[Git][security-tracker-team/security-tracker][master] automatic update

Sun, 07 Apr 2019 13:11:04 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
98d631b4 by security tracker role at 2019-04-07T20:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2019-10913
+       RESERVED
+CVE-2019-10912
+       RESERVED
+CVE-2019-10911
+       RESERVED
+CVE-2019-10910
+       RESERVED
+CVE-2019-10909
+       RESERVED
+CVE-2019-10908 (In Airsonic 10.2.1, RecoverController.java generates passwords 
via org ...)
+       TODO: check
+CVE-2019-10907 (Airsonic 10.2.1 uses Spring's default remember-me mechanism 
based on M ...)
+       TODO: check
 CVE-2019-10906 (In Pallets Jinja before 2.10.1, str.format_map allows a 
sandbox escape ...)
        - jinja2 <unfixed> (bug #926602)
        NOTE: https://palletsprojects.com/blog/jinja-2-10-1-released/
@@ -5,6 +19,7 @@ CVE-2019-10906 (In Pallets Jinja before 2.10.1, str.format_map 
allows a sandbox
 CVE-2019-10905 (Parsedown before 1.7.2, when safe mode is used and HTML markup 
is disa ...)
        NOT-FOR-US: Parsedown
 CVE-2019-10904 (Roundup 1.6 allows XSS via the URI because 
frontends/roundup.cgi and r ...)
+       {DLA-1750-1}
        - roundup <removed> (bug #926587)
        NOTE: https://github.com/python/bugs.python.org/issues/34
        NOTE: https://issues.roundup-tracker.org/issue2551035
@@ -353,10 +368,10 @@ CVE-2019-10743
        RESERVED
 CVE-2019-10742
        RESERVED
-CVE-2019-10741
-       RESERVED
-CVE-2019-10740
-       RESERVED
+CVE-2019-10741 (K-9 Mail v5.600 can include the original quoted HTML code of a 
special ...)
+       TODO: check
+CVE-2019-10740 (In Roundcube Webmail 1.3.4, an attacker in possession of 
S/MIME or PGP ...)
+       TODO: check
 CVE-2019-10739
        RESERVED
 CVE-2019-10738
@@ -365,14 +380,14 @@ CVE-2019-10737
        RESERVED
 CVE-2019-10736
        RESERVED
-CVE-2019-10735
-       RESERVED
-CVE-2019-10734
-       RESERVED
+CVE-2019-10735 (In Claws Mail 3.14.1, an attacker in possession of S/MIME or 
PGP encry ...)
+       TODO: check
+CVE-2019-10734 (In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP 
encrypt ...)
+       TODO: check
 CVE-2019-10733
        RESERVED
-CVE-2019-10732
-       RESERVED
+CVE-2019-10732 (In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP 
encrypt ...)
+       TODO: check
 CVE-2019-10731
        RESERVED
 CVE-2019-10730
@@ -491,6 +506,7 @@ CVE-2019-1003052 (Jenkins AWS Elastic Beanstalk Publisher 
Plugin stores credenti
 CVE-2019-1003051 (Jenkins IRC Plugin stores credentials unencrypted in its 
global config ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2019-10868 (In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 
4.4 befo ...)
+       {DSA-4426-1}
        - tryton-server 5.0.4-2
        [jessie] - tryton-server <not-affected> (vulnerable code is not present)
        NOTE: https://discuss.tryton.org/t/security-release-for-issue8189/1262



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/98d631b4b8c97d682f8cfc1dc66b7c144484f084

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/98d631b4b8c97d682f8cfc1dc66b7c144484f084
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to