automatic update

author: security tracker role <sectracker@soriano.debian.org> 2019-11-20 20:10:22 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2019-11-20 20:10:22 +0000
commit: bc9f68f2890ab1257b1ec27533a5191f84febf13 (patch)
tree: 25c62b7cf883cddbe50236db55c5253d27171f5e /data
parent: e3ec0abafb63815b610cc5d00ce13a61a5569e19 (diff)
8 files changed, 33 insertions, 47 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index caf308ed6b..d0191780c2 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -1528,11 +1528,9 @@ CVE-2010-4661 (udisks before 1.0.3 allows a local user to load arbitrary Linux k
 	[squeeze] - udisks <no-dsa> (Minor issue)
 	NOTE: upstream bug https://bugs.freedesktop.org/show_bug.cgi?id=32232
 	NOTE: fixed by http://cgit.freedesktop.org/udisks/commit/?id=c933a929f07421ec747cebb24d5e620fc2b97037
-CVE-2010-4660
-	RESERVED
+CVE-2010-4660 (Unspecified vulnerability in statusnet through 2010 due to the way add ...)
 	- statusnet <itp> (bug #491723)
-CVE-2010-4659
-	RESERVED
+CVE-2010-4659 (Cross-site scripting (XSS) vulnerability in statusnet through 2010 in  ...)
 	- statusnet <itp> (bug #491723)
 CVE-2010-4658
 	RESERVED
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index 5184c2afb9..32ab8b3359 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -2023,12 +2023,10 @@ CVE-2011-4457 (OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, w
 	NOT-FOR-US: OWASP HTML Sanitizer
 CVE-2011-4456
 	REJECTED
-CVE-2011-4455
-	RESERVED
+CVE-2011-4455 (Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier  ...)
 	- tikiwiki <removed>
 	NOTE: http://secunia.com/advisories/46740/
-CVE-2011-4454
-	RESERVED
+CVE-2011-4454 (Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earl ...)
 	- tikiwiki <removed>
 	NOTE: http://secunia.com/advisories/46740/
 CVE-2011-4453 (The PageListSort function in scripts/pagelist.php in PmWiki 2.x before ...)
@@ -11485,8 +11483,7 @@ CVE-2011-1030 (Cross-site scripting (XSS) vulnerability in the Wikis component i
 	NOT-FOR-US: IBM
 CVE-2011-1029 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert  ...)
 	NOT-FOR-US: IBM
-CVE-2011-1028
-	RESERVED
+CVE-2011-1028 (The $smarty.template variable in Smarty3 allows attackers to possibly  ...)
 	- smarty3 3.0.8-1
 	- smarty <removed>
 	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
@@ -12803,8 +12800,7 @@ CVE-2011-0530 (Buffer overflow in the mainloop function in nbd-server.c in the s
 	{DSA-2183-1}
 	- nbd 1:2.9.16-8 (bug #611187)
 	[etch] - nbd <not-affected> (reintroduced in 2.9.0)
-CVE-2011-0529
-	RESERVED
+CVE-2011-0529 (Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to m ...)
 	- weborf 0.12.5-1
 CVE-2011-0528 (Puppet 2.6.0 through 2.6.3 does not properly restrict access to node r ...)
 	- puppet 2.6.2-3
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 7cd7c725d7..cfba087cd4 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -1416,8 +1416,7 @@ CVE-2012-6138
 	REJECTED
 CVE-2012-6137 (rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does  ...)
 	NOT-FOR-US: Red Hat subscription-manager
-CVE-2012-6136
-	RESERVED
+CVE-2012-6136 (tuned 2.10.0 creates its PID file with insecure permissions which allo ...)
 	- tuned <not-affected> (Fixed before initial release to Debian)
 CVE-2012-6135 (RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to dele ...)
 	- ruby-passenger <not-affected> (Vulnerable code not present; bug #702219)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index dee1129e38..1b13c03fe5 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -19665,16 +19665,13 @@ CVE-2013-0197 (Cross-site scripting (XSS) vulnerability in the filter_draw_selec
 CVE-2013-0196
 	RESERVED
 	NOT-FOR-US: OpenShift
-CVE-2013-0195 [Unspecified XSS]
-	RESERVED
+CVE-2013-0195 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attack ...)
