[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 09 May 2019 01:11:10 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
59306100 by security tracker role at 2019-05-09T08:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2019-11835 (cJSON before 1.7.11 allows out-of-bounds access, related to 
multiline  ...)
+       TODO: check
+CVE-2019-11834 (cJSON before 1.7.11 allows out-of-bounds access, related to 
\x00 in a  ...)
+       TODO: check
+CVE-2019-11833
+       RESERVED
+CVE-2019-11832 (TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote 
code execut ...)
+       TODO: check
+CVE-2019-11831 (The PharStreamWrapper (aka phar-stream-wrapper) package 2.x 
before 2.1 ...)
+       TODO: check
+CVE-2019-11830 (PharMetaDataInterceptor in the PharStreamWrapper (aka 
phar-stream-wrap ...)
+       TODO: check
 CVE-2019-XXXX [Insecure deserialization on bundled third-party library "Phar 
Stream Wrapper" (SA-CORE-2019-007)]
        - drupal7 <removed> (bug #928688)
        NOTE: https://www.drupal.org/SA-CORE-2019-007
@@ -19,8 +31,8 @@ CVE-2019-11822
        RESERVED
 CVE-2019-11821
        RESERVED
-CVE-2019-11820
-       RESERVED
+CVE-2019-11820 (Information exposure through process environment vulnerability 
in Syno ...)
+       TODO: check
 CVE-2019-11819 (Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka 
Excel Macro ...)
        NOT-FOR-US: Alkacon OpenCMS
 CVE-2019-11818 (Alkacon OpenCMS v10.5.4 and before is affected by stored cross 
site sc ...)
@@ -11404,8 +11416,8 @@ CVE-2019-7443 (KDE KAuth before 5.55 allows the passing 
of parameters with arbit
        [jessie] - kde4libs <no-dsa> (Minor issue)
        NOTE: 
https://mail.kde.org/pipermail/kde-announce/2019-February/000011.html
        NOTE: 
https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a
-CVE-2019-7442
-       RESERVED
+CVE-2019-7442 (An XML external entity (XXE) vulnerability in the Password 
Vault Web A ...)
+       TODO: check
 CVE-2019-7441 (cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout 
Payment Ga ...)
        NOT-FOR-US: WooCommerce
 CVE-2019-7440 (JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and 
Security Ke ...)
@@ -42161,7 +42173,7 @@ CVE-2018-15319 (On BIG-IP 14.0.0-14.0.0.2, 
13.0.0-13.1.1.1, or 12.1.0-12.1.3.6,
        NOT-FOR-US: F5 BIG-IP
 CVE-2018-15318 (In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 
12.1.3.4-12.1.3.6, If ...)
        NOT-FOR-US: F5 BIG-IP
-CVE-2018-15317 (In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 
11.6.0-11 ...)
+CVE-2018-15317 (In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 
and 11.2. ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2018-15316 (In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, 
and/or Edge  ...)
        NOT-FOR-US: F5 BIG-IP



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/593061002b7acde5f32faff445c4a9751b40a4c8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/593061002b7acde5f32faff445c4a9751b40a4c8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to