Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8fd6ff80 by Moritz Muehlenhoff at 2022-07-12T10:27:07+02:00
three laraval issues n/a
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -225400,7 +225400,8 @@ CVE-2018-20787 (The ft5x46 touchscreen driver for
custom Linux kernels on the Xi
CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and
other pro ...)
NOT-FOR-US: ThinkPHP
CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a
deserializat ...)
- - php-laravel-framework <undetermined>
+ - php-laravel-framework <not-affected> (Fixed before initial upload to
archive)
+ NOTE: https://security.snyk.io/vuln/SNYK-PHP-LARAVELFRAMEWORK-174529
CVE-2019-9080 (DomainMOD before 4.14.0 uses MD5 without a salt for password
storage. ...)
NOT-FOR-US: DomainMOD
CVE-2019-9079
@@ -286404,7 +286405,7 @@ CVE-2018-6332 (A potential denial-of-service issue in
the Proxygen handling of i
CVE-2018-6331 (Buck parser-cache command loads/saves state using Java
serialized obje ...)
NOT-FOR-US: Buck parser-cache
CVE-2018-6330 (Laravel 5.4.15 is vulnerable to Error based SQL injection in
save.php ...)
- - php-laravel-framework <undetermined>
+ - php-laravel-framework <not-affected> (Fixed before initial upload to
archive)
CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0
libbpex ...)
NOT-FOR-US: Unitrends Backup
CVE-2018-6328 (It was discovered that the Unitrends Backup (UB) before 10.1.0
user in ...)
@@ -305407,7 +305408,8 @@ CVE-2017-16896 (A SQL injection in
classes/handler/public.php in the forgotpass
CVE-2017-16895 (The (1) arq_updater, (2) arqcommitter, (3) standardrestorer,
(4) arqgl ...)
NOT-FOR-US: Arq
CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can
obtain sensi ...)
- - php-laravel-framework <undetermined>
+ - php-laravel-framework <not-affected> (Fixed before initial upload to
archive)
+ NOTE: https://security.snyk.io/vuln/SNYK-PHP-LARAVELFRAMEWORK-72070
CVE-2017-16893 (The application Piwigo is affected by an SQL injection
vulnerability i ...)
- piwigo <removed>
CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename
functio ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fd6ff80035d0332fd884bcbae94ae6c7cc651e0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fd6ff80035d0332fd884bcbae94ae6c7cc651e0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
