Apache SkyWalking
CVE-2020-9482 (If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other ...)
NOT-FOR-US: Apache NiFi
@@ -16364,7 +16420,7 @@ CVE-2020-9298
RESERVED
CVE-2020-9297
RESERVED
-CVE-2020-9296 (Netflix Conductor uses Java Bean Validation (JSR 380) custom constrain ...)
+CVE-2020-9296 (Netflix Titus uses Java Bean Validation (JSR 380) custom constraint va ...)
NOT-FOR-US: Netflix Conductor
CVE-2020-9295
RESERVED
@@ -19971,8 +20027,8 @@ CVE-2020-7818
RESERVED
CVE-2020-7817
RESERVED
-CVE-2020-7816
- RESERVED
+CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+ ...)
+ TODO: check
CVE-2020-7815
RESERVED
CVE-2020-7814
@@ -21699,8 +21755,8 @@ CVE-2020-7051 (Codologic Codoforum through 4.8.4 allows stored XSS in the login
NOT-FOR-US: Codoforum
CVE-2020-7050 (Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creati ...)
NOT-FOR-US: Codoforum
-CVE-2020-7049
- RESERVED
+CVE-2020-7049 (Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_li ...)
+ TODO: check
CVE-2020-7048 (The WordPress plugin, WP Database Reset through 3.1, contains a flaw t ...)
NOT-FOR-US: Wordpress plugin
CVE-2020-7047 (The WordPress plugin, WP Database Reset through 3.1, contains a flaw t ...)
@@ -25164,12 +25220,12 @@ CVE-2020-5605
RESERVED
CVE-2020-5604
RESERVED
-CVE-2020-5603
- RESERVED
-CVE-2020-5602
- RESERVED
-CVE-2020-5601
- RESERVED
+CVE-2020-5603 (Uncontrolled resource consumption vulnerability in Mitsubishi Electori ...)
+ TODO: check
+CVE-2020-5602 (Mitsubishi Electoric FA Engineering Software (CPU Module Logging Confi ...)
+ TODO: check
+CVE-2020-5601 (Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote a ...)
+ TODO: check
CVE-2020-5600
RESERVED
CVE-2020-5599
@@ -25194,24 +25250,24 @@ CVE-2020-5590 (Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and
NOT-FOR-US: EC-CUBE
CVE-2020-5589 (SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, ...)
NOT-FOR-US: SONY
-CVE-2020-5588
- RESERVED
-CVE-2020-5587
- RESERVED
-CVE-2020-5586
- RESERVED
-CVE-2020-5585
- RESERVED
-CVE-2020-5584
- RESERVED
-CVE-2020-5583
- RESERVED
-CVE-2020-5582
- RESERVED
-CVE-2020-5581
- RESERVED
-CVE-2020-5580
- RESERVED
+CVE-2020-5588 (Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows at ...)
+ TODO: check
+CVE-2020-5587 (Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to o ...)
+ TODO: check
+CVE-2020-5586 (Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 al ...)
+ TODO: check
+CVE-2020-5585 (Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 all ...)
+ TODO: check
+CVE-2020-5584 (Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintend ...)
+ TODO: check
+CVE-2020-5583 (Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to ...)
+ TODO: check
+CVE-2020-5582 (Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to ...)
+ TODO: check
+CVE-2020-5581 (Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows re ...)
+ TODO: check
+CVE-2020-5580 (Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to ...)
+ TODO: check
CVE-2020-5579 (SQL injection vulnerability in the Paid Memberships versions prior to ...)
NOT-FOR-US: Paid Memberships
CVE-2020-5578
@@ -28954,8 +29010,8 @@ CVE-2020-4051 (In Dijit before versions 1.11.11, and greater than or equal to 1.
TODO: check
CVE-2020-4045 (SSB-DB version 20.0.0 has an information disclosure vulnerability. The ...)
NOT-FOR-US: SSB-DB
-CVE-2020-4044
- RESERVED
+CVE-2020-4044 (The xrdp-sesman service before version 0.9.13.1 can be crashed by conn ...)