 	- piwik <itp> (bug #506933)
 	NOTE: http://piwik.org/blog/2013/01/piwik-1-10/
-CVE-2013-0194 [Unspecified XSS]
-	RESERVED
+CVE-2013-0194 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attack ...)
 	- piwik <itp> (bug #506933)
 	NOTE: http://piwik.org/blog/2013/01/piwik-1-10/
-CVE-2013-0193 [Unspecified XSS]
-	RESERVED
+CVE-2013-0193 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attack ...)
 	- piwik <itp> (bug #506933)
 	NOTE: http://piwik.org/blog/2013/01/piwik-1-10/
 CVE-2013-0192
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 3404d90594..0fcf258961 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -22680,8 +22680,7 @@ CVE-2015-2091 (The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and
 	NOTE: https://github.com/airtower-luna/mod_gnutls/commit/5a8a32bbfb8a83fe6358c5c31c443325a7775fc2
 CVE-2015-1614 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Imag ...)
 	NOT-FOR-US: WordPress plugin image-metadata-cruncher
-CVE-2015-1607 [memcpy with overlapping ranges, resulting from incorrect bitwise left shifts]
-	RESERVED
+CVE-2015-1607 (kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2 ...)
 	[experimental] - gnupg2 2.1.2-1
 	- gnupg2 2.0.26-5 (bug #778577)
 	[wheezy] - gnupg2 <no-dsa> (Minor issue)
@@ -22691,8 +22690,7 @@ CVE-2015-1607 [memcpy with overlapping ranges, resulting from incorrect bitwise
 	[squeeze] - gnupg <no-dsa> (Too intrusive to backport; minor issue)
 	NOTE: https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html
 	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392
-CVE-2015-1606 [use after free resulting from failure to skip invalid packets]
-	RESERVED
+CVE-2015-1606 (The keyring DB in GnuPG before 2.1.2 does not properly handle invalid  ...)
 	{DSA-3184-1 DLA-175-1}
 	[experimental] - gnupg2 2.1.2-1
 	- gnupg2 2.0.26-5 (bug #778577)
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 86aed6b019..1d82ba52fa 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -3907,8 +3907,7 @@ CVE-2016-9654
 	REJECTED
 CVE-2016-9653
 	REJECTED
-CVE-2016-9652
-	RESERVED
+CVE-2016-9652 (Unspecified vulnerabilities in Google Chrome before 55.0.2883.75. ...)
 	{DSA-3731-1}
 	- chromium-browser 55.0.2883.75-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -17779,8 +17778,7 @@ CVE-2016-5195 (Race condition in mm/gup.c in the Linux kernel 2.x through 4.x be
 	- linux 4.7.8-1
 	NOTE: https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
 	NOTE: Fixed by: https://git.kernel.org/linus/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
-CVE-2016-5194
-	RESERVED
+CVE-2016-5194 (Unspecified vulnerabilities in Google Chrome before 54.0.2840.59. ...)
 	{DSA-3731-1}
 	- chromium-browser 54.0.2840.101-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 2467f87170..0c6292455c 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -27273,7 +27273,8 @@ CVE-2018-10844 (It was found that the GnuTLS implementation of HMAC-SHA-256 was
 	NOTE: https://eprint.iacr.org/2018/747
 CVE-2018-10843 (source-to-image component of Openshift Container Platform before versi ...)
 	NOT-FOR-US: source-to-image in OpenShift
-CVE-2018-10842 (It was found that an authenticated user could manipulate user session  ...)
+CVE-2018-10842
+	REJECTED
 	NOT-FOR-US: Keycloak
 CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster server node ...)
 	- glusterfs 4.1.2-1 (bug #901968)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 04c04a2651..a1972f64db 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -617,8 +617,8 @@ CVE-2019-18860
 	RESERVED
 CVE-2019-18859
 	RESERVED
-CVE-2019-18858
-	RESERVED
+CVE-2019-18858 (CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Con ...)
