From edf9e1e663c9f251766f8ec6697fb6e34f134510 Mon Sep 17 00:00:00 2001
From: CVE Team <cve-request@mitre.org>
Date: Fri, 16 Aug 2019 16:00:46 +0000
Subject: [PATCH] "-Synchronized-Data."

---
 2019/12xxx/CVE-2019-12974.json |  5 +++
 2019/13xxx/CVE-2019-13135.json |  5 +++
 2019/13xxx/CVE-2019-13295.json |  5 +++
 2019/13xxx/CVE-2019-13297.json |  5 +++
 2019/13xxx/CVE-2019-13304.json |  5 +++
 2019/13xxx/CVE-2019-13305.json |  5 +++
 2019/13xxx/CVE-2019-13306.json |  5 +++
 2019/5xxx/CVE-2019-5477.json   | 68 ++++++++++++++++++++++++++++++----
 2019/9xxx/CVE-2019-9850.json   |  5 +++
 2019/9xxx/CVE-2019-9851.json   |  5 +++
 2019/9xxx/CVE-2019-9852.json   |  5 +++
 11 files changed, 111 insertions(+), 7 deletions(-)

diff --git a/2019/12xxx/CVE-2019-12974.json b/2019/12xxx/CVE-2019-12974.json
index 08e0ff94d44..fb43f9bd147 100644
--- a/2019/12xxx/CVE-2019-12974.json
+++ b/2019/12xxx/CVE-2019-12974.json
@@ -61,6 +61,11 @@
                 "refsource": "BID",
                 "name": "108913",
                 "url": "http://www.securityfocus.com/bid/108913"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20190816 [SECURITY] [DLA 1888-1] imagemagick security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html"
             }
         ]
     }
diff --git a/2019/13xxx/CVE-2019-13135.json b/2019/13xxx/CVE-2019-13135.json
index 6e0161bc2de..48d6abd0eb2 100644
--- a/2019/13xxx/CVE-2019-13135.json
+++ b/2019/13xxx/CVE-2019-13135.json
@@ -66,6 +66,11 @@
                 "url": "https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d",
                 "refsource": "MISC",
                 "name": "https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20190816 [SECURITY] [DLA 1888-1] imagemagick security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html"
             }
         ]
     }
diff --git a/2019/13xxx/CVE-2019-13295.json b/2019/13xxx/CVE-2019-13295.json
index ded3f44f1f4..ae80287210a 100644
--- a/2019/13xxx/CVE-2019-13295.json
+++ b/2019/13xxx/CVE-2019-13295.json
@@ -66,6 +66,11 @@
                 "url": "https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953",
                 "refsource": "MISC",
                 "name": "https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20190816 [SECURITY] [DLA 1888-1] imagemagick security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html"
             }
         ]
     }
diff --git a/2019/13xxx/CVE-2019-13297.json b/2019/13xxx/CVE-2019-13297.json
index 0289f22e2c3..00f7f2d9eb6 100644
--- a/2019/13xxx/CVE-2019-13297.json
+++ b/2019/13xxx/CVE-2019-13297.json
@@ -66,6 +66,11 @@
                 "url": "https://github.com/ImageMagick/ImageMagick/commit/604588fc35c7585abb7a9e71f69bb82e4389fefc",
                 "refsource": "MISC",
                 "name": "https://github.com/ImageMagick/ImageMagick/commit/604588fc35c7585abb7a9e71f69bb82e4389fefc"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20190816 [SECURITY] [DLA 1888-1] imagemagick security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html"
             }
         ]
     }
diff --git a/2019/13xxx/CVE-2019-13304.json b/2019/13xxx/CVE-2019-13304.json
index 02d1228065d..3e8ecea403f 100644
--- a/2019/13xxx/CVE-2019-13304.json
+++ b/2019/13xxx/CVE-2019-13304.json
@@ -66,6 +66,11 @@
                 "url": "https://github.com/ImageMagick/ImageMagick/commit/7689875ef64f34141e7292f6945efdf0530b4a5e",
                 "refsource": "MISC",
                 "name": "https://github.com/ImageMagick/ImageMagick/commit/7689875ef64f34141e7292f6945efdf0530b4a5e"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20190816 [SECURITY] [DLA 1888-1] imagemagick security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html"
             }
         ]
     }
diff --git a/2019/13xxx/CVE-2019-13305.json b/2019/13xxx/CVE-2019-13305.json
index 8386a0edf1f..a6fcb178411 100644
--- a/2019/13xxx/CVE-2019-13305.json
+++ b/2019/13xxx/CVE-2019-13305.json
@@ -66,6 +66,11 @@
                 "url": "https://github.com/ImageMagick/ImageMagick/commit/29efd648f38b73a64d73f14cd2019d869a585888",