+ TODO: check
CVE-2020-4043 (phpMussel from versions 1.0.0 and less than 1.6.0 has an unserializati ...)
NOT-FOR-US: phpMussel
CVE-2020-4042
@@ -29721,14 +29777,14 @@ CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/603/
CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...)
- {DLA-2049-1}
+ {DSA-4712-1 DLA-2049-1}
- imagemagick <unfixed> (low; bug #947309)
[stretch] - imagemagick <no-dsa> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1561
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617 (7.x)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/34adc98afd5c7e7fb774d2ebdaea39e831c24dce (6.x)
CVE-2019-19948 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in ...)
- {DLA-2049-1}
+ {DSA-4712-1 DLA-2049-1}
- imagemagick <unfixed> (low; bug #947308)
[stretch] - imagemagick <no-dsa> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1562
@@ -36986,12 +37042,12 @@ CVE-2019-19165 (AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerab
NOT-FOR-US: Inogard Ebiz4u
CVE-2019-19164 (dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versio ...)
NOT-FOR-US: Dext5.ocx ActiveX
-CVE-2019-19163
- RESERVED
+CVE-2019-19163 (A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an ...)
+ TODO: check
CVE-2019-19162 (A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 ...)
NOT-FOR-US: TOBESOFT XPLATFORM
-CVE-2019-19161
- RESERVED
+CVE-2019-19161 (CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files require ...)
+ TODO: check
CVE-2019-19160 (Reportexpress ProPlus contains a vulnerability that could allow an arb ...)
NOT-FOR-US: Reportexpress ProPlus
CVE-2019-19159
@@ -44556,6 +44612,7 @@ CVE-2019-17534 (vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips
NOTE: Introduced by: https://github.com/libvips/libvips/commit/https://github.com/libvips/libvips/commit/25e457736173369dcb0f7c09d07af68aedbdc175
NOTE: Fixed by: https://github.com/libvips/libvips/commit/ce684dd008532ea0bf9d4a1d89bacb35f4a83f4d
CVE-2019-17533 (Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' ch ...)
+ {DLA-2267-1}
- libmatio 1.5.17-4 (bug #942255)
[buster] - libmatio <no-dsa> (Minor issue)
[stretch] - libmatio <no-dsa> (Minor issue)
@@ -46811,15 +46868,18 @@ CVE-2019-16716 (OX App Suite through 7.10.2 has Incorrect Access Control. ...)
CVE-2019-16715
RESERVED
CVE-2019-16713 (ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrate ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1558
CVE-2019-16712 (ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in code ...)
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1557
CVE-2019-16711 (ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in code ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1542
CVE-2019-16710 (ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrate ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1528
CVE-2019-16709 (ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrate ...)
@@ -46827,6 +46887,7 @@ CVE-2019-16709 (ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demon
- graphicsmagick 1.4+really1.3.33+hg16117-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1531
CVE-2019-16708 (ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1531
CVE-2019-16707 (Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommon ...)
@@ -51484,7 +51545,7 @@ CVE-2019-15141 (WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allo
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1560
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/3c53413eb544cc567309b4c86485eae43e956112
CVE-2019-15140 (coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to ca ...)
- {DLA-1968-1}
+ {DSA-4712-1 DLA-1968-1}
- imagemagick <unfixed> (bug #941671)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f7206618d27c2e69d977abf40e3035a33e5f6be0
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/5caef6e97f3f575cf7bea497865a4c1e624b8010
@@ -51492,7 +51553,7 @@ CVE-2019-15140 (coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5caef6e97f3f575cf7bea497865a4c1e624b8010
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1554
CVE-2019-15139 (The XWD image (X Window System window dumping file) parsing component ...)
- {DLA-1968-1}
+ {DSA-4712-1 DLA-1968-1}
- imagemagick <unfixed> (bug #941670)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/c78993d138bf480ab4652b5a48379d4ff75ba5f7
@@ -52076,7 +52137,7 @@ CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerabil
NOTE: https://github.com/Exiv2/exiv2/issues/960
NOTE: https://github.com/Exiv2/exiv2/pull/962/commits/e925bc5addd881543fa503470c8a859e112cca62
CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is ...)
