Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
64008dba by security tracker role at 2019-11-22T20:10:27Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2019-19240 (Embedthis GoAhead before 5.0.1 mishandles redirected HTTP
requests wit ...)
+ TODO: check
+CVE-2019-19239
+ RESERVED
+CVE-2019-19238
+ RESERVED
+CVE-2019-19237
+ RESERVED
+CVE-2019-19236
+ RESERVED
+CVE-2019-19235
+ RESERVED
+CVE-2019-19234
+ RESERVED
+CVE-2019-19233
+ RESERVED
+CVE-2019-19232
+ RESERVED
+CVE-2019-19231
+ RESERVED
+CVE-2019-19230
+ RESERVED
+CVE-2019-19229
+ RESERVED
+CVE-2019-19228
+ RESERVED
+CVE-2019-19227 (In the AppleTalk subsystem in the Linux kernel before 5.1,
there is a ...)
+ TODO: check
CVE-2019-19226
RESERVED
CVE-2019-19225
@@ -476,8 +504,8 @@ CVE-2019-19015
RESERVED
CVE-2019-19014
RESERVED
-CVE-2019-19013
- RESERVED
+CVE-2019-19013 (A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to
upload an ...)
+ TODO: check
CVE-2019-19012 (An integer overflow in the search_in_range function in
regexec.c in On ...)
- libonig <unfixed> (bug #944959)
NOTE: https://github.com/kkos/oniguruma/issues/164
@@ -557,8 +585,8 @@ CVE-2019-18978 (An issue was discovered in the rack-cors
(aka Rack CORS Middlewa
NOTE: https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4
CVE-2019-18977
RESERVED
-CVE-2019-18976
- RESERVED
+CVE-2019-18976 (An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk
through ...)
+ TODO: check
CVE-2019-18975
RESERVED
CVE-2019-18974
@@ -1014,8 +1042,8 @@ CVE-2019-18792
RESERVED
CVE-2019-18791
RESERVED
-CVE-2019-18790
- RESERVED
+CVE-2019-18790 (An issue was discovered in channels/chan_sip.c in Sangoma
Asterisk 13. ...)
+ TODO: check
CVE-2019-18789
RESERVED
CVE-2019-18788
@@ -3586,8 +3614,8 @@ CVE-2019-18612 (An issue was discovered in the
AbuseFilter extension through 1.3
NOT-FOR-US: AbuseFilter MediaWiki extension
CVE-2019-18611 (An issue was discovered in the CheckUser extension through
1.34 for Me ...)
NOT-FOR-US: CheckUser MediaWiki extension
-CVE-2019-18610
- RESERVED
+CVE-2019-18610 (An issue was discovered in manager.c in Sangoma Asterisk
through 13.x, ...)
+ TODO: check
CVE-2019-18609
RESERVED
CVE-2019-18608 (Cezerin v0.33.0 allows unauthorized order-information
modification bec ...)
@@ -7517,10 +7545,10 @@ CVE-2019-17448
RESERVED
CVE-2019-17447
RESERVED
-CVE-2019-17446
- RESERVED
-CVE-2019-17445
- RESERVED
+CVE-2019-17446 (An issue was discovered in Eracent EPA Agent through 10.2.26.
The agen ...)
+ TODO: check
+CVE-2019-17445 (An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW,
and SUM Ag ...)
+ TODO: check
CVE-2019-17444
RESERVED
CVE-2019-17443
@@ -9197,8 +9225,8 @@ CVE-2019-16765
RESERVED
CVE-2019-16764
RESERVED
-CVE-2019-16763
- RESERVED
+CVE-2019-16763 (In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized
for data ...)
+ TODO: check
CVE-2019-16762 (A specially crafted Bitcoin script can cause a discrepancy
between the ...)
NOT-FOR-US: SLP
CVE-2019-16761 (A specially crafted Bitcoin script can cause a discrepancy
between the ...)
@@ -12307,8 +12335,8 @@ CVE-2019-15654
RESERVED
CVE-2019-15653
RESERVED
-CVE-2019-15652
- RESERVED
+CVE-2019-15652 (The web interface for NSSLGlobal SatLink VSAT Modem Unit (VMU)
devices ...)
+ TODO: check
CVE-2019-15651 (wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in
DecodeCert ...)
- wolfssl 4.1.0+dfsg-2
NOTE: https://github.com/wolfSSL/wolfssl/issues/2421
@@ -16659,7 +16687,7 @@ CVE-2019-14442 (In mpc8_read_header in
libavformat/mpc8.c in Libav 12.3, an inpu
{DLA-1907-1}
- libav <removed>
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1159
-CVE-2019-14441 (An issue was discovered in Libav 12.3. An access violation
allows remo ...)
