Details of VAR-201902-0855

ID

VAR-201902-0855

CVE

CVE-2019-7317

TITLE

libpng Resource Management Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201902-012

DESCRIPTION

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. libpng is prone to a denial-of-service vulnerability. An attacker may exploit this issue to crash the affected application, resulting in a denial-of-service condition. libpng version 1.6.36 is vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2019:1265-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1265 Issue date: 2019-05-23 CVE Names: CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c 1676997 - CVE-2018-18511 mozilla: Cross-origin theft of images with ImageBitmapRenderingContext 1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia 1712617 - CVE-2019-11691 Mozilla: Use-after-free in XMLHttpRequest 1712618 - CVE-2019-11692 Mozilla: Use-after-free removing listeners in the event listener manager 1712619 - CVE-2019-11693 Mozilla: Buffer overflow in WebGL bufferdata on Linux 1712621 - CVE-2019-11698 Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks 1712622 - CVE-2019-9797 Mozilla: Cross-origin theft of images with createImageBitmap 1712623 - CVE-2019-9800 Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 1712625 - CVE-2019-9816 Mozilla: Type confusion with object groups and UnboxedObjects 1712626 - CVE-2019-9817 Mozilla: Stealing of cross-domain images using canvas 1712628 - CVE-2019-9819 Mozilla: Compartment mismatch with fetch API 1712629 - CVE-2019-9820 Mozilla: Use-after-free of ChromeEventHandler by DocShell 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: firefox-60.7.0-1.el7_6.src.rpm x86_64: firefox-60.7.0-1.el7_6.x86_64.rpm firefox-debuginfo-60.7.0-1.el7_6.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-60.7.0-1.el7_6.i686.rpm firefox-debuginfo-60.7.0-1.el7_6.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-60.7.0-1.el7_6.src.rpm ppc64: firefox-60.7.0-1.el7_6.ppc64.rpm firefox-debuginfo-60.7.0-1.el7_6.ppc64.rpm ppc64le: firefox-60.7.0-1.el7_6.ppc64le.rpm firefox-debuginfo-60.7.0-1.el7_6.ppc64le.rpm s390x: firefox-60.7.0-1.el7_6.s390x.rpm firefox-debuginfo-60.7.0-1.el7_6.s390x.rpm x86_64: firefox-60.7.0-1.el7_6.x86_64.rpm firefox-debuginfo-60.7.0-1.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: firefox-60.7.0-1.el7_6.src.rpm aarch64: firefox-60.7.0-1.el7_6.aarch64.rpm firefox-debuginfo-60.7.0-1.el7_6.aarch64.rpm ppc64le: firefox-60.7.0-1.el7_6.ppc64le.rpm firefox-debuginfo-60.7.0-1.el7_6.ppc64le.rpm s390x: firefox-60.7.0-1.el7_6.s390x.rpm firefox-debuginfo-60.7.0-1.el7_6.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): x86_64: firefox-60.7.0-1.el7_6.i686.rpm firefox-debuginfo-60.7.0-1.el7_6.