- {DLA-1968-1}
+ {DSA-4712-1 DLA-1968-1}
- imagemagick <unfixed> (bug #955025)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1552
@@ -58207,6 +58268,7 @@ CVE-2019-13455 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerabi
[stretch] - xymon 4.3.28-2+deb9u1
NOTE: https://lists.xymon.com/archive/2019-July/046570.html
CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLay ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (low; bug #931740)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (low impact issue)
@@ -58563,6 +58625,7 @@ CVE-2019-13312 (block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-b
NOTE: https://trac.ffmpeg.org/ticket/7980
NOTE: Introduced in http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0321370601833f4ae47e8e11c44570ea4bd382a4
CVE-2019-13311 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1623
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/bb812022d0bc12107db215c981cab0b1ccd73d91
@@ -58571,16 +58634,19 @@ CVE-2019-13310 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1616
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
CVE-2019-13309 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1616
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCor ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (bug #931447)
[stretch] - imagemagick <postponed> (Needs further clarification on patch)
[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1595
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01
CVE-2019-13307 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCor ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (bug #931448)
[jessie] - imagemagick <ignored> (minor issue, patch fairly intrusive)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1615
@@ -58597,12 +58663,12 @@ CVE-2019-13306 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at co
NOTE: later reverted by the CVE-2019-13305 fix which is the right one:
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
CVE-2019-13305 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...)
- {DLA-1888-1}
+ {DSA-4712-1 DLA-1888-1}
- imagemagick <unfixed> (bug #931452)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1613
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
CVE-2019-13304 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...)
- {DLA-1888-1}
+ {DSA-4712-1 DLA-1888-1}
- imagemagick <unfixed> (bug #931453)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1614
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/bfa3b9610c83227894c92b0d312ad327fceb6241
@@ -58616,9 +58682,11 @@ CVE-2019-13302 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in Ma
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d5089971bd792311aaab5cb73460326d7ef7f32d
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1597
CVE-2019-13301 (ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory becau ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/0b7d3675438cbcde824e751895847a0794406e08
CVE-2019-13300 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCor ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (bug #931454)
[jessie] - imagemagick <ignored> (minor issue, patch fairly intrusive)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1586
@@ -58632,7 +58700,7 @@ CVE-2019-13298 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at Mag
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1611
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d4fc44b58a14f76b1ac997517d742ee12c9dc5d3
CVE-2019-13297 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...)
- {DLA-1888-1}
+ {DSA-4712-1 DLA-1888-1}
- imagemagick <unfixed> (bug #931455)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1609
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/35c7032723d85eee7318ff6c82f031fa2666b773
@@ -58643,7 +58711,7 @@ CVE-2019-13296 (ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagic
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ce08a3691a8ac29125e29fc41967b3737fa3f425
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1604
CVE-2019-13295 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...)
- {DLA-1888-1}
+ {DSA-4712-1 DLA-1888-1}
- imagemagick <unfixed> (bug #931457)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1608
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953
@@ -59074,6 +59142,7 @@ CVE-2019-13139 (In Docker before 18.09.4, an attacker who is capable of supplyin
CVE-2019-13138
RESERVED
CVE-2019-13137 (ImageMagick before 7.0.8-50 has a memory leak vulnerability in the fun ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (unimportant; bug #931342)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1601
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7d11230060fa9c8f67e53c85224daf6648805c7b
@@ -59082,7 +59151,7 @@ CVE-2019-13136 (ImageMagick before 7.0.8-50 has an integer overflow vulnerabilit
NOTE: https://github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1602
CVE-2019-13135 (ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnera ...)
