automatic update

8 files changed, 67 insertions, 46 deletions

diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index 189351bf18..4c87550204 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -3385,8 +3385,7 @@ CVE-2009-5046 (JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. ...
 	- jetty 6.1.22-1 (unimportant; bug #553644)
 	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
 	NOTE: The affected apps are not shipped in the package, see #553644
-CVE-2009-5047 [multiple vulnerabilities in jetty]
-	RESERVED
+CVE-2009-5047 (Jetty 6.x before 6.1.22 suffers from an escape sequence injection vuln ...)
 	- jetty 6.1.22-1 (unimportant; bug #553644)
 	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
 	NOTE: The affected apps are not shipped in the package, see #553644
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index ed31864701..01716fcb2a 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -6301,8 +6301,7 @@ CVE-2011-2918 (The Performance Events subsystem in the Linux kernel before 3.1 d
 	[lenny] - linux-2.6 <not-affected> (perf not yet present)
 CVE-2011-2917 (SQL injection vulnerability in administrator/index2.php in Mambo CMS 4 ...)
 	NOT-FOR-US: Mambo
-CVE-2011-2916
-	RESERVED
+CVE-2011-2916 (qtnx 0.9 stores non-custom SSH keys in a world-readable configuration  ...)
 	- qtnx <removed> (low; bug #637439)
 	[squeeze] - qtnx <no-dsa> (Minor issue)
 CVE-2011-2915 (Off-by-one error in the CSoundFile::ReadAMS2 function in src/load_ams. ...)
@@ -6320,8 +6319,7 @@ CVE-2011-2912 (Stack-based buffer overflow in the CSoundFile::ReadS3M function i
 CVE-2011-2911 (Integer overflow in the CSoundFile::ReadWav function in src/load_wav.c ...)
 	{DSA-2415-1}
 	- libmodplug 1:0.8.8.4-1
-CVE-2011-2910
-	RESERVED
+CVE-2011-2910 (The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check  ...)
 	- ax25-tools 0.0.8-13.2 (low; bug #638198)
 	[lenny] - ax25-tools <no-dsa> (Minor issue)
 	[squeeze] - ax25-tools <no-dsa> (Minor issue)
@@ -6920,8 +6918,7 @@ CVE-2011-2728 (The bsd_glob function in the File::Glob module for Perl before 5.
 	NOTE: requires the attacker to manipulate glob flags
 CVE-2011-2727 (The (1) templatewrap/templatefoot.php, (2) cmsjs/plugin.js.php, and (3 ...)
 	NOT-FOR-US: Tribiq CMS
-CVE-2011-2726 [SA-CORE-2011-003]
-	RESERVED
+CVE-2011-2726 (An access bypass issue was found in Drupal 7.x before version 7.5. If  ...)
 	- drupal7 7.6-1
 CVE-2011-2725 (Directory traversal vulnerability in Ark 4.7.x and earlier allows remo ...)
 	- kdeutils 4:4.6.5-4 (low; bug #635541)
@@ -12420,8 +12417,7 @@ CVE-2011-0705
 	REJECTED
 CVE-2011-0704 (389 Directory Server 1.2.7.5, when built with mozldap, allows remote a ...)
 	NOT-FOR-US: 389 Directory Server
-CVE-2011-0703
-	RESERVED
+CVE-2011-0703 (In gksu-polkit before 0.0.3, the source file for xauth may contain arb ...)
 	- gksu-polkit <removed> (bug #684489)
 	[squeeze] - gksu-polkit <end-of-life> (Unsupported in squeeze-lts)
 CVE-2011-0702 (The feh_unique_filename function in utils.c in feh before 1.11.2 might ...)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index e1fed6f547..dee1129e38 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -1270,17 +1270,14 @@ CVE-2013-7026 (Multiple race conditions in ipc/shm.c in the Linux kernel before
 	- linux 3.12.5-1
 	[wheezy] - linux <not-affected> (Introduced in 8b8d52ac382b)
 	- linux-2.6 <not-affected> (Introduced in 8b8d52ac382b)
-CVE-2013-7089 [dbg_printhex possible information leak]
-	RESERVED
+CVE-2013-7089 (ClamAV before 0.97.7: dbg_printhex possible information leak ...)
 	- clamav 0.97.7+dfsg-1
 	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6804
-CVE-2013-7088 [buffer overflow]
-	RESERVED
+CVE-2013-7088 (ClamAV before 0.97.7 has buffer overflow in the libclamav component ...)
 	- clamav 0.97.7+dfsg-1
 	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6809
 	NOTE: https://github.com/vrtadmin/clamav-devel/commit/e8e3746266dd3f82054ca137b81b800e54de6ebd
-CVE-2013-7087 [[clamav: WWPack corrupt heap memory]
-	RESERVED
+CVE-2013-7087 (ClamAV before 0.97.7 has WWPack corrupt heap memory ...)
 	- clamav 0.97.7+dfsg-1
 	NOTE: https://github.com/vrtadmin/clamav-devel/commit/71990820d01c246e4e61408a3659dd9d92949b38
 	NOTE: from https://github.com/vrtadmin/clamav-devel/commits/master/libclamav/wwunpack.c
@@ -7368,8 +7365,7 @@ CVE-2013-4586
 	RESERVED
 CVE-2013-4585
 	RESERVED
-CVE-2013-4584 [ssl_outgoing_ciphers not applied to STARTTLS connections]
-	RESERVED
+CVE-2013-4584 (Perdition before 2.2 may have weak security when handling outbound con ...)
 	- perdition 2.1-1 (low; bug #729028)
 	[wheezy] - perdition <no-dsa> (Minor issue)
 	[squeeze] - perdition <no-dsa> (Minor issue)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index ac978c7c60..4f33fe52a1 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -26831,13 +26831,11 @@ CVE-2014-0025
 	REJECTED
 CVE-2014-0024
 	RESERVED
-CVE-2014-0023
-	RESERVED
+CVE-2014-0023 (OpenShift: Install script has temporary file creation vulnerability wh ...)
 	NOT-FOR-US: OpenShift
 CVE-2014-0022 (The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and e ...)
 	NOT-FOR-US: yum cron
-CVE-2014-0021 [traffic amplification in cmdmon protocol]
-	RESERVED
+CVE-2014-0021 (Chrony before 1.29.1 has traffic amplification in cmdmon protocol ...)
 	- chrony 1.29.1-1 (low; bug #737644)
 	[squeeze] - chrony <no-dsa> (Minor issue)
 	[wheezy] - chrony <no-dsa> (Minor issue)
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index c0c1a7f1bd..aa72a7ed0e 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -17339,8 +17339,7 @@ CVE-2016-5287 (A potentially exploitable use-after-free crash during actor destr
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1309823
 CVE-2016-5286
 	RESERVED
-CVE-2016-5285
-	RESERVED
+CVE-2016-5285 (Null pointer dereference vulnerability exists in K11_SignWithSymKey /  ...)
 	- nss 2:3.25-1
 	NOTE: Fixed by https://hg.mozilla.org/projects/nss/rev/45c047d18ac4
 	NOTE: Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1306103
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index ee7a30b3e0..69a2257245 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -37525,8 +37525,7 @@ CVE-2017-5732
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686
 	NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
 	NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
-CVE-2017-5731
-	REJECTED
+CVE-2017-5731 (Bounds checking in Tianocompress before November 7, 2017 may allow an  ...)
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686
 	NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
 	NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 91e0bf0358..e458db0e22 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -7511,8 +7511,8 @@ CVE-2018-18370 (The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP co
 	NOT-FOR-US: ASG/ProxySG FTP proxy WebFTP
 CVE-2018-18369 (Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows ...)
 	NOT-FOR-US: Norton Security
-CVE-2018-18368
-	RESERVED
+CVE-2018-18368 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be ...)
+	TODO: check
 CVE-2018-18367 (Symantec Endpoint Protection Manager (SEPM) prior to and including 12. ...)
 	NOT-FOR-US: Symantec
 CVE-2018-18366 (Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior  ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 67df7e2ac7..08e933a00f 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,37 @@
+CVE-2019-19005
+	RESERVED
+CVE-2019-19004
+	RESERVED
+CVE-2019-19003
+	RESERVED
+CVE-2019-19002
+	RESERVED
+CVE-2019-19001
+	RESERVED
+CVE-2019-19000
+	RESERVED
+CVE-2019-18999
+	RESERVED
+CVE-2019-18998
+	RESERVED
+CVE-2019-18997
+	RESERVED
+CVE-2019-18996
+	RESERVED
+CVE-2019-18995
+	RESERVED
+CVE-2019-18994
+	RESERVED
+CVE-2019-18993
+	RESERVED
+CVE-2019-18992
+	RESERVED
+CVE-2019-18991
+	RESERVED
+CVE-2019-18990
+	RESERVED
+CVE-2019-18989
+	RESERVED
 CVE-2019-18988
 	RESERVED
 CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through 1.34 for  ...)
