[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2018-20745/yii, itp'ed

Mon, 28 Jan 2019 12:35:40 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
57ddd1d5 by Salvatore Bonaccorso at 2019-01-28T20:34:13Z
Add CVE-2018-20745/yii, itp'ed

- - - - -
81863e68 by Salvatore Bonaccorso at 2019-01-28T20:34:39Z
Adjust two previous CVE-2018-6009 and CVE-2018-6010 to be tracked for yii

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2019-6980
 CVE-2019-6979 (An issue was discovered in the User IP History Logs (aka ...)
        NOT-FOR-US: IP History Logs plugin for MyBB
 CVE-2018-20745 (Yii 2.x through 2.0.15.1 actively converts a wildcard CORS 
policy into ...)
-       TODO: check
+       - yii <itp> (bug #597899)
 CVE-2018-20744 (The Olivier Poitrey Go CORS handler through 1.3.0 actively 
converts a ...)
        TODO: check
 CVE-2019-6978 (The GD Graphics Library (aka LibGD) 2.2.5 has a double free in 
the ...)
@@ -54271,9 +54271,9 @@ CVE-2018-6012 (The 'Weather Service' feature of the 
Green Electronics RainMachin
 CVE-2018-6011 (The time-based one-time-password (TOTP) function in the 
application ...)
        NOT-FOR-US: Green Electronics
 CVE-2018-6010 (In Yii Framework 2.x before 2.0.14, remote attackers could 
obtain ...)
-       NOT-FOR-US: Yii Framework
+       - yii <itp> (bug #597899)
 CVE-2018-6009 (In Yii Framework 2.x before 2.0.14, the switchIdentity function 
in ...)
-       NOT-FOR-US: Yii Framework
+       - yii <itp> (bug #597899)
 CVE-2018-6008 (Arbitrary File Download exists in the Jtag Members Directory 
5.3.7 ...)
        NOT-FOR-US: Jtag Members Directory component for Joomla!
 CVE-2018-6007 (CSRF exists in the JS Support Ticket 1.1.0 component for 
Joomla! and ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/978af421ce42725ac173588ebea63385a49ad2d8...81863e6844858a94771569d8242e21c8255bc9a4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/978af421ce42725ac173588ebea63385a49ad2d8...81863e6844858a94771569d8242e21c8255bc9a4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to