Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d529c07f by Moritz Muehlenhoff at 2019-03-11T22:03:01Z
various bugs filed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4756,7 +4756,7 @@ CVE-2019-7631
CVE-2019-7630
RESERVED
CVE-2019-7629 (Stack-based buffer overflow in the strip_vt102_codes function
in ...)
- - tintin++ <unfixed>
+ - tintin++ <unfixed> (bug #924348)
[stretch] - tintin++ <no-dsa> (Minor issue)
[jessie] - tintin++ <no-dsa> (Minor issue)
CVE-2019-7628 (Pagure 5.2 leaks API keys by e-mailing them to users. Few
e-mail ...)
@@ -14607,7 +14607,7 @@ CVE-2018-20595 (A CSRF issue was discovered in ...)
CVE-2018-20594 (An issue was discovered in hsweb 3.0.4. It is a reflected XSS
...)
NOT-FOR-US: hsweb
CVE-2018-20593 (In Mini-XML (aka mxml) v2.12, there is stack-based buffer
overflow in ...)
- - mxml <unfixed>
+ - mxml <unfixed> (low; bug #924353)
[buster] - mxml <ignored> (Minor issue)
[stretch] - mxml <ignored> (Minor issue)
[jessie] - mxml <no-dsa> (Minor issue, only affects the mxmldoc tool)
@@ -14618,7 +14618,7 @@ CVE-2018-20593 (In Mini-XML (aka mxml) v2.12, there is
stack-based buffer overfl
NOTE: https://github.com/michaelrsweet/mxml/issues/237
NOTE: upstream tagged the issue with 'wontfix' and removed mxmldoc code
completely
CVE-2018-20592 (In Mini-XML (aka mxml) v2.12, there is a use-after-free in the
mxmlAdd ...)
- - mxml <unfixed>
+ - mxml <unfixed> (low; bug #924353)
[buster] - mxml <ignored> (Minor issue)
[stretch] - mxml <ignored> (Minor issue)
[jessie] - mxml <no-dsa> (Minor issue, only affected the mxmldoc tool)
@@ -32112,11 +32112,11 @@ CVE-2018-16650 (phpMyFAQ before 2.9.11 allows CSRF.
...)
CVE-2018-16649
RESERVED
CVE-2018-16648 (In Artifex MuPDF 1.13.0, the fz_append_byte function in
fitz/buffer.c ...)
- - mupdf <unfixed>
+ - mupdf <unfixed> (bug #924351)
[jessie] - mupdf <ignored> (Minor issue)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699685
CVE-2018-16647 (In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in
...)
- - mupdf <unfixed>
+ - mupdf <unfixed> (bug #924351)
[jessie] - mupdf <ignored> (Minor issue)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699686
CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj() function in Parser.cc
may cause ...)
@@ -32870,7 +32870,7 @@ CVE-2018-16386
CVE-2018-16385 (ThinkPHP before 5.1.23 allows SQL Injection via the ...)
NOT-FOR-US: ThinkPHP
CVE-2018-16384 (A SQL injection bypass (aka PL1 bypass) exists in OWASP
ModSecurity ...)
- - modsecurity-crs <unfixed> (low)
+ - modsecurity-crs <unfixed> (low; bug #924352)
[buster] - modsecurity-crs <no-dsa> (Minor issue)
[stretch] - modsecurity-crs <no-dsa> (Minor issue)
[jessie] - modsecurity-crs <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d529c07fa3fde4adc00d64619c860181a552108b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d529c07fa3fde4adc00d64619c860181a552108b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