@@ -1395,8 +1429,8 @@ CVE-2019-18374
 	RESERVED
 CVE-2019-18373
 	RESERVED
-CVE-2019-18372
-	RESERVED
+CVE-2019-18372 (Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to ...)
+	TODO: check
 CVE-2019-18371 (An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-s ...)
 	NOT-FOR-US: Xiaomi
 CVE-2019-18370 (An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-s ...)
@@ -9377,8 +9411,7 @@ CVE-2019-14871
 	RESERVED
 CVE-2019-14870
 	RESERVED
-CVE-2019-14869 [-dSAFER escape in .charkeys]
-	RESERVED
+CVE-2019-14869 (A flaw was found in all versions of ghostscript 9.x before 9.28, where ...)
 	{DSA-4569-1 DLA-1992-1}
 	- ghostscript <unfixed> (bug #944760)
 	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f0aa1140032746e5a0abfc40f4cef
@@ -10866,12 +10899,12 @@ CVE-2019-14347 (Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote
 	NOT-FOR-US: Schben Adive
 CVE-2019-14346 (Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CS ...)
 	NOT-FOR-US: Schben Adive
-CVE-2019-14345
-	RESERVED
+CVE-2019-14345 (TemaTres 3.0 allows remote unprivileged users to create an administrat ...)
+	TODO: check
 CVE-2019-14344
 	RESERVED
-CVE-2019-14343
-	RESERVED
+CVE-2019-14343 (TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin ...)
+	TODO: check
 CVE-2019-14342
 	RESERVED
 CVE-2019-14341
@@ -15007,14 +15040,14 @@ CVE-2019-12760 (** DISPUTED ** A deserialization vulnerability exists in the way
 	NOTE: https://gist.github.com/dhondta/f71ae7e5c4234f8edfd2f12503a5dcc7
 	NOTE: https://github.com/davidhalter/parso/issues/75
 	NOTE: Not considered a security issue by upstream
-CVE-2019-12759
-	RESERVED
-CVE-2019-12758
-	RESERVED
-CVE-2019-12757
-	RESERVED
-CVE-2019-12756
-	RESERVED
+CVE-2019-12759 (Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security ...)
+	TODO: check
+CVE-2019-12758 (Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to ...)
+	TODO: check
+CVE-2019-12757 (Symantec Endpoint Protection (SEP), prior to 14.2 RU2 &amp; 12.1 RU6 M ...)
+	TODO: check
+CVE-2019-12756 (Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptib ...)
+	TODO: check
 CVE-2019-12755 (Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an ...)
 	NOT-FOR-US: Norton
 CVE-2019-12754 (Symantec My VIP portal, previous version which has already been auto u ...)
@@ -35711,6 +35744,7 @@ CVE-2019-5070 (An exploitable SQL injection vulnerability exists in the unauthen
 CVE-2019-5069 (A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. ...)
 	NOT-FOR-US: Epignosis eFront LMS
 CVE-2019-5068 (An exploitable shared memory permissions vulnerability exists in the f ...)
+	{DLA-1993-1}
 	- mesa <unfixed> (bug #944298)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857
 	NOTE: https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html
@@ -39301,7 +39335,7 @@ CVE-2019-3467
 	RESERVED
 CVE-2019-3466
 	RESERVED
-	{DSA-4568-1}
+	{DSA-4568-1 DLA-1994-1}
 	- postgresql-common 210
 	NOTE: https://salsa.debian.org/postgresql/postgresql-common/commit/ec9d984b62ed79f61be97b786a9ff4381309979c
 	NOTE: https://blog.mirch.io/2019/11/15/cve-2019-3466-debian-ubuntu-pg_ctlcluster-privilege-escalation/
@@ -39408,7 +39442,7 @@ CVE-2019-3424
 	RESERVED
 CVE-2019-3423
 	RESERVED
-CVE-2019-3422 (Security researcher Shen Ying from the Sec Consult Security Lab report ...)
+CVE-2019-3422 (The Sec Consult Security Lab reported an information disclosure vulner ...)
 	NOT-FOR-US: ZTE
 CVE-2019-3421 (The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE produc ...)
 	NOT-FOR-US: ZTE