[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
088a6b02 by security tracker role at 2019-03-04T20:10:26Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,15 @@
+CVE-2019-9568 (The "Forminator Contact Form, Poll & Quiz 
Builder" plugin before 1.6 ...)
+       TODO: check
+CVE-2019-9567 (The "Forminator Contact Form, Poll & Quiz 
Builder" plugin before 1.6 ...)
+       TODO: check
+CVE-2019-9566 (FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= 
request. ...)
+       TODO: check
+CVE-2019-9565 (Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 
and 10 ...)
+       TODO: check
 CVE-2019-9564
        RESERVED
-CVE-2019-9563
-       RESERVED
+CVE-2019-9563 (In BlueMind 3.5.x before 3.5.11 Hotfix 7 and 4.x before 
4.0-beta3, the ...)
+       TODO: check
 CVE-2019-9562
        RESERVED
 CVE-2019-9561
@@ -24243,16 +24251,19 @@ CVE-2018-19364 (hw/9pfs/cofile.c and hw/9pfs/9p.c in 
QEMU can modify an fid path
 CVE-2018-19363
        RESERVED
 CVE-2018-19362 (FasterXML jackson-databind 2.x before 2.9.8 might allow 
attackers to ...)
+       {DLA-1703-1}
        - jackson-databind 2.9.8-1
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2186
        NOTE: https://issues.apache.org/jira/browse/TINKERPOP-2121
 CVE-2018-19361 (FasterXML jackson-databind 2.x before 2.9.8 might allow 
attackers to ...)
+       {DLA-1703-1}
        - jackson-databind 2.9.8-1
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2186
        NOTE: https://issues.apache.org/jira/browse/TINKERPOP-2121
 CVE-2018-19360 (FasterXML jackson-databind 2.x before 2.9.8 might allow 
attackers to ...)
+       {DLA-1703-1}
        - jackson-databind 2.9.8-1
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2186
@@ -36404,18 +36415,22 @@ CVE-2018-14722 (An issue was discovered in 
evaluate_auto_mountpoint in ...)
        - btrfsmaintenance 0.4.1-2 (bug #906131)
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1102721
 CVE-2018-14721 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote 
...)
+       {DLA-1703-1}
        - jackson-databind 2.9.8-1
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
 CVE-2018-14720 (FasterXML jackson-databind 2.x before 2.9.7 might allow 
attackers to ...)
+       {DLA-1703-1}
        - jackson-databind 2.9.8-1
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
 CVE-2018-14719 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote 
...)
+       {DLA-1703-1}
        - jackson-databind 2.9.8-1
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
 CVE-2018-14718 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote 
...)
+       {DLA-1703-1}
        - jackson-databind 2.9.8-1
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
@@ -43633,11 +43648,13 @@ CVE-2018-12024
        RESERVED
 CVE-2018-12023 [improper polymorphic deserialization of types from Oracle JDBC 
driver]
        RESERVED
+       {DLA-1703-1}
        - jackson-databind 2.9.8-1
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2058
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a1
 CVE-2018-12022 [improper polymorphic deserialization of types from Jodd-db 
library]
        RESERVED
+       {DLA-1703-1}
        - jackson-databind 2.9.8-1
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2052
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a1
@@ -45626,6 +45643,7 @@ CVE-2018-11308
        RESERVED
 CVE-2018-11307 [Potential information exfiltration with default typing, 
serialization gadget from MyBatis]
        RESERVED
+       {DLA-1703-1}
        - jackson-databind 2.9.8-1
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2032
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/27b4defc270454dea6842bd9279f17387eceb737



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/088a6b02451486d4a4c2ae5547a93d10a9d41439

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/088a6b02451486d4a4c2ae5547a93d10a9d41439
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits