automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-02-18 08:10:20 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-02-18 08:10:20 +0000
commit: 389e1321a2f474f2a740c325b722e0f856a8b93f (patch)
tree: 839425fde6ee9eb81d2807c3c74a99bf96baaf10
parent: 8fd590de0787da64a06454dd6817ced174a3ffa1 (diff)
6 files changed, 81 insertions, 77 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index a17b872f5d..f356caa80c 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -10617,7 +10617,7 @@ CVE-2012-2417 (PyCrypto before 2.6 does not produce appropriate prime numbers wh
 CVE-2012-2413 (Cross-site scripting (XSS) vulnerability in the ja_purity template for ...)
 	NOT-FOR-US: Joomla template
 CVE-2012-2412
-	RESERVED
+	REJECTED
 CVE-2012-2411 (Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealP ...)
 	NOT-FOR-US: RealNetworks RealPlayer
 CVE-2012-2410 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlaye ...)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 4c0ccf2f09..05c685fb23 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -6876,8 +6876,7 @@ CVE-2014-8086 (Race condition in the ext4_file_write_iter function in fs/ext4/fi
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	- linux-2.6 <not-affected> (Vulnerable code not present)
 	NOTE: http://www.spinics.net/lists/linux-ext4/msg45683.html
-CVE-2014-8089 [ZF2014-06: SQL injection vector when manually quoting values for sqlsrv extension, using null byte]
-	RESERVED
+CVE-2014-8089 (SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x bef ...)
 	{DSA-3265-1 DLA-251-1}
 	- zendframework 1.12.9+dfsg-1
 	NOTE: http://framework.zend.com/security/advisory/ZF2014-06
@@ -8826,8 +8825,7 @@ CVE-2014-7238 (The WordPress plugin Contact Form Integrated With Google Maps 1.0
 CVE-2014-7237 (lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windo ...)
 	- twiki <removed>
 	NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237
-CVE-2014-7236
-	RESERVED
+CVE-2014-7236 (Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6 ...)
 	- twiki <removed>
 	NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236
 CVE-2014-7235 (htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Rec ...)
@@ -14072,8 +14070,8 @@ CVE-2014-4983
 	RESERVED
 CVE-2014-4982 (LPAR2RRD &#8804; 4.53 and &#8804; 3.5 has arbitrary command injection  ...)
 	NOT-FOR-US: LPAR2RRD
-CVE-2014-4981
-	RESERVED
+CVE-2014-4981 (LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitra ...)
+	TODO: check
 CVE-2014-4980 (The /server/properties resource in Tenable Web UI before 2.3.5 for Nes ...)
 	NOT-FOR-US: Tenable Web UI for Nessus
 CVE-2014-4979 (Apple QuickTime allows remote attackers to execute arbitrary code or c ...)
@@ -22002,8 +22000,7 @@ CVE-2014-1948 (OpenStack Image Registry and Delivery Service (Glance) 2013.2 thr
 	- glance 2013.2.2-1 (bug #738924)
 	[wheezy] - glance <not-affected> (Only affects Havana)
 	NOTE: https://launchpad.net/bugs/1275062
-CVE-2014-1947 [Buffer overflow vulnerability]
-	RESERVED
+CVE-2014-1947 (Stack-based buffer overflow in the WritePSDImage function in coders/ps ...)
 	{DSA-2898-1}
 	- imagemagick 8:6.7.7.10+dfsg-1 (bug #740250)
 	NOTE: http://web.archive.org/web/20090120112751/http://trac.imagemagick.org:80/changeset/13736
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 5a70f71a19..6d529578f3 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -2259,8 +2259,7 @@ CVE-2015-8763 (The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote
 CVE-2015-8762 (The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attac ...)
 	- freeradius <not-affected> (Affects 3.0 up to 3.0.8)
 	NOTE: http://freeradius.org/security.html#eap-pwd-2015
-CVE-2015-8751
-	RESERVED
+CVE-2015-8751 (Integer overflow in the jas_matrix_create function in JasPer allows co ...)