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-60.7.0-1.el7_6.src.rpm x86_64: firefox-60.7.0-1.el7_6.x86_64.rpm firefox-debuginfo-60.7.0-1.el7_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-60.7.0-1.el7_6.i686.rpm firefox-debuginfo-60.7.0-1.el7_6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-18511 https://access.redhat.com/security/cve/CVE-2019-5798 https://access.redhat.com/security/cve/CVE-2019-7317 https://access.redhat.com/security/cve/CVE-2019-9797 https://access.redhat.com/security/cve/CVE-2019-9800 https://access.redhat.com/security/cve/CVE-2019-9816 https://access.redhat.com/security/cve/CVE-2019-9817 https://access.redhat.com/security/cve/CVE-2019-9819 https://access.redhat.com/security/cve/CVE-2019-9820 https://access.redhat.com/security/cve/CVE-2019-11691 https://access.redhat.com/security/cve/CVE-2019-11692 https://access.redhat.com/security/cve/CVE-2019-11693 https://access.redhat.com/security/cve/CVE-2019-11698 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXOa9NtzjgjWX9erEAQjJMQ//YCJ2neCX+EW9jtNzMzJ5XN0pUgLrz5Me 4AP0z1wH40oILuLzgpClMNu8a589SynU9CksnLAOqleunDMIYUU1rD5g7At64VKq BoVtEGY9UfGi/rhx/Xp3nrLlweDxs57yFDCGHCci4AqS4LwT3w/a0z2VkuRQ76yh ETRGdCtEmC8Ybizs5Oge4b205CoHLLGbPf8xdQ2rtX+0/Ch+lqH6MLDPMNuW0YhM Ihh/O8PHZVZwDjWrDVcPvBXENuP84H/KG03F/SURnn40sbGIz8Cw8SUXoGUQWUjz 3FxD3sd8KZfnHvs7iXdBHTW4svFJH2lmbyaIdN5yz5F1jcfyIS6DJ+HBPXYwS5AA ryZ9UlOQKgSYV6dbY/38X+ZRHwwBYAYpOceGKrrpn0J87hI/T+KVB7Wn8jKbEQZ+ s8A8s65Taa2FSi021cIBb30lgULRW5FNMmv1n8D5OVI7r4fCvx4rl5nzRRXcIaKc mgBQO6MvJre2InsLnx+djfdejnzbA7y8cPjuLBF5hCaHLmX6apZLZf+h7ZBL5Sjc LZC4m562Xfp2/N3kDfj2Oqxnk9M52933dpBHEbR9Sba+Vz/n/j4kTzsP+Za7P7AR Vdrf3Wa4/3rjmric1HCzCwLDGUS947NQo5yOnSv7Zpz4MJErpiVeHyKChoEIHyc1 fKlOXCgcXzc=Lhyh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64 3. For the stable distribution (stretch), these problems have been fixed in version 60.7.0esr-1~deb9u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzlvbsACgkQEMKTtsN8 Tjbjdw//SFhYHCEUthqN3/dLBiaxWDgroWKROjsm13N+83Tc859m5oGFutT1X5Ry C57MaxZ6Jfv5lh2jnIzFbOOTc3iMZak5NhhvMeq/SK9FlR/IqZ3wXIzUELBC8o3v iEXZfD6MDycNnlhe4034zzwevxy4+/olXk1mU9ePsoO3LWkFIFRpkE5EhV+5ZIUh OPadgArSzVe2mS/+HpIAzAaJHii8fe3PmUprYzf1rNReR7NfA21mZtHiD/X57Sq4 NT6st/W8aqEblc57fcAMJJve3H7lvbPqB7GPoVsFhIauHV6Sa6/ks8cyqMiF5KLj dz7DSAFkdpd0cRF/94jWy13dzeZ3+koH4M4pdqk41R3Cb4VixNdBxMsJKsn25efE AbR/6rF6IFmWe0PswyHHPmwsd/+5w2r5Az/mlQn/3vVtVL8XoZLpGrLx4WT03Fi7 c9Ax/TniB/tAVseR7SkaawuvAzCtN9RtQ/7q7z9jEvSZV6AgYsQzQuCzn/jHXGuq Ay3coWxRAFBHTE4HgFrZRtZmRuoZ2lMIoN+jYiicZ9UAG5IXVexo9JWZGWR1QWnS U3AwK0Qi7firv3/lz3IgTdAdwK/P38nfVRtQmtZfnsk6wCDDp7F67Fb1kH4ZXPUl 0DjtVTaxSXqtsqDXhx6jS26w9n9NThax2+JRpdcAnDx5gyCu1zo= =r0k3 -----END PGP SIGNATURE----- . 8) - aarch64, ppc64le, s390x, x86_64 3. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. Security Fix(es): * IBM JDK: Failure to privatize a value pulled out of the loop by versioning (CVE-2019-11775) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c 1730056 - CVE-2019-2769 OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) 1730099 - CVE-2019-2816 OpenJDK: Missing URL format validation (Networking, 8221518) 1730415 - CVE-2019-2762 OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) 1738549 - CVE-2019-11775 IBM JDK: Failure to privatize a value pulled out of the loop by versioning 6. Description: Mozilla Thunderbird is a standalone mail and newsgroup client

