[Git][security-tracker-team/security-tracker][master] mariadb, libsass fixed

Moritz Muehlenhoff Tue, 21 May 2019 06:18:32 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7f766980 by Moritz Muehlenhoff at 2019-05-21T13:12:37Z
mariadb, libsass fixed
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4552,8 +4552,10 @@ CVE-2019-10321
        RESERVED
 CVE-2019-10320
        RESERVED
+       NOT-FOR-US: Jenkins plugin
 CVE-2019-10319
        RESERVED
+       NOT-FOR-US: Jenkins plugin
 CVE-2019-10318 (Jenkins Azure AD Plugin 0.3.3 and earlier stored the client 
secret une ...)
        NOT-FOR-US: Jenkins Azure AD Plugin
 CVE-2019-10317 (Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS 
and hostna ...)
@@ -15370,7 +15372,7 @@ CVE-2019-6288
 CVE-2019-6287 (In Rancher 2.0.0 through 2.1.5, project members have continued 
access  ...)
        NOT-FOR-US: Rancher
 CVE-2019-6286 (In LibSass 3.5.5, a heap-based buffer over-read exists in 
Sass::Prelex ...)
-       - libsass <unfixed> (low)
+       - libsass 3.5.5-3 (low)
        [stretch] - libsass <no-dsa> (Minor issue)
        NOTE: https://github.com/sass/libsass/issues/2815
 CVE-2019-6285 (The SingleDocParser::HandleFlowSequence function in yaml-cpp 
(aka LibY ...)
@@ -15383,11 +15385,11 @@ CVE-2019-6285 (The 
SingleDocParser::HandleFlowSequence function in yaml-cpp (aka
        [jessie] - yaml-cpp0.3 <no-dsa> (Minor issue)
        NOTE: https://github.com/jbeder/yaml-cpp/issues/660
 CVE-2019-6284 (In LibSass 3.5.5, a heap-based buffer over-read exists in 
Sass::Prelex ...)
-       - libsass <unfixed> (low)
+       - libsass 3.5.5-3 (low)
        [stretch] - libsass <no-dsa> (Minor issue)
        NOTE: https://github.com/sass/libsass/issues/2816
 CVE-2019-6283 (In LibSass 3.5.5, a heap-based buffer over-read exists in 
Sass::Prelex ...)
-       - libsass <unfixed> (low)
+       - libsass 3.5.5-3 (low)
        [stretch] - libsass <no-dsa> (Minor issue)
        NOTE: https://github.com/sass/libsass/issues/2814
 CVE-2019-6282 (ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with 
firmware W ...)
@@ -25184,12 +25186,12 @@ CVE-2019-2630 (Vulnerability in the MySQL Server 
component of Oracle MySQL (subc
 CVE-2019-2629 (Vulnerability in the Oracle Health Sciences Data Management 
Workbench  ...)
        NOT-FOR-US: Oracle
 CVE-2019-2628 (Vulnerability in the MySQL Server component of Oracle MySQL 
(subcompon ...)
-       - mariadb-10.3 <unfixed> (bug #928393)
+       - mariadb-10.3 1:10.3.15-1 (bug #928393)
        - mysql-5.7 <unfixed> (bug #927308)
        NOTE: 
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
        NOTE: Fixed in MariaDB: 10.3.15
 CVE-2019-2627 (Vulnerability in the MySQL Server component of Oracle MySQL 
(subcompon ...)
-       - mariadb-10.3 <unfixed> (bug #928393)
+       - mariadb-10.3 1:10.3.15-1 (bug #928393)
        - mariadb-10.1 <removed>
        [stretch] - mariadb-10.1 <no-dsa> (Minor issue)
        - mariadb-10.0 <removed>
@@ -25222,7 +25224,7 @@ CVE-2019-2616 (Vulnerability in the BI Publisher 
(formerly XML Publisher) compon
 CVE-2019-2615 (Vulnerability in the Oracle WebLogic Server component of Oracle 
Fusion ...)
        NOT-FOR-US: Oracle
 CVE-2019-2614 (Vulnerability in the MySQL Server component of Oracle MySQL 
(subcompon ...)
-       - mariadb-10.3 <unfixed> (bug #928393)
+       - mariadb-10.3 1:10.3.15-1 (bug #928393)
        - mariadb-10.1 <removed>
        [stretch] - mariadb-10.1 <no-dsa> (Minor issue)
        - mariadb-10.0 <removed>
@@ -28423,7 +28425,7 @@ CVE-2018-19829 (Artica Integria IMS 5.0.83 has CSRF in 
godmode/usuarios/lista_us
 CVE-2018-19828 (Artica Integria IMS 5.0.83 has XSS via the search_string 
parameter. ...)
        NOT-FOR-US: Artica Integria IMS
 CVE-2018-19827 (In LibSass 3.5.5, a use-after-free vulnerability exists in the 
SharedP ...)
-       - libsass <unfixed>
+       - libsass 3.5.5-3
        [stretch] - libsass <no-dsa> (Minor issue)
        NOTE: https://github.com/sass/libsass/issues/2782
 CVE-2018-19826 (** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory 
footprin ...)
@@ -53474,7 +53476,7 @@ CVE-2018-11501 (PHP Scripts Mall Website Seller Script 
2.0.3 has CSRF via user_s
 CVE-2018-11500 (An issue was discovered in PublicCMS V4.0.20180210. There is a 
CSRF vu ...)
        NOT-FOR-US: PublicCMS
 CVE-2018-11499 (A use-after-free vulnerability exists in handle_error() in 
sass_contex ...)
-       - libsass <unfixed> (bug #900182)
+       - libsass 3.5.5-3 (bug #900182)
        [stretch] - libsass <not-affected> (Vulnerability introduced in 3.4.7 
upstream)
        NOTE: https://github.com/sass/libsass/issues/2643
        NOTE: 
https://github.com/sass/libsass/commit/84eaca254ca726531def3569c990089b3154e640



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f766980730f4169bf7a350018692b780dc608fe

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f766980730f4169bf7a350018692b780dc608fe
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] mariadb, libsass fixed

Reply via email to