+CVE-2019-14441 (** DISPUTED ** An issue was discovered in Libav 12.3. An
access violat ...)
- libav <removed>
[jessie] - libav <postponed> (no patch, ffmpeg backport fails, sent
info upstream)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1161#c0
@@ -29123,8 +29151,7 @@ CVE-2019-14856 [Incomplete fix for CVE-2019-10206]
- ansible <not-affected> (Incomplete fix for CVE-2019-10206 not applied)
NOTE: https://github.com/ansible/ansible/pull/63351
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760829
-CVE-2019-10206 [disclosure data when prompted for password and template
characters are passed]
- RESERVED
+CVE-2019-10206 (ansible-playbook -k and ansible cli tools, all versions 2.8.x
before 2 ...)
- ansible 2.8.6+dfsg-1 (bug #933005)
[buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <no-dsa> (Minor issue)
@@ -29141,8 +29168,7 @@ CVE-2019-10205
NOT-FOR-US: Red Hat Quay
CVE-2019-10204
RESERVED
-CVE-2019-10203 [PowerDNS Security Advisory 2019-06: Denial of service via
crafted zone records]
- RESERVED
+CVE-2019-10203 (PowerDNS Authoritative daemon , all versions pdns 4.1.x before
pdns 4. ...)
- pdns 4.2.0-1 (low)
[buster] - pdns <no-dsa> (Minor issue)
[stretch] - pdns <no-dsa> (Minor issue)
@@ -32114,8 +32140,8 @@ CVE-2019-9538
RESERVED
CVE-2019-9537
RESERVED
-CVE-2019-9536
- RESERVED
+CVE-2019-9536 (Apple iPhone 3GS bootrom malloc implementation returns a
non-NULL poin ...)
+ TODO: check
CVE-2019-9535 (A vulnerability exists in the way that iTerm2 integrates with
tmux's c ...)
NOT-FOR-US: iTerm2
CVE-2019-9534 (The Cobham EXPLORER 710, firmware version 1.07, does not
validate its ...)
@@ -44801,10 +44827,10 @@ CVE-2019-4572 (IBM FileNet Content Manager 5.5.2 and
5.5.3 in specific configura
NOT-FOR-US: IBM
CVE-2019-4571 (IBM Content Navigator 3.0CD is vulnerable to cross-site
scripting. Thi ...)
NOT-FOR-US: IBM
-CVE-2019-4570
- RESERVED
-CVE-2019-4569
- RESERVED
+CVE-2019-4570 (IBM Tivoli Netcool Impact 7.1.0 through 7.1.0.16 generates an
error me ...)
+ TODO: check
+CVE-2019-4569 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.16 is
vulnerable to cr ...)
+ TODO: check
CVE-2019-4568
RESERVED
CVE-2019-4567
@@ -45455,8 +45481,8 @@ CVE-2019-4245
RESERVED
CVE-2019-4244
RESERVED
-CVE-2019-4243
- RESERVED
+CVE-2019-4243 (IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows
unauthorized discl ...)
+ TODO: check
CVE-2019-4242
RESERVED
CVE-2019-4241 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow
an auth ...)
@@ -45509,12 +45535,12 @@ CVE-2019-4218 (IBM Security Information Queue (ISIQ)
1.0.0, 1.0.1, and 1.0.2 all
NOT-FOR-US: IBM
CVE-2019-4217 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2
could al ...)
NOT-FOR-US: IBM
-CVE-2019-4216
- RESERVED
-CVE-2019-4215
- RESERVED
-CVE-2019-4214
- RESERVED
+CVE-2019-4216 (IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to
possible ...)
+ TODO: check
+CVE-2019-4215 (IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a
remote atta ...)
+ TODO: check
+CVE-2019-4214 (IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the
secure a ...)
+ TODO: check
CVE-2019-4213
RESERVED
CVE-2019-4212 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request
forger ...)
@@ -47519,10 +47545,10 @@ CVE-2019-3430
RESERVED
CVE-2019-3429
RESERVED
-CVE-2019-3428
- RESERVED
-CVE-2019-3427
- RESERVED
+CVE-2019-3428 (The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted
by a c ...)
+ TODO: check
+CVE-2019-3427 (The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted
by a c ...)
+ TODO: check
CVE-2019-3426 (The 9000EV5.0R1B12 version, and all earlier versions of ZTE
product ZX ...)
NOT-FOR-US: ZTE
CVE-2019-3425 (The 9000EV5.0R1B12 version, and all earlier versions of ZTE
product ZX ...)