Trust: 1.89

sources: NVD: CVE-2019-7317 // BID: 108098 // VULMON: CVE-2019-7317 // PACKETSTORM: 153064 // PACKETSTORM: 154069 // PACKETSTORM: 153011 // PACKETSTORM: 153067 // PACKETSTORM: 154068 // PACKETSTORM: 153158 // PACKETSTORM: 154282

AFFECTED PRODUCTS

vendor:	opensuse	model:	package hub	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.04	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux for scientific computing	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	satellite	scope:	eq	version:	5.8	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power big endian	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux for scientific computing	scope:	eq	version:	7.0	Trust: 1.0
vendor:	oracle	model:	hyperion infrastructure technology	scope:	eq	version:	11.2.6.0	Trust: 1.0
vendor:	hpe	model:	xp7 command view advanced edition suite	scope:	lt	version:	8.7.0-00	Trust: 1.0
vendor:	netapp	model:	snapmanager	scope:	eq	version:	3.4.2	Trust: 1.0
vendor:	oracle	model:	java se	scope:	eq	version:	8u212	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	lt	version:	9.6	Trust: 1.0
vendor:	netapp	model:	e-series santricity storage manager	scope:	lt	version:	11.53	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	lt	version:	1.6.37	Trust: 1.0
vendor:	netapp	model:	e-series santricity management	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power big endian	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	netapp	model:	steelstore	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	gte	version:	1.6.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	netapp	model:	oncommand insight	scope:	lt	version:	7.3.9	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	lt	version:	8.0.23	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	12.0.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux for ibm z systems	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	42.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power little endian	scope:	eq	version:	8.0	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	9.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	netapp	model:	oncommand workflow automation	scope:	lt	version:	5.1	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	e-series santricity web services	scope:	lt	version:	4.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux for ibm z systems	scope:	eq	version:	6.0	Trust: 1.0
vendor:	netapp	model:	snapmanager	scope:	lt	version:	3.4.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	netapp	model:	e-series santricity unified manager	scope:	lt	version:	3.2	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.10	Trust: 1.0
vendor:	oracle	model:	java se	scope:	eq	version:	7u221	Trust: 1.0
vendor:	redhat	model:	enterprise linux for ibm z systems	scope:	eq	version:	7.0	Trust: 1.0
vendor:	netapp	model:	plug-in for symantec netbackup	scope:	eq	version:	-	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	hp	model:	xp7 command view	scope:	lt	version:	8.7.0-00	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power little endian	scope:	eq	version:	7.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.36	Trust: 0.3
vendor:	libpng	model:	libpng	scope:	ne	version:	1.6.37	Trust: 0.3

sources: BID: 108098 // NVD: CVE-2019-7317

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-7317
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-201902-012
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2019-7317
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-7317
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

nvd@nist.gov:	CVE-2019-7317
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2019-7317 // CNNVD: CNNVD-201902-012 // NVD: CVE-2019-7317

PROBLEMTYPE DATA

problemtype:

CWE-416

Trust: 1.0

sources: NVD: CVE-2019-7317

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-012

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201902-012

PATCH

title:	Debian CVElist Bug Report Logs: libpng1.6: CVE-2019-7317: use-after-free in png_image_free in png.c	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=ef2bbc82329f4e3dd9e23c0137af2a7b	Trust: 0.1
title:	Ubuntu Security Notice: libpng1.6 vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3962-1	Trust: 0.1
title:	Debian Security Advisories: DSA-4435-1 libpng1.6 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=d60ba88361ab9afdcad18ca2a106ac3b	Trust: 0.1
title:	Red Hat: Important: java-1.7.1-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192494 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-1.7.1-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192495 - Security Advisory	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201904-10] libpng: denial of service	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201904-10	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192737 - Security Advisory	Trust: 0.1
title:	Red Hat: CVE-2019-7317	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-7317	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192585 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192590 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192592 - Security Advisory	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2019-7317	Trust: 0.1
title:	Red Hat: Important: thunderbird security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191308 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: thunderbird security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191310 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: firefox security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191265 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: firefox security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191269 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: thunderbird security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191309 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: openjdk-lts vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4083-1	Trust: 0.1
title:	Red Hat: Critical: firefox security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191267 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: openjdk-8 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4080-1	Trust: 0.1
title:	Ubuntu Security Notice: thunderbird vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3997-1	Trust: 0.1
title:	Debian Security Advisories: DSA-4451-1 thunderbird -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=1cf7f39c2c474666174a69cf97b06740	Trust: 0.1
title:	Ubuntu Security Notice: firefox regression	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3991-3	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=61e62f4d9c861153c6391afc0ec560a4	Trust: 0.1
title:	Debian Security Advisories: DSA-4448-1 firefox-esr -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=e2d9ccf571c31c1011ad31af2798140f	Trust: 0.1
title:	Ubuntu Security Notice: firefox regression	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3991-2	Trust: 0.1
title:	Ubuntu Security Notice: firefox vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3991-1	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201905-8] thunderbird: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201905-8	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2019-1246	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1246	Trust: 0.1
title:	Mozilla: Mozilla Foundation Security Advisory 2019-14	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=2019-14	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple Mozilla Firefox vulnerability in IBM SONAS	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4a8e20a238934bc47ca332a3c76cc9c3	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager and Hitachi Infrastructure Analytics Advisor	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2019-117	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (January 2020v2)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=acad3ac1b2767940a01b72ed1b51586b	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201905-9] firefox: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201905-9	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2019-116	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2019-1229	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1229	Trust: 0.1
title:	Mozilla: Security vulnerabilities fixed in Firefox ESR 60.7	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=554d832b08166d6d04a53f3c421e7f9b	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jul 2019 – Includes Oracle Jul 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=de7b9859dff396513e72da22ffc4ab3e	Trust: 0.1
title:	Mozilla: Mozilla Foundation Security Advisory 2019-15	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=2019-15	Trust: 0.1
title:	Mozilla: Security vulnerabilities fixed in Thunderbird 60.7	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=198e3a670ab8c803584e801da3919e61	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=836b059f33e614408bd51705b325caaf	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=b352b6737bfbf2a62b0a2201928e8963	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1ad5c6091de269fb79e0c4d1c06b0846	Trust: 0.1
title:	Mozilla: Security vulnerabilities fixed in Firefox 67	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=730fce689efe63b7de803de0d8794796	Trust: 0.1
title:	Mozilla: Mozilla Foundation Security Advisory 2019-13	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=2019-13	Trust: 0.1
title:	IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-z	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4ef3e54cc5cdc194f0526779f9480f89	Trust: 0.1

