automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-02-15 08:10:13 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-02-15 08:10:13 +0000
commit: b8e13f9000e33abad24939b45fa065616a423952 (patch)
tree: 332cf1de8f46951216de5e868cc1412395833597
parent: faaba6d05c46c54b658024e760f4cc0ba7cbf7f5 (diff)
5 files changed, 26 insertions, 27 deletions
diff --git a/data/CVE/list.2013 b/data/CVE/list.2013
index 6e149d345e..ab1cefa4e1 100644
--- a/data/CVE/list.2013
+++ b/data/CVE/list.2013
@@ -8714,8 +8714,7 @@ CVE-2013-4213 (Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does no
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2013-4212 (Certain getText methods in the ActionSupport controller in Apache Roll ...)
 	NOT-FOR-US: Apache Roller
-CVE-2013-4211
-	RESERVED
+CVE-2013-4211 (A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to ...)
 	NOT-FOR-US: OpenX
 CVE-2013-4210 (The org.jboss.remoting.transport.socket.ServerThread class in Red Hat  ...)
 	NOT-FOR-US: JBoss Remoting
diff --git a/data/CVE/list.2016 b/data/CVE/list.2016
index 9f3135972c..5cfd8018f9 100644
--- a/data/CVE/list.2016
+++ b/data/CVE/list.2016
@@ -25872,8 +25872,8 @@ CVE-2016-2339 (An exploitable heap overflow vulnerability exists in the Fiddle::
 	NOTE: Fixed by: https://github.com/ruby/ruby/commit/bcc2421b4938fc1d9f5f3fb6ef2320571b27af42
 	NOTE: Fixed by: https://github.com/ruby/ruby/commit/de577357e80fa15f5cf13a81aa3decc783ea929e
 	NOTE: Fixed by: https://github.com/ruby/ruby/commit/4977af3c3d54d27167bfc237f1b2802c40bddc10
-CVE-2016-2338
-	RESERVED
+CVE-2016-2338 (An exploitable heap overflow vulnerability exists in the Psych::Emitte ...)
+	TODO: check
 CVE-2016-2337 (Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Att ...)
 	{DLA-1480-1}
 	- ruby2.3 2.3.0-1
diff --git a/data/CVE/list.2017 b/data/CVE/list.2017
index e299b7ba27..279d1581f4 100644
--- a/data/CVE/list.2017
+++ b/data/CVE/list.2017
@@ -4852,7 +4852,7 @@ CVE-2017-1000214 (GitPHP by xiphux is vulnerable to OS Command Injections ...)
 CVE-2017-1000207 (A vulnerability in Swagger-Parser's version &lt;= 1.0.30 and Swagger c ...)
 	NOT-FOR-US: Swagger-Parser
 CVE-2017-1000159 (Command injection in evince via filename when printing to PDF. This af ...)
-	{DLA-1882-1 DLA-1881-1 DLA-1204-1}
+	{DSA-4624-1 DLA-1882-1 DLA-1881-1 DLA-1204-1}
 	- atril 1.20.0-1 (low)
 	[stretch] - atril <no-dsa> (Minor issue)
 	- evince 3.25.92-1 (low)
diff --git a/data/CVE/list.2019 b/data/CVE/list.2019
index 86a8121170..514da36657 100644
--- a/data/CVE/list.2019
+++ b/data/CVE/list.2019
@@ -12107,15 +12107,15 @@ CVE-2019-15596 (A path traversal in statics-server exists in all version that al
 	NOT-FOR-US: Node module statics-server
 CVE-2019-15595 (A privilege escalation exists in UniFi Video Controller =&lt;3.10.6 th ...)
 	NOT-FOR-US: UniFi Video Controller
-CVE-2019-15594
-	RESERVED
+CVE-2019-15594 (GitLab 11.8 and later contains a security vulnerability that allows a  ...)
+	TODO: check
 CVE-2019-15593 (GitLab 12.2.3 contains a security vulnerability that allows a user to  ...)
 	[experimental] - gitlab 12.0.8-1
 	- gitlab <unfixed>
 	NOTE: https://hackerone.com/reports/557154
 	NOTE: https://gitlab.com/gitlab-org/gitlab/commit/5af535d919c50951513f5859730afd924a01c29b
-CVE-2019-15592
-	RESERVED
+CVE-2019-15592 (GitLab 12.2.2 and below contains a security vulnerability that allows  ...)
+	TODO: check
 CVE-2019-15591 (An improper access control vulnerability exists in GitLab &lt;12.3.3 t ...)
