automatic update

author: security tracker role <sectracker@soriano.debian.org> 2019-02-26 08:10:12 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2019-02-26 08:10:12 +0000
commit: 6d6837521fbc9666b9d8087c72da221390dfd786 (patch)
tree: 0361b42114a43bdf0d1c7fc15d567c9ba2fefdec /data
parent: 596521b9ab74421737cd5e869edb5c50ab1cd8f3 (diff)
4 files changed, 101 insertions, 45 deletions
diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index dc7d139e28..184eb072e6 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -1,3 +1,5 @@
+CVE-2009-5155 (In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in ...)
+	TODO: check
 CVE-2009-5154 (An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a ...)
 	NOT-FOR-US: MOBOTIX
 CVE-2009-5153 (In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing ...)
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 154a1512a0..811d814d14 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -31477,24 +31477,28 @@ CVE-2017-7614 (elflink.c in the Binary File Descriptor (BFD) library (aka libbfd
 	NOTE: https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/
 	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8
 CVE-2017-7613 (elflint.c in elfutils 0.168 does not validate the number of sections ...)
+	{DLA-1689-1}
 	- elfutils 0.168-1 (bug #859990)
 	[wheezy] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21312
 	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=4314716cd498bb51639db717bd7ce6182de33322
 CVE-2017-7612 (The check_sysv_hash function in elflint.c in elfutils 0.168 allows ...)
+	{DLA-1689-1}
 	- elfutils 0.168-1 (bug #859991)
 	[wheezy] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21311
 	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=61fe61898747f63eb35a81c2261f3590a3dab8fd
 CVE-2017-7611 (The check_symtab_shndx function in elflint.c in elfutils 0.168 allows ...)
+	{DLA-1689-1}
 	- elfutils 0.168-1 (bug #859992)
 	[wheezy] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21310
 	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=9a0d9d314a6342b56e3277bd7ad7ecb6e73a7d38
 CVE-2017-7610 (The check_group function in elflint.c in elfutils 0.168 allows remote ...)
+	{DLA-1689-1}
 	- elfutils 0.168-1 (bug #859993)
 	[wheezy] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21320
@@ -31507,6 +31511,7 @@ CVE-2017-7609 (elf_compress.c in elfutils 0.168 does not validate the zlib compr
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21301
 	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/
 CVE-2017-7608 (The ebl_object_note_type_name function in eblobjnotetypename.c in ...)
+	{DLA-1689-1}
 	- elfutils 0.168-1 (bug #859995)
 	[wheezy] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21300
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 586818d9b4..78a7e2f1e0 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1,3 +1,5 @@
+CVE-2018-20796 (In the GNU C Library (aka glibc or libc6) through 2.29, ...)
+	TODO: check
 CVE-2018-20795 (tecrail Responsive FileManager 9.13.4 allows remote attackers to read ...)
 	TODO: check
 CVE-2018-20794 (tecrail Responsive FileManager 9.13.4 allows remote attackers to write ...)
@@ -2325,8 +2327,8 @@ CVE-2018-20065 (Handling of URI action in PDFium in Google Chrome prior to ...)
 	- chromium 71.0.3578.80-1
 CVE-2018-20064 (doorGets 7.0 allows remote attackers to write to arbitrary files via ...)
 	NOT-FOR-US: doorGets
-CVE-2018-20063
-	RESERVED
+CVE-2018-20063 (An issue was discovered in Gurock TestRail 5.6.0.3853. An ...)
+	TODO: check
 CVE-2018-20062 (An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php ...)
 	NOT-FOR-US: NoneCms
 CVE-2018-20061 (A SQL injection issue was discovered in ERPNext 10.x and 11.x through ...)
@@ -2403,8 +2405,8 @@ CVE-2018-20035
 	RESERVED
 CVE-2018-20034
 	RESERVED
-CVE-2018-20033
-	RESERVED
+CVE-2018-20033 (A Remote Code Execution vulnerability in lmgrd and vendor daemon ...)
+	TODO: check
 CVE-2018-20032
 	RESERVED
 CVE-2018-20031
@@ -6290,12 +6292,14 @@ CVE-2018-18523
 CVE-2018-18522
 	RESERVED
 CVE-2018-18521 (Divide-by-zero vulnerabilities in the function arlib_add_symbols() in ...)
+	{DLA-1689-1}
 	- elfutils 0.175-1 (low; bug #911413)
 	[stretch] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23786
 	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2b16a9be69939822dcafe075413468daac98b327
 CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function elf_end in ...)
+	{DLA-1689-1}
 	- elfutils 0.175-1 (low; bug #911414)
 	[stretch] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23787
@@ -6927,6 +6931,7 @@ CVE-2018-18311 (Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflo
 	NOTE: Introduced by: https://perl5.git.perl.org/perl.git/commitdiff/e658793210bbe632a5e80a876acfcd0984c46b87
 	NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/0589f071dc6836de80b24fd798c3336c72ead850
 CVE-2018-18310 (An invalid memory address dereference was discovered in ...)