@@ -59128,7 +59154,7 @@ CVE-2018-19134 (In Artifex Ghostscript through 9.25,
the setpattern operator did
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7c8f85a23db24031945af3cacb2c0b4740e67072
(ghostscript-9.26)
CVE-2018-19133 (In Flarum Core 0.1.0-beta.7.1, a serious leak can get
everyone's email ...)
NOT-FOR-US: Flarum Core
-CVE-2018-19130 (In Libav 12.3, there is an invalid memory access in
vc1_decode_frame i ...)
+CVE-2018-19130 (** DISPUTED ** In Libav 12.3, there is an invalid memory
access in vc1 ...)
- libav <removed>
[jessie] - libav <ignored> (cf. CVE-2017-17127)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1139
@@ -81314,8 +81340,7 @@ CVE-2018-10855 (Ansible 2.5 prior to 2.5.5, and 2.4
prior to 2.4.5, do not honor
[jessie] - ansible <not-affected> (vulnerable code not present)
NOTE: https://github.com/ansible/ansible/pull/41414
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1588855
-CVE-2018-10854
- RESERVED
+CVE-2018-10854 (cloudforms version, cloudforms 5.8 and cloudforms 5.9, is
vulnerable t ...)
NOT-FOR-US: Red Hat CloudForms
CVE-2018-10853 (A flaw was found in the way Linux kernel KVM hypervisor before
4.18 em ...)
{DLA-1423-1 DLA-1422-1}
@@ -196848,8 +196873,7 @@ CVE-2015-7830 (The pcapng_read_if_descr_block
function in wiretap/pcapng.c in th
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-30.html
CVE-2015-7811
RESERVED
-CVE-2015-7810
- RESERVED
+CVE-2015-7810 (libbluray MountManager class has a time-of-check time-of-use
(TOCTOU) ...)
- libbluray 1:0.9.1-1 (low)
[jessie] - libbluray <no-dsa> (Minor issue, too intrusive to backport)
[wheezy] - libbluray <no-dsa> (Minor issue)
@@ -202577,8 +202601,7 @@ CVE-2015-5695 (Designate 2015.1.0 through 1.0.0.0b1
as packaged in OpenStack Kil
[experimental] - designate 1:1.0.0~b2-1
- designate 2015.1.0+2015.08.26.git34.9fa07c5798-1 (bug #796108)
[jessie] - designate 2014.1-18+deb8u1
-CVE-2015-5694 [does not enforce the DNS protocol limit concerning record set
sizes]
- RESERVED
+CVE-2015-5694 (Designate does not enforce the DNS protocol limit concerning
record se ...)
[experimental] - designate 1:1.0.0~b2-1
- designate 2015.1.0+2015.08.26.git34.9fa07c5798-1 (bug #796108)
[jessie] - designate <not-affected> (Vulnerable code doesn't exist)
@@ -214200,8 +214223,7 @@ CVE-2015-1781 (Buffer overflow in the gethostbyname_r
and other unspecified NSS
- eglibc <removed>
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18287
NOTE: Upstream commit:
https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386
-CVE-2015-1780
- RESERVED
+CVE-2015-1780 (oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can
attach a st ...)
NOT-FOR-US: oVirt Engine backend
CVE-2015-1779 (The VNC websocket frame decoder in QEMU allows remote attackers
to cau ...)
{DSA-3259-1}
@@ -228677,12 +228699,10 @@ CVE-2014-XXXX [install-sh: insecure use of /tmp]
NOTE: Neutralised by kernel hardening
CVE-2014-6252 (Buffer overflow in disp+work.exe 7000.52.12.34966 and
7200.117.19.5029 ...)
NOT-FOR-US: SAP NetWeaver
-CVE-2014-6311 [/tmp file vulnerability in generate_doxygen.pl]
- RESERVED
+CVE-2014-6311 (generate_doygen.pl in ace before 6.2.7+dfsg-2 creates
predictable file ...)
- ace 6.2.7+dfsg-2 (unimportant; bug #760709)
NOTE: Not installed into the binary packages
-CVE-2014-6310
- RESERVED
+CVE-2014-6310 (Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote
attacker ...)
- chicken <not-affected> (Affects only CHICKEN Scheme on the Android
platform)
CVE-2014-6270 (Off-by-one error in the snmpHandleUdp function in snmp_core.cc
in Squi ...)