 	- gitlab <unfixed>
 	NOTE: https://hackerone.com/reports/676976
@@ -16465,12 +16465,12 @@ CVE-2019-13969 (Metinfo 6.x allows SQL Injection via the id parameter in an admi
 	NOT-FOR-US: Metinfo
 CVE-2019-13968
 	RESERVED
-CVE-2019-13967
-	RESERVED
-CVE-2019-13966
-	RESERVED
-CVE-2019-13965
-	RESERVED
+CVE-2019-13967 (iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of  ...)
+	TODO: check
+CVE-2019-13966 (In iTop through 2.6.0, an XSS payload can be delivered in certain fiel ...)
+	TODO: check
+CVE-2019-13965 (Because of a lack of sanitization around error messages, multiple Refl ...)
+	TODO: check
 CVE-2019-13964
 	RESERVED
 CVE-2019-13963
@@ -23340,7 +23340,7 @@ CVE-2019-11460 (An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3
 	[jessie] - gnome-desktop3 <not-affected> (Vulnerable embedded gnome-desktop thumbnail script introduced later)
 	NOTE: https://gitlab.gnome.org/GNOME/gnome-desktop/issues/112
 CVE-2019-11459 (The tiff_document_render() and tiff_document_get_thumbnail() functions ...)
-	{DLA-1882-1 DLA-1881-1}
+	{DSA-4624-1 DLA-1882-1 DLA-1881-1}
 	- atril 1.22.3-1 (unimportant; bug #927821)
 	[buster] - atril 1.20.3-1+deb10u1
 	- evince 3.32.0-3 (unimportant; bug #927820)
@@ -28407,7 +28407,7 @@ CVE-2019-1010008 (OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross
 CVE-2019-1010007
 	RESERVED
 CVE-2019-1010006 (Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Pos ...)
-	{DLA-1882-1 DLA-1881-1}
+	{DSA-4624-1 DLA-1882-1 DLA-1881-1}
 	- atril 1.22.2-1
 	[buster] - atril 1.20.3-1+deb10u1
 	- evince 3.27.92-1
@@ -40300,8 +40300,8 @@ CVE-2019-5188 (A code execution vulnerability exists in the directory rehashing
 	NOTE: Fixed by: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=8dd73c149f418238f19791f9d666089ef9734dff
 	NOTE: Further hardening: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=71ba137571ba13755337e19c9a826dfc874562a36e1b24d3
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973
-CVE-2019-5187
-	RESERVED
+CVE-2019-5187 (An exploitable out-of-bounds write vulnerability exists in the TIFread ...)
+	TODO: check
 CVE-2019-5186
 	RESERVED
 CVE-2019-5185
@@ -42016,8 +42016,8 @@ CVE-2019-4394 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.
 	NOT-FOR-US: IBM
 CVE-2019-4393
 	RESERVED
-CVE-2019-4392
-	RESERVED
+CVE-2019-4392 (HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded cred ...)
+	TODO: check
 CVE-2019-4391
 	RESERVED
 CVE-2019-4390
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 213ef2ac02..acc932e8f5 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -1803,10 +1803,10 @@ CVE-2020-8131
 	RESERVED
 CVE-2020-8130
 	RESERVED
-CVE-2020-8129
-	RESERVED
-CVE-2020-8128
-	RESERVED
+CVE-2020-8129 (An unintended require vulnerability in script-manager npm package vers ...)
+	TODO: check
+CVE-2020-8128 (An unintended require and server-side request forgery vulnerabilities  ...)
+	TODO: check
 CVE-2020-8127
 	RESERVED
 CVE-2020-8126 (A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CG ...)
@@ -6196,8 +6196,8 @@ CVE-2020-6070
 	RESERVED
 CVE-2020-6069 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
 	NOT-FOR-US: Accusoft ImageGear
-CVE-2020-6068
-	RESERVED
+CVE-2020-6068 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
+	TODO: check
 CVE-2020-6067 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
 	NOT-FOR-US: Accusoft ImageGear
 CVE-2020-6066 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
author	security tracker role <sectracker@soriano.debian.org>	2020-02-15 08:10:13 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-02-15 08:10:13 +0000
commit	b8e13f9000e33abad24939b45fa065616a423952 (patch)
tree	332cf1de8f46951216de5e868cc1412395833597
parent	faaba6d05c46c54b658024e760f4cc0ba7cbf7f5 (diff)