 	- jasper 1.900.1-5.1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1294039
 	NOTE: In 1.900.1-5.1 this issue was fixed as part of the patch for CVE-2008-3520
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 10f5c47968..f4a69f633d 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -17417,6 +17417,7 @@ CVE-2018-14555
 CVE-2018-14554
 	RESERVED
 CVE-2018-14553 (gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL point ...)
+	{DLA-2106-1}
 	- libgd2 <unfixed> (low; bug #951287)
 	[buster] - libgd2 <no-dsa> (Minor issue)
 	[stretch] - libgd2 <no-dsa> (Minor issue)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index f372b8c8ff..cbe6760d16 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -3021,8 +3021,8 @@ CVE-2019-19327 (ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0
 	NOT-FOR-US: Wikibase Wikidata Query Service GUI
 CVE-2019-19326
 	RESERVED
-CVE-2019-19325
-	RESERVED
+CVE-2019-19325 (SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows  ...)
+	TODO: check
 CVE-2019-19324
 	RESERVED
 CVE-2019-19323
@@ -24418,13 +24418,14 @@ CVE-2019-11052
 CVE-2019-11051
 	RESERVED
 CVE-2019-11050 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
-	{DLA-2050-1}
+	{DSA-4626-1 DLA-2050-1}
 	- php7.3 <unfixed>
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in PHP 7.4.1, 7.3.13
 	NOTE: PHP Bug: http://bugs.php.net/78793
 CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplyin ...)
+	{DSA-4626-1}
 	- php7.3 <unfixed>
 	- php7.0 <removed>
 	- php5 <removed>
@@ -24434,21 +24435,21 @@ CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when su
 CVE-2019-11048
 	RESERVED
 CVE-2019-11047 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
-	{DLA-2050-1}
+	{DSA-4626-1 DLA-2050-1}
 	- php7.3 <unfixed>
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in PHP 7.4.1, 7.3.13
 	NOTE: PHP Bug: http://bugs.php.net/78910
 CVE-2019-11046 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP  ...)
-	{DLA-2050-1}
+	{DSA-4626-1 DLA-2050-1}
 	- php7.3 <unfixed>
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in PHP 7.4.1, 7.3.13
 	NOTE: PHP Bug: http://bugs.php.net/78878
 CVE-2019-11045 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP  ...)
-	{DLA-2050-1}
+	{DSA-4626-1 DLA-2050-1}
 	- php7.3 <unfixed>
 	- php7.0 <removed>
 	- php5 <removed>
@@ -25168,8 +25169,8 @@ CVE-2019-10792
 	RESERVED
 CVE-2019-10791
 	RESERVED
-CVE-2019-10790
-	RESERVED
+CVE-2019-10790 (taffy through 2.6.2 allows attackers to forge adding additional proper ...)
+	TODO: check
 CVE-2019-10789 (All versions of curling.js are vulnerable to Command Injection via the ...)
 	NOT-FOR-US: curling.js
 CVE-2019-10788 (im-metadata through 3.0.1 allows remote attackers to execute arbitrary ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index d604c426aa..6914ac8d37 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -565,8 +565,8 @@ CVE-2020-8770
 	RESERVED
 CVE-2020-8769
 	RESERVED
-CVE-2020-8768
-	RESERVED
+CVE-2020-8768 (An issue was discovered on Phoenix Contact Emalytics Controller ILC 20 ...)
+	TODO: check
 CVE-2020-8767
 	RESERVED
 CVE-2020-8766
@@ -2157,12 +2157,12 @@ CVE-2020-8014
 	RESERVED
 CVE-2020-8013
 	RESERVED
-CVE-2020-8012
-	RESERVED
-CVE-2020-8011
-	RESERVED
-CVE-2020-8010
-	RESERVED
+CVE-2020-8012 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...)
+	TODO: check
+CVE-2020-8011 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...)
