Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1bf745aa by security tracker role at 2019-05-17T08:10:33Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-12151
+ RESERVED
+CVE-2019-12150
+ RESERVED
+CVE-2018-20839 (systemd 242 changes the VT1 mode upon a logout, which allows
attackers ...)
+ TODO: check
CVE-2019-12149
RESERVED
CVE-2019-12148
@@ -2877,33 +2883,28 @@ CVE-2019-10914 (pubRsaDecryptSignedElementExt in
MatrixSSL, as used in Inside Se
- matrixssl <removed>
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1785
NOTE: https://github.com/matrixssl/matrixssl/issues/26
-CVE-2019-10913
- RESERVED
+CVE-2019-10913 (In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before
3.4.26, 4.x ...)
{DSA-4441-1 DLA-1778-1}
- symfony 3.4.22+dfsg-2
NOTE:
https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides
-CVE-2019-10912
- RESERVED
+CVE-2019-10912 (In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before
4.1.12, and 4. ...)
{DSA-4441-1}
- symfony 3.4.22+dfsg-2
[jessie] - symfony <not-affected> (vulnerable code is not present)
NOTE:
https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized
-CVE-2019-10911
- RESERVED
+CVE-2019-10911 (In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before
3.4.26, 4.x ...)
{DSA-4441-1 DLA-1778-1}
- drupal7 <not-affected> (Drupal 7 core not affected)
- symfony 3.4.22+dfsg-2
NOTE: https://www.drupal.org/SA-CORE-2019-005
NOTE:
https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
-CVE-2019-10910
- RESERVED
+CVE-2019-10910 (In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before
3.4.26, 4.x ...)
{DSA-4441-1 DLA-1778-1}
- drupal7 <not-affected> (Drupal 7 core not affected)
- symfony 3.4.22+dfsg-2
NOTE: https://www.drupal.org/SA-CORE-2019-005
NOTE:
https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
-CVE-2019-10909
- RESERVED
+CVE-2019-10909 (In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before
3.4.26, 4.x ...)
{DSA-4441-1 DLA-1778-1}
- drupal7 <not-affected> (Drupal 7 core not affected)
- symfony 3.4.22+dfsg-2
@@ -8713,10 +8714,10 @@ CVE-2019-8927
RESERVED
CVE-2019-8926
RESERVED
-CVE-2019-8925
- RESERVED
-CVE-2019-8924
- RESERVED
+CVE-2019-8925 (An issue was discovered in Zoho ManageEngine Netflow Analyzer
Professi ...)
+ TODO: check
+CVE-2019-8924 (XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret
or titel ...)
+ TODO: check
CVE-2019-8923 (XAMPP through 5.6.8 and previous allows SQL injection via the
cds-fpdf ...)
NOT-FOR-US: XAMPP
CVE-2019-8922
@@ -64978,8 +64979,8 @@ CVE-2018-7193 (Cross-site scripting (XSS) vulnerability
in /scp/directory.php in
NOT-FOR-US: osTicket
CVE-2018-7192 (Cross-site scripting (XSS) vulnerability in
/ajax.php/form/help-topic ...)
NOT-FOR-US: osTicket
-CVE-2018-7191
- RESERVED
+CVE-2018-7191 (In the tun subsystem in the Linux kernel before 4.13.14,
dev_get_valid ...)
+ TODO: check
CVE-2018-7190
RESERVED
CVE-2018-7189
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1bf745aaea1043ab346d5e58074b1ba9b4184714
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1bf745aaea1043ab346d5e58074b1ba9b4184714
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