- squid <removed> (unimportant)
@@ -235175,8 +235195,7 @@ CVE-2014-3587 (Integer overflow in the
cdf_read_property_info function in cdf.c
- file 1:5.19-2
CVE-2014-3586 (The default configuration for the Command Line Interface in Red
Hat En ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
-CVE-2014-3585
- RESERVED
+CVE-2014-3585 (redhat-upgrade-tool: Does not check GPG signatures when
upgrading vers ...)
NOT-FOR-US: redhat-upgrade-tool
CVE-2014-3584 (The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x
before 2.7. ...)
NOT-FOR-US: Apache CXF
@@ -239448,11 +239467,9 @@ CVE-2014-2236 (Multiple cross-site scripting (XSS)
vulnerabilities in Askbot bef
- askbot <itp> (bug #687966)
CVE-2014-2235 (Cross-site scripting (XSS) vulnerability in Askbot before
0.7.49 allow ...)
- askbot <itp> (bug #687966)
-CVE-2014-2214
- RESERVED
+CVE-2014-2214 (Multiple cross-site scripting (XSS) vulnerabilities in POSH
(aka Posh ...)
NOT-FOR-US: POSH web app (different from src:posh)
-CVE-2014-2213
- RESERVED
+CVE-2014-2213 (Open redirect vulnerability in the password reset functionality
in POS ...)
NOT-FOR-US: POSH web app (different from src:posh)
CVE-2014-2212 (The remember me feature in portal/scr_authentif.php in POSH
(aka Posh ...)
NOT-FOR-US: POSH web app (different from src:posh)
@@ -242138,8 +242155,7 @@ CVE-2014-1240
RESERVED
CVE-2014-1239
RESERVED
-CVE-2014-1238
- RESERVED
+CVE-2014-1238 (Cross-site scripting (XSS) vulnerability in
ui/common/managedlistdialo ...)
NOT-FOR-US: Q-Pulse
CVE-2014-1237 (Cross-site scripting (XSS) vulnerability in synetics i-doit pro
before ...)
NOT-FOR-US: i-doit
@@ -246032,14 +246048,11 @@ CVE-2013-6882 (Multiple cross-site scripting (XSS)
vulnerabilities in CRU Ditto
NOT-FOR-US: Ditto Forensic FieldStation
CVE-2013-6881 (CRU Ditto Forensic FieldStation with firmware before 2013Oct15a
allows ...)
NOT-FOR-US: Ditto Forensic FieldStation
-CVE-2013-6880
- RESERVED
+CVE-2013-6880 (Open redirect in proxy.php in FlashCanvas before 1.6 allows
remote att ...)
NOT-FOR-US: FlashCanvas
-CVE-2013-6879
- RESERVED
+CVE-2013-6879 (The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla!
allows ...)
NOT-FOR-US: MijoSearch
-CVE-2013-6878
- RESERVED
+CVE-2013-6878 (Cross-site scripting (XSS) vulnerability in the Mijosoft
MijoSearch co ...)
NOT-FOR-US: MijoSearch
CVE-2013-6877 (Heap-based buffer overflow in RealNetworks RealPlayer before
17.0.4.61 ...)
NOT-FOR-US: RealPlayer
@@ -246186,8 +246199,8 @@ CVE-2013-6813
RESERVED
CVE-2013-6812 (The ONEDC app before 1.7 for iOS does not properly verify X.509
certif ...)
NOT-FOR-US: ONEDC app
-CVE-2013-6811
- RESERVED
+CVE-2013-6811 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the D-Li ...)
+ TODO: check
CVE-2013-6810 (The server in Brocade Network Advisor before 12.1.0, as used in
EMC Co ...)
NOT-FOR-US: EMC Connectrix Manager Converged Network Edition
CVE-2013-6809 (Format string vulnerability in the client in Tftpd32 before
4.50 allow ...)
@@ -247830,8 +247843,8 @@ CVE-2013-6241 (The Birthday widget in the backend in
Open-Xchange (OX) AppSuite
NOT-FOR-US: Open-Xchange
CVE-2013-6240
RESERVED
-CVE-2013-6239
- RESERVED
+CVE-2013-6239 (Cross-site scripting (XSS) vulnerability in the photo gallery
model in ...)
+ TODO: check
CVE-2013-6238
RESERVED
CVE-2013-6237 (The ISL Desktop plugin for Windows before 1.4.7 for ISL Light
3.5.4 an ...)
@@ -247842,8 +247855,7 @@ CVE-2013-6236
CVE-2013-6235 (Multiple cross-site scripting (XSS) vulnerabilities in JAMon
(Java App ...)