+	{DLA-1689-1}
 	- elfutils 0.175-1 (bug #911083)
 	[stretch] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23752
@@ -12596,6 +12601,7 @@ CVE-2018-16064
 CVE-2018-16063
 	RESERVED
 CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before ...)
+	{DLA-1689-1}
 	- elfutils 0.175-1 (bug #907562)
 	[stretch] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23541
@@ -13322,7 +13328,7 @@ CVE-2018-15779
 CVE-2018-15778 (Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by ...)
 	NOT-FOR-US: Dell
 CVE-2018-15777
-	RESERVED
+	REJECTED
 CVE-2018-15776 (Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an ...)
 	NOT-FOR-US: EMC iDRAC
 CVE-2018-15775
@@ -18145,12 +18151,12 @@ CVE-2018-13916
 	RESERVED
 CVE-2018-13915
 	RESERVED
-CVE-2018-13914
-	RESERVED
-CVE-2018-13913
-	RESERVED
-CVE-2018-13912
-	RESERVED
+CVE-2018-13914 (Lack of input validation for data received from user space can lead to ...)
+	TODO: check
+CVE-2018-13913 (Improper validation of array index can lead to unauthorized access ...)
+	TODO: check
+CVE-2018-13912 (Arbitrary write issue can occur when user provides kernel address in ...)
+	TODO: check
 CVE-2018-13911
 	RESERVED
 CVE-2018-13910
@@ -18163,11 +18169,9 @@ CVE-2018-13907
 	RESERVED
 CVE-2018-13906
 	RESERVED
-CVE-2018-13905
-	RESERVED
+CVE-2018-13905 (KGSL syncsource lock not handled properly during syncsource cleanup ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-13904
-	RESERVED
+CVE-2018-13904 (Improper input validation in SCM handler to access storage in TZ can ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-13903
 	RESERVED
@@ -18175,8 +18179,7 @@ CVE-2018-13902
 	RESERVED
 CVE-2018-13901
 	RESERVED
-CVE-2018-13900
-	RESERVED
+CVE-2018-13900 (Use-after-free vulnerability will occur as there is no protection for ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-13899
 	RESERVED
@@ -23114,15 +23117,13 @@ CVE-2018-11950 (Unapproved TrustZone applications can be loaded and executed in
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11949
 	RESERVED
-CVE-2018-11948
-	RESERVED
+CVE-2018-11948 (Exceeding the limit of usage entries are not tracked and the ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11947
 	RESERVED
 CVE-2018-11946 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11945
-	RESERVED
+CVE-2018-11945 (Improper input validation in wireless service messaging module for ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11944
 	RESERVED
@@ -23136,25 +23137,21 @@ CVE-2018-11940
 	RESERVED
 CVE-2018-11939
 	RESERVED
-CVE-2018-11938
-	RESERVED
+CVE-2018-11938 (Improper input validation for argument received from HLOS can lead to ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11937
 	RESERVED
 CVE-2018-11936
 	RESERVED
-CVE-2018-11935
-	RESERVED
+CVE-2018-11935 (Improper input validation might result in incorrect app id returned to ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11934
 	RESERVED
 CVE-2018-11933
 	RESERVED
-CVE-2018-11932
-	RESERVED
+CVE-2018-11932 (Improper input validation can lead RW access to secure subsystem from ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11931
-	RESERVED
+CVE-2018-11931 (Improper access to HLOS is possible while transferring memory to CPZ ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11930
 	RESERVED
@@ -23288,8 +23285,7 @@ CVE-2018-11866 (Integer overflow may happen in WLAN when calculating an internal
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11865 (Integer overflow may happen when calculating an internal structure ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11864
-	RESERVED
+CVE-2018-11864 (Bytes can be written to fuses from Secure region which can be read ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11863 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
 	NOT-FOR-US: Qualcomm components for Android
@@ -23327,8 +23323,7 @@ CVE-2018-11847 (Malicious TA can tag QSEE kernel memory and map to EL0, there by
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11846 (The use of a non-time-constant memory comparison operation can lead to ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11845
-	RESERVED
+CVE-2018-11845 (Usage of non-time-constant comparison functions can lead to ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11844
 	RESERVED
@@ -23378,8 +23373,7 @@ CVE-2018-11822 (A possible integer overflow may happen in WLAN during memory ...
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11821 (Possible integer overflow may happen in WLAN during memory allocation ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11820
-	RESERVED
+CVE-2018-11820 (Use of non-time constant memcmp function creates side channel that ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11819
 	RESERVED
@@ -24930,8 +24924,7 @@ CVE-2018-11291 (In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11290 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11289
-	RESERVED
+CVE-2018-11289 (Data truncation during higher to lower type conversion which causes ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11288 (Possible undefined behavior due to lack of size check in function for ...)
 	NOT-FOR-US: Qualcomm components for Android
@@ -39555,8 +39548,7 @@ CVE-2018-5841 (dcc_curr_list is initialized with a default invalid value that is
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5840 (Buffer Copy without Checking Size of Input can occur during the DRM ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5839
-	RESERVED
+CVE-2018-5839 (Improperly configured memory protection allows read/write access to ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5838 (Improper Validation of Array Index In the adreno OpenGL driver in ...)
 	NOT-FOR-US: Qualcomm components for Android
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 97b61c1f1b..ac7bcb6484 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,4 +1,58 @@
-CVE-2019-9162 [netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs]
+CVE-2019-9183
+	RESERVED
+CVE-2019-9182 (There is a CSRF in ZZZCMS zzzphp V1.6.1 via a ...)
+	TODO: check
+CVE-2019-9181 (SchoolCMS version 2.3.1 allows file upload via the logo upload feature ...)
+	TODO: check
+CVE-2019-9180
+	RESERVED
+CVE-2019-9179
+	RESERVED
+CVE-2019-9178
+	RESERVED
+CVE-2019-9177
+	RESERVED
+CVE-2019-9176
+	RESERVED
+CVE-2019-9175
+	RESERVED
+CVE-2019-9174
+	RESERVED
+CVE-2019-9173
+	RESERVED
+CVE-2019-9172
+	RESERVED
+CVE-2019-9171
+	RESERVED
+CVE-2019-9170
+	RESERVED
+CVE-2019-9169 (In the GNU C Library (aka glibc or libc6) through 2.29, ...)
+	TODO: check
+CVE-2019-9168 (WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. ...)
+	TODO: check
+CVE-2019-9167
+	RESERVED
+CVE-2019-9166
+	RESERVED
+CVE-2019-9165
+	RESERVED
+CVE-2019-9164
+	RESERVED
+CVE-2019-9163
+	RESERVED
+CVE-2019-9161
+	RESERVED
+CVE-2019-9160
+	RESERVED
+CVE-2019-9159
+	RESERVED
+CVE-2019-9158
+	RESERVED
+CVE-2019-9157
+	RESERVED
+CVE-2019-9156
+	RESERVED
+CVE-2019-9162 (In the Linux kernel before 4.20.12, ...)
 	- linux <unfixed>
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -3165,6 +3219,7 @@ CVE-2019-7667
 CVE-2019-7666
 	RESERVED
 CVE-2019-7665 (In elfutils 0.175, a heap-based buffer over-read was discovered in the ...)
+	{DLA-1689-1}
 	- elfutils 0.176-1 (low; bug #921880)
 	[stretch] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24089
@@ -4481,12 +4536,14 @@ CVE-2019-7151 (A NULL pointer dereference was discovered in ...)
 	NOTE: https://github.com/WebAssembly/binaryen/commit/2127e64f42da55bb5b9b0ab1995b3ca7fc4e0d0b
 	NOTE: https://github.com/WebAssembly/binaryen/commit/85e95e315a8023c46eb804fe80ebc244bcfdae3e
 CVE-2019-7150 (An issue was discovered in elfutils 0.175. A segmentation fault can ...)
+	{DLA-1689-1}
 	- elfutils 0.176-1 (low; bug #920909)
 	[stretch] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24103
 	NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=da5c5336a1eaf519de246f7d9f0f5585e1d4ac59
 CVE-2019-7149 (A heap-based buffer over-read was discovered in the function ...)
+	{DLA-1689-1}
 	- elfutils 0.176-1 (low; bug #920910)
 	[stretch] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24102
@@ -6075,7 +6132,7 @@ CVE-2019-6448
 	RESERVED
 CVE-2019-6447 (The ES File Explorer File Manager application through 4.1.9.7.4 for ...)
 	NOT-FOR-US: ES File Explorer File Manager application
-CVE-2019-6446 (An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle ...)
+CVE-2019-6446 (** DISPUTED **  ...)
 	- python-numpy 1:1.10.4-1
 	[jessie] - python-numpy <no-dsa> (Minor issue)
 	NOTE: https://github.com/numpy/numpy/issues/12759
@@ -6473,10 +6530,10 @@ CVE-2019-6268
 	RESERVED
 CVE-2019-6267 (The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for ...)
 	NOT-FOR-US: Premium WP Suite Easy Redirect Manager plugin for WordPress
-CVE-2019-6266
-	RESERVED
-CVE-2019-6265
-	RESERVED
+CVE-2019-6266 (Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is ...)
+	TODO: check
+CVE-2019-6265 (The Scripting and AutoUpdate functionality in Cordaware bestinformed ...)
+	TODO: check
 CVE-2019-6264 (An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in ...)
 	NOT-FOR-US: Joomla!
 CVE-2019-6263 (An issue was discovered in Joomla! before 3.9.2. Inadequate checks of ...)
author	security tracker role <sectracker@soriano.debian.org>	2019-02-26 08:10:12 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2019-02-26 08:10:12 +0000
commit	6d6837521fbc9666b9d8087c72da221390dfd786 (patch)
tree	0361b42114a43bdf0d1c7fc15d567c9ba2fefdec /data
parent	596521b9ab74421737cd5e869edb5c50ab1cd8f3 (diff)