- {DLA-1888-1}
+ {DSA-4712-1 DLA-1888-1}
- imagemagick <unfixed> (bug #932079)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1599
@@ -59539,31 +59608,36 @@ CVE-2019-12980 (In Ming (aka libming) 0.4.8, there is an integer overflow (cause
- ming <removed>
NOTE: https://github.com/libming/libming/pull/179/commits/2223f7a1e431455a1411bee77c90db94a6f8e8fe
CVE-2019-12979 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (bug #931189)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1522
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/27b1c74979ac473a430e266ff6c4b645664bc805
CVE-2019-12978 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (low; bug #931190)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1519
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ae1ded6140bfa8ae9f6dcba5413b72d98ed94614
CVE-2019-12977 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (low; bug #931191)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1518
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6103897fae2ed47e24b9cf7de719eea877b0504
CVE-2019-12976 (ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (unimportant; bug #931192)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1520
CVE-2019-12975 (ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXIm ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (unimportant; bug #931193)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1517
CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in coders/pa ...)
- {DLA-1888-1}
+ {DSA-4712-1 DLA-1888-1}
- imagemagick <unfixed> (low; bug #931196)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1515
@@ -63472,7 +63546,7 @@ CVE-2019-11599 (The coredump implementation in the Linux kernel before 5.0.10 do
NOTE: https://marc.info/?l=linux-mm&m=155355419911404&w=2
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in ...)
- {DLA-1785-1}
+ {DSA-4712-1 DLA-1785-1}
- imagemagick <unfixed> (bug #928206)
[stretch] - imagemagick <postponed> (Fix along in next DSA)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1540
@@ -63481,7 +63555,7 @@ CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-r
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1540#issuecomment-491504100
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/dd8efbac0b7fa9dd2da527ea3f629f39bf1c02cb
CVE-2019-11597 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...)
- {DLA-1785-1}
+ {DSA-4712-1 DLA-1785-1}
- imagemagick <unfixed> (bug #928207)
[stretch] - imagemagick <postponed> (Fix along in next DSA)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1555
@@ -63820,6 +63894,7 @@ CVE-2019-11473 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53d4a99c6dad
CVE-2019-11472 (ReadXWDImage in coders/xwd.c in the XWD image parsing component of Ima ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (low; bug #927828)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -63831,7 +63906,7 @@ CVE-2019-11471 (libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::
NOTE: https://github.com/strukturag/libheif/commit/995a4283d8ed2d0d2c1ceb1a577b993df2f0e014
NOTE: https://github.com/strukturag/libheif/issues/123
CVE-2019-11470 (The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attack ...)
- {DLA-1968-1}
+ {DSA-4712-1 DLA-1968-1}
- imagemagick <unfixed> (low; bug #927830)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1472
@@ -66192,6 +66267,7 @@ CVE-2019-10650 (In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-r
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/4800ae0dabdb3012f82820af946060c3ca9fdb87
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/d8d844c6f23f4d90d8fe893fe9225dd78fc1e6ef
CVE-2019-10649 (In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SV ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1533
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d3ae9c19125c8704b4866381f7a064ca2cbdc006
@@ -75930,18 +76006,22 @@ CVE-2019-7400 (Rukovoditel before 2.4.1 allows XSS. ...)
CVE-2019-7399 (Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack agains ...)
NOT-FOR-US: Amazon Fire OS
CVE-2019-7398 (In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1453
CVE-2019-7397 (In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, seve ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (unimportant)
- graphicsmagick 1.4~hg15896-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/306c1f0fa5754ca78efd16ab752f0e981d4f6b82
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1454
CVE-2019-7396 (In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/748a03651e5b138bcaf160d15133de2f4b1b89ce
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1452
CVE-2019-7395 (In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChanne ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/8a43abefb38c5e29138e1c9c515b313363541c06
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1451
@@ -76580,6 +76660,7 @@ CVE-2019-7176 (An issue was discovered in GitLab Community and Enterprise Editio
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-7175 (In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1e6a3ace073c9ec9c71e439c111d23c6e66cb6ae
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1450
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/637a7764d2c6118baaf8192992233fe46723016e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/637a7764d2c6118baaf8192992233fe46723016e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200630/a4153b38/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list