- libjamon-java <not-affected> (jamon.war/JAMon web apps gets excluded
by debian/orig-tar.sh)
NOTE: http://seclists.org/bugtraq/2014/Jan/92
-CVE-2013-6234
- RESERVED
+CVE-2013-6234 (Unrestricted file upload vulnerability in the Worksheet
designer in Sp ...)
NOT-FOR-US: SpagoBI
CVE-2013-6233 (Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1
allows ...)
NOT-FOR-US: SpagoBI
@@ -264651,13 +264663,11 @@ CVE-2013-0205 (Cross-site request forgery (CSRF)
vulnerability in the RESTful We
CVE-2013-0204 (settings/personal.php in ownCloud 4.5.x before 4.5.6 allows
remote aut ...)
- owncloud <not-affected> (Vulnerably code not present, only affects
4.5 branch)
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-002/
-CVE-2013-0203 [XSS vulnerabilities]
- RESERVED
+CVE-2013-0203 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud
4.5.5, ...)
- owncloud 4.0.8debian-1.4 (bug #698737)
[wheezy] - owncloud 4.0.4debian2-3.3
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-001/
-CVE-2013-0202 [XSS vulnerabilities]
- RESERVED
+CVE-2013-0202 (Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5,
4.0.10, an ...)
- owncloud 4.0.8debian-1.4 (bug #698737)
[wheezy] - owncloud 4.0.4debian2-3.3
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-001/
@@ -265587,16 +265597,13 @@ CVE-2012-6080 (Directory traversal vulnerability in
the _do_attachment_move func
[wheezy] - moin 1.9.4-8+deb7u1
- moin 1.9.5-4 (bug #696949)
NOTE: Fix http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52
-CVE-2012-6079
- RESERVED
+CVE-2012-6079 (W3 Total Cache before 0.9.2.5 exposes sensitive cached database
inform ...)
NOT-FOR-US: W3 Total Cache
NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
-CVE-2012-6078
- RESERVED
+CVE-2012-6078 (W3 Total Cache before 0.9.2.5 generates hash keys insecurely
which all ...)
NOT-FOR-US: W3 Total Cache
NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
-CVE-2012-6077
- RESERVED
+CVE-2012-6077 (W3 Total Cache before 0.9.2.5 allows remote attackers to
retrieve pass ...)
NOT-FOR-US: W3 Total Cache
NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
CVE-2012-6076 (Inkscape before 0.48.4 reads .eps files from /tmp instead of
the curre ...)
@@ -273089,8 +273096,7 @@ CVE-2012-3408 (lib/puppet/network/authstore.rb in
Puppet before 2.7.18, and Pupp
NOTE: http://puppetlabs.com/security/cve/cve-2012-3408/
NOTE: There's no code fix, but this should be addressed in stable with
a NEWS file warning about this
NOTE: Fixed in 2.7.18 by updated docs
-CVE-2012-3407
- RESERVED
+CVE-2012-3407 (plow has local buffer overflow vulnerability ...)
NOT-FOR-US: plow
NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/6
NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/16
@@ -279428,8 +279434,7 @@ CVE-2012-0878 (Paste Script 1.7.5 and earlier does
not properly set group member
- pastescript 1.7.5-2 (low; bug #661061)
[squeeze] - pastescript <no-dsa> (Minor issue)
NOTE:
https://groups.google.com/d/topic/paste-users/KqZRujMcJHE/discussion
-CVE-2012-0877 [hash table collisions CPU usage DoS]
- RESERVED
+CVE-2012-0877 (PyXML: Hash table collisions CPU usage Denial of Service ...)
- python-xml <removed>
CVE-2012-0876 (The XML parser (xmlparse.c) in expat before 2.1.0 computes hash
values ...)
{DSA-2525-1}
@@ -279628,8 +279633,7 @@ CVE-2012-0814 (The auth_parse_options function in
auth-options.c in sshd in Open
CVE-2012-0813 (Wicd before 1.7.1 saves sensitive information in log files in
/var/log ...)
- wicd 1.7.1~b3-4 (unimportant; bug #652417)
NOTE: Not a security issue per se, logfile only accessible by root:adm
-CVE-2012-0812 [PostfixAdmin 2.3.4 multiple XSS vulnerabilities]
- RESERVED
+CVE-2012-0812 (PostfixAdmin 2.3.4 has multiple XSS vulnerabilities ...)
- postfixadmin 2.3.5-1
NOTE: http://seclists.org/oss-sec/2012/q1/285
CVE-2012-0811 (Multiple SQL injection vulnerabilities in Postfix Admin (aka
postfixad ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/64008dba56191738ee44718d5382807824f0f5da
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/64008dba56191738ee44718d5382807824f0f5da
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
