Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c26d6424 by Salvatore Bonaccorso at 2019-06-24T20:40:59Z
Add CVE-2018-20843/expat
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,7 +21,11 @@ CVE-2019-12939 (LiveZilla Server before 8.0.1.1 is
vulnerable to SQL Injection i
CVE-2019-12938 (The Roundcube component of Analogic Poste.io 2.1.6 uses
.htaccess to p ...)
TODO: check
CVE-2018-20843 (In libexpat in Expat before 2.2.7, XML input including XML
names that ...)
- TODO: check
+ - expat <unfixed>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
+ NOTE: https://github.com/libexpat/libexpat/issues/186
+ NOTE: https://github.com/libexpat/libexpat/pull/262
+ NOTE:
https://github.com/libexpat/libexpat/commit/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
CVE-2019-12937 (apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer
overflow ...)
TODO: check
CVE-2019-12936 (BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS
Rebinding for ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c26d642475fb5b6f959bb73073db547e28637a47
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c26d642475fb5b6f959bb73073db547e28637a47
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