sources: VULMON: CVE-2019-7317

EXTERNAL IDS

db:	NVD	id:	CVE-2019-7317	Trust: 2.7
db:	BID	id:	108098	Trust: 2.0
db:	PACKETSTORM	id:	152561	Trust: 1.7
db:	PACKETSTORM	id:	152664	Trust: 0.6
db:	PACKETSTORM	id:	152702	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1877	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1491	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4466	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0775	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1454	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4293	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4381	Trust: 0.6
db:	CS-HELP	id:	SB2021042108	Trust: 0.6
db:	CNNVD	id:	CNNVD-201902-012	Trust: 0.6
db:	VULMON	id:	CVE-2019-7317	Trust: 0.1
db:	PACKETSTORM	id:	153064	Trust: 0.1
db:	PACKETSTORM	id:	154069	Trust: 0.1
db:	PACKETSTORM	id:	153011	Trust: 0.1
db:	PACKETSTORM	id:	153067	Trust: 0.1
db:	PACKETSTORM	id:	154068	Trust: 0.1
db:	PACKETSTORM	id:	153158	Trust: 0.1
db:	PACKETSTORM	id:	154282	Trust: 0.1

sources: VULMON: CVE-2019-7317 // BID: 108098 // PACKETSTORM: 153064 // PACKETSTORM: 154069 // PACKETSTORM: 153011 // PACKETSTORM: 153067 // PACKETSTORM: 154068 // PACKETSTORM: 153158 // PACKETSTORM: 154282 // CNNVD: CNNVD-201902-012 // NVD: CVE-2019-7317