+	TODO: check
+CVE-2020-8010 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...)
+	TODO: check
 CVE-2020-8009 (AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as  ...)
 	NOT-FOR-US: AVB MOTU devices
 CVE-2020-8008
@@ -2280,8 +2280,8 @@ CVE-2020-7961
 	RESERVED
 CVE-2020-7960
 	RESERVED
-CVE-2020-7959
-	RESERVED
+CVE-2020-7959 (LabVantage LIMS 8.3 does not properly maintain the confidentiality of  ...)
+	TODO: check
 CVE-2020-7958
 	RESERVED
 CVE-2020-7957 (The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle ...)
@@ -4136,6 +4136,7 @@ CVE-2020-7062
 CVE-2020-7061
 	RESERVED
 CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodings,  ...)
+	{DSA-4626-1}
 	- php7.4 7.4.2-7
 	- php7.3 <unfixed>
 	- php7.0 <removed>
@@ -4143,6 +4144,7 @@ CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodi
 	NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27
 	NOTE: PHP Bug: http://bugs.php.net/79037
 CVE-2020-7059 (When using fgetss() function to read data with stripping tags, in PHP  ...)
+	{DSA-4626-1}
 	- php7.4 7.4.2-7
 	- php7.3 <unfixed>
 	- php7.0 <removed>
@@ -7379,8 +7381,8 @@ CVE-2020-5532 (ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo Ap
 	NOT-FOR-US: ilbo App
 CVE-2020-5531 (Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI500 ...)
 	NOT-FOR-US: Mitsubishi
-CVE-2020-5530
-	RESERVED
+CVE-2020-5530 (Cross-site request forgery (CSRF) vulnerability in Easy Property Listi ...)
+	TODO: check
 CVE-2020-5529 (HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Html ...)
 	- htmlunit <removed>
 	NOTE: https://github.com/HtmlUnit/htmlunit/commit/934390fefcd2cd58e6d86f2bc19d811ae17bfa28
@@ -10782,6 +10784,7 @@ CVE-2020-3869
 	RESERVED
 CVE-2020-3868
 	RESERVED
+	{DSA-4627-1}
 	- webkit2gtk 2.26.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -10789,6 +10792,7 @@ CVE-2020-3868
 	NOTE: https://webkitgtk.org/security/WSA-2020-0002.html
 CVE-2020-3867
 	RESERVED
+	{DSA-4627-1}
 	- webkit2gtk 2.26.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -10798,6 +10802,7 @@ CVE-2020-3866
 	RESERVED
 CVE-2020-3865
 	RESERVED
+	{DSA-4627-1}
 	- webkit2gtk 2.26.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -10805,6 +10810,7 @@ CVE-2020-3865
 	NOTE: https://webkitgtk.org/security/WSA-2020-0002.html
 CVE-2020-3864
 	RESERVED
+	{DSA-4627-1}
 	- webkit2gtk 2.26.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -10814,6 +10820,7 @@ CVE-2020-3863
 	RESERVED
 CVE-2020-3862
 	RESERVED
+	{DSA-4627-1}
 	- webkit2gtk 2.26.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -14856,8 +14863,8 @@ CVE-2020-1884
 	RESERVED
 CVE-2020-1883
 	RESERVED
-CVE-2020-1882
-	RESERVED
+CVE-2020-1882 (Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6 ...)
+	TODO: check
 CVE-2020-1881
 	RESERVED
 CVE-2020-1880
@@ -14876,8 +14883,8 @@ CVE-2020-1874
 	RESERVED
 CVE-2020-1873
 	RESERVED
-CVE-2020-1872
-	RESERVED
+CVE-2020-1872 (Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E ...)
+	TODO: check
 CVE-2020-1871 (USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R00 ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1870
@@ -14904,18 +14911,18 @@ CVE-2020-1860
 	RESERVED
 CVE-2020-1859
 	RESERVED
-CVE-2020-1858
-	RESERVED
-CVE-2020-1857
-	RESERVED
-CVE-2020-1856
-	RESERVED
-CVE-2020-1855
-	RESERVED
+CVE-2020-1858 (Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V ...)