                 "refsource": "MISC",
                 "name": "https://github.com/ImageMagick/ImageMagick/commit/29efd648f38b73a64d73f14cd2019d869a585888"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20190816 [SECURITY] [DLA 1888-1] imagemagick security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html"
             }
         ]
     }
diff --git a/2019/13xxx/CVE-2019-13306.json b/2019/13xxx/CVE-2019-13306.json
index d2429c936a9..72e95726e92 100644
--- a/2019/13xxx/CVE-2019-13306.json
+++ b/2019/13xxx/CVE-2019-13306.json
@@ -66,6 +66,11 @@
                 "url": "https://github.com/ImageMagick/ImageMagick/commit/e92040ea6ee2a844ebfd2344174076795a4787bd",
                 "refsource": "MISC",
                 "name": "https://github.com/ImageMagick/ImageMagick/commit/e92040ea6ee2a844ebfd2344174076795a4787bd"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20190816 [SECURITY] [DLA 1888-1] imagemagick security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html"
             }
         ]
     }
diff --git a/2019/5xxx/CVE-2019-5477.json b/2019/5xxx/CVE-2019-5477.json
index a7fddc9ac90..1a0e8b23021 100644
--- a/2019/5xxx/CVE-2019-5477.json
+++ b/2019/5xxx/CVE-2019-5477.json
@@ -1,17 +1,71 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-5477",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
     "data_type": "CVE",
+    "data_format": "MITRE",
     "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-5477",
+        "ASSIGNER": "support@hackerone.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Nokogiri (ruby gem)",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Fixed in v1.10.4"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "OS Command Injection (CWE-78)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://hackerone.com/reports/650835",
+                "url": "https://hackerone.com/reports/650835"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc",
+                "url": "https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://github.com/sparklemotion/nokogiri/issues/1915",
+                "url": "https://github.com/sparklemotion/nokogiri/issues/1915"
+            }
+        ]
+    },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4."
             }
         ]
     }
diff --git a/2019/9xxx/CVE-2019-9850.json b/2019/9xxx/CVE-2019-9850.json
index 4aa281deb3e..d91d6aabbd5 100644
--- a/2019/9xxx/CVE-2019-9850.json
+++ b/2019/9xxx/CVE-2019-9850.json
@@ -73,6 +73,11 @@
                 "refsource": "BUGTRAQ",
                 "name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update",
                 "url": "https://seclists.org/bugtraq/2019/Aug/28"
+            },
+            {
+                "refsource": "DEBIAN",
+                "name": "DSA-4501",
+                "url": "https://www.debian.org/security/2019/dsa-4501"
             }
         ]
     },
diff --git a/2019/9xxx/CVE-2019-9851.json b/2019/9xxx/CVE-2019-9851.json
index 84dd8795118..0137a2df118 100644
--- a/2019/9xxx/CVE-2019-9851.json
+++ b/2019/9xxx/CVE-2019-9851.json
@@ -73,6 +73,11 @@
                 "refsource": "BUGTRAQ",
                 "name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update",
                 "url": "https://seclists.org/bugtraq/2019/Aug/28"
+            },
+            {
+                "refsource": "DEBIAN",
+                "name": "DSA-4501",
+                "url": "https://www.debian.org/security/2019/dsa-4501"
             }
         ]
     },
diff --git a/2019/9xxx/CVE-2019-9852.json b/2019/9xxx/CVE-2019-9852.json
index 943cbce7581..71dc8ac05fc 100644
--- a/2019/9xxx/CVE-2019-9852.json
+++ b/2019/9xxx/CVE-2019-9852.json
@@ -73,6 +73,11 @@
                 "refsource": "BUGTRAQ",
                 "name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update",
                 "url": "https://seclists.org/bugtraq/2019/Aug/28"
+            },
+            {
+                "refsource": "DEBIAN",
+                "name": "DSA-4501",
+                "url": "https://www.debian.org/security/2019/dsa-4501"
             }
         ]
     },