[Git][security-tracker-team/security-tracker][master] Reassociate some older NFUs with the php-laravel-framework source package

Salvatore Bonaccorso (@carnil) Wed, 15 Dec 2021 13:31:32 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d3c12a26 by Salvatore Bonaccorso at 2021-12-15T22:30:45+01:00
Reassociate some older NFUs with the php-laravel-framework source package

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -84827,9 +84827,11 @@ CVE-2020-24943
 CVE-2020-24942
        RESERVED
 CVE-2020-24941 (An issue was discovered in Laravel before 6.18.35 and 7.x 
before 7.24. ...)
-       NOT-FOR-US: Laravel
+       - php-laravel-framework <not-affected> (Fixed before initial upload to 
Debian)
+       NOTE: https://blog.laravel.com/security-release-laravel-61835-7240
 CVE-2020-24940 (An issue was discovered in Laravel before 6.18.34 and 7.x 
before 7.23. ...)
-       NOT-FOR-US: Laravel
+       - php-laravel-framework <not-affected> (Fixed before initial upload to 
Debian)
+       NOTE: https://blog.laravel.com/security-release-laravel-61834-7232
 CVE-2020-24939 (Prototype pollution in Stampit supermixer 1.0.3 allows an 
attacker to  ...)
        NOT-FOR-US: Stampit supermixer
 CVE-2020-24938
@@ -179766,7 +179768,7 @@ CVE-2018-20787 (The ft5x46 touchscreen driver for 
custom Linux kernels on the Xi
 CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and 
other pro ...)
        NOT-FOR-US: ThinkPHP
 CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a 
deserializat ...)
-       NOT-FOR-US: Laravel Framework
+       - php-laravel-framework <undetermined>
 CVE-2019-9080 (DomainMOD before 4.14.0 uses MD5 without a salt for password 
storage. ...)
        NOT-FOR-US: DomainMOD
 CVE-2019-9079
@@ -216254,7 +216256,7 @@ CVE-2018-15135
 CVE-2018-15134
        RESERVED
 CVE-2018-15133 (In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, 
remote c ...)
-       NOT-FOR-US: Laravel
+       - php-laravel-framework <not-affected> (Fixed before initial upload to 
Debian)
 CVE-2018-15132 (An issue was discovered in ext/standard/link_win32.c in PHP 
before 5.6 ...)
        - php7.2 <not-affected> (Windows-specific)
        - php7.1 <not-affected> (Windows-specific)
@@ -240763,7 +240765,7 @@ CVE-2018-6332 (A potential denial-of-service issue in 
the Proxygen handling of i
 CVE-2018-6331 (Buck parser-cache command loads/saves state using Java 
serialized obje ...)
        NOT-FOR-US: Buck parser-cache
 CVE-2018-6330 (Laravel 5.4.15 is vulnerable to Error based SQL injection in 
save.php  ...)
-       NOT-FOR-US: Laravel Framework
+       - php-laravel-framework <undetermined>
 CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0 
libbpex ...)
        NOT-FOR-US: Unitrends Backup
 CVE-2018-6328 (It was discovered that the Unitrends Backup (UB) before 10.1.0 
user in ...)
@@ -259776,7 +259778,7 @@ CVE-2017-16896 (A SQL injection in 
classes/handler/public.php in the forgotpass
 CVE-2017-16895 (The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, 
(4) arqgl ...)
        NOT-FOR-US: Arq
 CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can 
obtain sensi ...)
-       NOT-FOR-US: Laravel framework
+       - php-laravel-framework <undetermined>
 CVE-2017-16893 (The application Piwigo is affected by an SQL injection 
vulnerability i ...)
        - piwigo <removed>
 CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename 
functio ...)
@@ -266607,7 +266609,8 @@ CVE-2017-14777
 CVE-2017-14776
        REJECTED
 CVE-2017-14775 (Laravel before 5.5.10 mishandles the remember_me token 
verification pr ...)
-       NOT-FOR-US: Laravel
+       - php-laravel-framework <not-affected> (Fixed before initial upload to 
Debian)
+       NOTE: https://github.com/laravel/framework/pull/21320
 CVE-2017-14774
        RESERVED
 CVE-2017-14773 (Skybox Manager Client Application prior to 8.5.501 is prone to 
an elev ...)
@@ -283069,7 +283072,7 @@ CVE-2017-9310 (QEMU (aka Quick Emulator), when built 
with the e1000e NIC emulati
        [wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
        NOTE: Fixed by: 
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4154c7e03fa55b4cf52509a83d50d6c09d743b77
 CVE-2017-9303 (Laravel 5.4.x before 5.4.22 does not properly constrain the 
host porti ...)
-       NOT-FOR-US: Laravel
+       - php-laravel-framework <not-affected> (Fixed before initial upload to 
Debian)
 CVE-2017-9302 (RealPlayer 16.0.2.32 allows remote attackers to cause a denial 
of serv ...)
        NOT-FOR-US: RealPlayer
 CVE-2017-9301 (plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN 
VLC media ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3c12a26236ba1f0aad9599570f42d83d893a8b4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3c12a26236ba1f0aad9599570f42d83d893a8b4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reassociate some older NFUs with the php-laravel-framework source package

Reply via email to