+	TODO: check
+CVE-2020-1857 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
+	TODO: check
+CVE-2020-1856 (Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG ...)
+	TODO: check
+CVE-2020-1855 (Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-55 ...)
+	TODO: check
 CVE-2020-1854
 	RESERVED
-CVE-2020-1853
-	RESERVED
+CVE-2020-1853 (GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. ...)
+	TODO: check
 CVE-2020-1852
 	RESERVED
 CVE-2020-1851
@@ -14934,12 +14941,12 @@ CVE-2020-1845
 	RESERVED
 CVE-2020-1844
 	RESERVED
-CVE-2020-1843
-	RESERVED
-CVE-2020-1842
-	RESERVED
-CVE-2020-1841
-	RESERVED
+CVE-2020-1843 (Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), ...)
+	TODO: check
+CVE-2020-1842 (Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version  ...)
+	TODO: check
+CVE-2020-1841 (Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6 ...)
+	TODO: check
 CVE-2020-1840 (HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1839
@@ -14960,14 +14967,14 @@ CVE-2020-1832
 	RESERVED
 CVE-2020-1831
 	RESERVED
-CVE-2020-1830
-	RESERVED
-CVE-2020-1829
-	RESERVED
-CVE-2020-1828
-	RESERVED
-CVE-2020-1827
-	RESERVED
+CVE-2020-1830 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
+	TODO: check
+CVE-2020-1829 (Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospa ...)
+	TODO: check
+CVE-2020-1828 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
+	TODO: check
+CVE-2020-1827 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
+	TODO: check
 CVE-2020-1826 (Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.17 ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1825
@@ -14988,18 +14995,18 @@ CVE-2020-1818
 	RESERVED
 CVE-2020-1817
 	RESERVED
-CVE-2020-1816
-	RESERVED
-CVE-2020-1815
-	RESERVED
-CVE-2020-1814
-	RESERVED
+CVE-2020-1816 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
+	TODO: check
+CVE-2020-1815 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
+	TODO: check
+CVE-2020-1814 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
+	TODO: check
 CVE-2020-1813
 	RESERVED
-CVE-2020-1812
-	RESERVED
-CVE-2020-1811
-	RESERVED
+CVE-2020-1812 (HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P ...)
+	TODO: check
+CVE-2020-1811 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...)
+	TODO: check
 CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei products. The a ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1809
@@ -15038,12 +15045,12 @@ CVE-2020-1793
 	RESERVED
 CVE-2020-1792
 	RESERVED
-CVE-2020-1791
-	RESERVED
-CVE-2020-1790
-	RESERVED
-CVE-2020-1789
-	RESERVED
+CVE-2020-1791 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E7 ...)
+	TODO: check
+CVE-2020-1790 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...)
+	TODO: check
+CVE-2020-1789 (Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with ve ...)
+	TODO: check
 CVE-2020-1788 (Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1787 (HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1 ...)
@@ -15301,8 +15308,7 @@ CVE-2020-1695
 	RESERVED
 CVE-2020-1694
 	RESERVED
-CVE-2020-1693
-	RESERVED
+CVE-2020-1693 (A flaw was found in Spacewalk up to version 2.9 where it was vulnerabl ...)
 	NOT-FOR-US: NOT-FOR-US: Red Hat Satellite / Spacewalk
 CVE-2020-1692 (Moodle before version 3.7.2 is vulnerable to information exposure of s ...)
 	- moodle <removed>
author	security tracker role <sectracker@soriano.debian.org>	2020-02-18 08:10:20 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-02-18 08:10:20 +0000
commit	389e1321a2f474f2a740c325b722e0f856a8b93f (patch)
tree	839425fde6ee9eb81d2807c3c74a99bf96baaf10
parent	8fd590de0787da64a06454dd6817ced174a3ffa1 (diff)