Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
68560c4b by security tracker role at 2019-07-07T20:10:25Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2019-13389
+ RESERVED
+CVE-2019-13388
+ RESERVED
+CVE-2019-13387
+ RESERVED
+CVE-2019-13386
+ RESERVED
+CVE-2019-13385
+ RESERVED
+CVE-2019-13384
+ RESERVED
+CVE-2019-13383
+ RESERVED
+CVE-2019-13382
+ RESERVED
+CVE-2019-13381
+ RESERVED
+CVE-2019-13380
+ RESERVED
+CVE-2019-13379 (On AVTECH Room Alert 3E devices before 2.2.5, an attacker with
access ...)
+ TODO: check
+CVE-2019-13378
+ RESERVED
+CVE-2019-13377
+ RESERVED
+CVE-2019-13376
+ RESERVED
CVE-2019-13375 (A SQL Injection was discovered in D-Link Central WiFi Manager
CWM(100) ...)
NOT-FOR-US: D-Link
CVE-2019-13374 (A cross-site scripting (XSS) vulnerability in resource view in
PayActi ...)
@@ -62,6 +90,7 @@ CVE-2019-13347
CVE-2019-13346
RESERVED
CVE-2019-13345 (The cachemgr.cgi web module of Squid through 4.7 has XSS via
the user_ ...)
+ {DLA-1847-1}
- squid <unfixed> (bug #931478)
- squid3 <removed>
NOTE: https://bugs.squid-cache.org/show_bug.cgi?id=4957
@@ -338,6 +367,7 @@ CVE-2019-13235
CVE-2019-13234
RESERVED
CVE-2019-13232 (Info-ZIP UnZip 6.0 mishandles the overlapping of files inside
a ZIP co ...)
+ {DLA-1846-1}
- unzip <unfixed> (bug #931433)
NOTE: https://www.bamsoftware.com/hacks/zipbomb/
NOTE: Fixed by:
https://github.com/madler/unzip/commit/47b3ceae397d21bf822bc2ac73052a4b1daf8e1c
@@ -452,8 +482,8 @@ CVE-2019-13185
RESERVED
CVE-2019-13184
RESERVED
-CVE-2019-13183
- RESERVED
+CVE-2019-13183 (Flarum before 0.1.0-beta.9 allows CSRF against all POST
endpoints, as ...)
+ TODO: check
CVE-2019-13182
RESERVED
CVE-2019-13181
@@ -1946,6 +1976,7 @@ CVE-2019-12596
CVE-2019-12595
RESERVED
CVE-2019-12594 (DOSBox 0.74-2 has Incorrect Access Control. ...)
+ {DLA-1845-1}
- dosbox <unfixed> (bug #931222)
NOTE: Fixed in 0.74-3 upstream.
NOTE: https://github.com/Alexandre-Bartel/CVE-2019-12594
@@ -16584,6 +16615,7 @@ CVE-2019-7167 (Zcash, before the Sapling network
upgrade (2018-10-28), had a cou
CVE-2019-7166
RESERVED
CVE-2019-7165 (A buffer overflow in DOSBox 0.74-2 allows attackers to execute
arbitra ...)
+ {DLA-1845-1}
- dosbox <unfixed> (bug #931222)
NOTE: Fixed in 0.74-3 upstream.
NOTE: Upstream clarification https://sourceforge.net/p/dosbox/bugs/508/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/68560c4bcad3258c5786f237a0fda3143684eaa7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/68560c4bcad3258c5786f237a0fda3143684eaa7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