REFERENCES

url:	http://packetstormsecurity.com/files/152561/slackware-security-advisory-libpng-updates.html	Trust: 2.9
url:	https://www.debian.org/security/2019/dsa-4435	Trust: 2.6
url:	https://usn.ubuntu.com/3962-1/	Trust: 2.4
url:	http://www.securityfocus.com/bid/108098	Trust: 2.4
url:	https://www.debian.org/security/2019/dsa-4451	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 2.3
url:	https://github.com/glennrp/libpng/issues/275	Trust: 2.0
url:	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803	Trust: 2.0
url:	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Trust: 2.0
url:	https://access.redhat.com/errata/rhsa-2019:1265	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:1269	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:1310	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2494	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2495	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2585	Trust: 1.8
url:	https://seclists.org/bugtraq/2019/apr/30	Trust: 1.7
url:	https://seclists.org/bugtraq/2019/apr/36	Trust: 1.7
url:	https://usn.ubuntu.com/3991-1/	Trust: 1.7
url:	https://seclists.org/bugtraq/2019/may/56	Trust: 1.7
url:	https://seclists.org/bugtraq/2019/may/59	Trust: 1.7
url:	https://www.debian.org/security/2019/dsa-4448	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:1267	Trust: 1.7
url:	https://seclists.org/bugtraq/2019/may/67	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html	Trust: 1.7
url:	https://usn.ubuntu.com/3997-1/	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:1309	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:1308	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20190719-0005/	Trust: 1.7
url:	https://usn.ubuntu.com/4080-1/	Trust: 1.7
url:	https://usn.ubuntu.com/4083-1/	Trust: 1.7
url:	https://security.gentoo.org/glsa/201908-02	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2590	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2592	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2737	Trust: 1.7
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbst03977en_us	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 1.7
url:	https://access.redhat.com/security/cve/cve-2019-7317	Trust: 1.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7317	Trust: 1.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1672409	Trust: 0.9
url:	https://access.redhat.com/articles/11258	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.6
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://access.redhat.com/security/team/key/	Trust: 0.6
url:	https://github.com/glennrp/libpng/issues/275exploitissue trackingthird party advisory	Trust: 0.6
url:	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803mailing listthird party advisory	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193060-1.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1096270	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1106139	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1106487	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1106553	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1106493	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-sdk-java-technology-edition-affects-ibm-performance-management-products-3/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/79850	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4381/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1107879	Trust: 0.6
url:	https://packetstormsecurity.com/files/152702/ubuntu-security-notice-usn-3962-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/79998	Trust: 0.6
url:	https://packetstormsecurity.com/files/152664/debian-security-advisory-4435-1.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affects-ibm-agile-lifecycle-manager/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-6/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1138432	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4293/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4466/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1074382	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1137448	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0775/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-version-7-version-8-that-is-used-by-ibm-workload-scheduler/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042108	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1877/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18511	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9820	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11698	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11691	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9819	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9800	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9817	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9797	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5798	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11693	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11692	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9816	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-9817	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-11698	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-9797	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-11692	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-11693	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-9819	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-18511	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-9820	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-9800	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-11691	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-5798	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11775	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2762	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-11775	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2816	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2769	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-2762	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-2816	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-2769	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-9816	Trust: 0.2
url:	https://www.mozilla.org/en-us/security/advisories/mfsa2019-14/	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/416.html	Trust: 0.1
url:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=59551	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/firefox-esr	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://www.mozilla.org/en-us/security/advisories/mfsa2019-15/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11772	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2786	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11772	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-2786	Trust: 0.1

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 153064 // PACKETSTORM: 154069 // PACKETSTORM: 153067 // PACKETSTORM: 154068 // PACKETSTORM: 153158 // PACKETSTORM: 154282

SOURCES

db:	VULMON	id:	CVE-2019-7317
db:	BID	id:	108098
db:	PACKETSTORM	id:	153064
db:	PACKETSTORM	id:	154069
db:	PACKETSTORM	id:	153011
db:	PACKETSTORM	id:	153067
db:	PACKETSTORM	id:	154068
db:	PACKETSTORM	id:	153158
db:	PACKETSTORM	id:	154282
db:	CNNVD	id:	CNNVD-201902-012
db:	NVD	id:	CVE-2019-7317

LAST UPDATE DATE

2024-11-23T21:19:16.418000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2019-7317	date:	2022-05-23T00:00:00
db:	BID	id:	108098	date:	2019-01-25T00:00:00
db:	CNNVD	id:	CNNVD-201902-012	date:	2021-10-20T00:00:00
db:	NVD	id:	CVE-2019-7317	date:	2024-11-21T04:48:00.033

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2019-7317	date:	2019-02-04T00:00:00
db:	BID	id:	108098	date:	2019-01-25T00:00:00
db:	PACKETSTORM	id:	153064	date:	2019-05-23T16:55:25
db:	PACKETSTORM	id:	154069	date:	2019-08-15T20:14:50
db:	PACKETSTORM	id:	153011	date:	2019-05-22T23:44:44
db:	PACKETSTORM	id:	153067	date:	2019-05-23T16:56:40
db:	PACKETSTORM	id:	154068	date:	2019-08-15T20:14:24
db:	PACKETSTORM	id:	153158	date:	2019-06-03T14:02:22
db:	PACKETSTORM	id:	154282	date:	2019-09-02T17:37:20
db:	CNNVD	id:	CNNVD-201902-012	date:	2019-02-04T00:00:00
db:	NVD	id:	CVE-2019-7317	date:	2019-02-04T08:29:00.447