+	TODO: check
 CVE-2019-18857 (darylldoyle svg-sanitizer before 0.12.0 mishandles script and data val ...)
 	NOT-FOR-US: darylldoyle svg-sanitizer
 CVE-2019-18856 (A Denial Of Service vulnerability exists in the SVG Sanitizer module t ...)
@@ -6593,8 +6593,8 @@ CVE-2019-16201 [Regular Expression Denial of Service vulnerability of WEBrick's
 	- jruby <unfixed>
 	NOTE: https://github.com/ruby/ruby/commit/36e057e26ef2104bc2349799d6c52d22bb1c7d03
 	NOTE: https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/
-CVE-2019-16200
-	RESERVED
+CVE-2019-16200 (GNU Serveez through 0.2.2 has an Information Leak. An attacker may sen ...)
+	TODO: check
 CVE-2019-16199 (eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remot ...)
 	NOT-FOR-US: eQ-3 Homematic CCU2
 CVE-2019-16198 (KSLabs KSWEB 3.93 allows ../ directory traversal, as demonstrated by t ...)
@@ -20715,8 +20715,8 @@ CVE-2019-10767
 	RESERVED
 CVE-2019-10766 (Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL In ...)
 	TODO: check
-CVE-2019-10765
-	RESERVED
+CVE-2019-10765 (iobroker.admin before 3.6.12 allows attacker to include file contents  ...)
+	TODO: check
 CVE-2019-10764 (In elliptic-php versions priot to 1.0.6, Timing attacks might be possi ...)
 	NOT-FOR-US: elliptic-php
 CVE-2019-10763 (pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attack ...)
@@ -35075,12 +35075,12 @@ CVE-2019-5544
 	RESERVED
 CVE-2019-5543
 	RESERVED
-CVE-2019-5542
-	RESERVED
-CVE-2019-5541
-	RESERVED
-CVE-2019-5540
-	RESERVED
+CVE-2019-5542 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1 ...)
+	TODO: check
+CVE-2019-5541 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1 ...)
+	TODO: check
+CVE-2019-5540 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1 ...)
+	TODO: check
 CVE-2019-5539
 	RESERVED
 CVE-2019-5538 (Sensitive information disclosure vulnerability resulting from a lack o ...)
@@ -37220,8 +37220,8 @@ CVE-2019-4563
 	RESERVED
 CVE-2019-4562
 	RESERVED
-CVE-2019-4561
-	RESERVED
+CVE-2019-4561 (IBM Security Identity Manager 6.0.0 could allow a remote attacker to e ...)
+	TODO: check
 CVE-2019-4560
 	RESERVED
 CVE-2019-4559
@@ -37282,8 +37282,8 @@ CVE-2019-4532
 	RESERVED
 CVE-2019-4531
 	RESERVED
-CVE-2019-4530
-	RESERVED
+CVE-2019-4530 (IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an aut ...)
+	TODO: check
 CVE-2019-4529
 	RESERVED
 CVE-2019-4528
@@ -39713,8 +39713,7 @@ CVE-2019-3468
 	RESERVED
 CVE-2019-3467
 	RESERVED
-CVE-2019-3466
-	RESERVED
+CVE-2019-3466 (The pg_ctlcluster script in postgresql-common in versions prior to 210 ...)
 	{DSA-4568-1 DLA-1994-1}
 	- postgresql-common 210
 	NOTE: https://salsa.debian.org/postgresql/postgresql-common/commit/ec9d984b62ed79f61be97b786a9ff4381309979c
author	security tracker role <sectracker@soriano.debian.org>	2019-11-20 20:10:22 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2019-11-20 20:10:22 +0000
commit	bc9f68f2890ab1257b1ec27533a5191f84febf13 (patch)
tree	25c62b7cf883cddbe50236db55c5253d27171f5e /data
parent	e3ec0abafb63815b610cc5d00ce13a61a5569e19 (diff)