Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5ccc3367 by security tracker role at 2019-01-09T20:10:52Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,43 @@ +CVE-2019-5753 + RESERVED +CVE-2019-5752 + RESERVED +CVE-2019-5751 + RESERVED +CVE-2019-5750 + RESERVED +CVE-2019-5749 + RESERVED +CVE-2019-5748 (In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might ...) + TODO: check +CVE-2019-5747 (An issue was discovered in BusyBox through 1.30.0. An out of bounds ...) + TODO: check +CVE-2019-5746 + RESERVED +CVE-2019-5745 + RESERVED +CVE-2019-5744 + RESERVED +CVE-2019-5743 + RESERVED +CVE-2019-5742 + RESERVED +CVE-2019-5741 + RESERVED +CVE-2019-5740 + RESERVED +CVE-2019-5739 + RESERVED +CVE-2019-5738 + RESERVED +CVE-2019-5737 + RESERVED +CVE-2018-20680 (Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. ...) + TODO: check +CVE-2018-20679 (An issue was discovered in BusyBox before 1.30.0. An out of bounds read ...) + TODO: check +CVE-2018-20678 + RESERVED CVE-2019-5736 RESERVED CVE-2019-5735 @@ -4365,8 +4405,8 @@ CVE-2019-3583 RESERVED CVE-2019-3582 RESERVED -CVE-2019-3581 - RESERVED +CVE-2019-3581 (Improper input validation in the proxy component of McAfee Web Gateway ...) + TODO: check CVE-2018-20664 (Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via ...) NOT-FOR-US: Zoho ManageEngine ADSelfService Plus CVE-2018-20663 (The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA ...) @@ -8532,20 +8572,20 @@ CVE-2018-20073 [chromium stores download meta data in extended attributes] - chromium <unfixed> CVE-2018-20072 RESERVED -CVE-2018-20071 - RESERVED -CVE-2018-20070 - RESERVED -CVE-2018-20069 - RESERVED -CVE-2018-20068 - RESERVED -CVE-2018-20067 - RESERVED -CVE-2018-20066 - RESERVED -CVE-2018-20065 - RESERVED +CVE-2018-20071 (Insufficiently strict origin checks during JIT payment app ...) + TODO: check +CVE-2018-20070 (Incorrect handling of confusable characters in URL Formatter in Google ...) + TODO: check +CVE-2018-20069 (Failure to prevent navigation to top frame to data URLs in Navigation ...) + TODO: check +CVE-2018-20068 (Incorrect handling of 304 status codes in Navigation in Google Chrome ...) + TODO: check +CVE-2018-20067 (A renderer initiated back navigation was incorrectly allowed to cancel ...) + TODO: check +CVE-2018-20066 (Incorrect object lifecycle in Extensions in Google Chrome prior to ...) + TODO: check +CVE-2018-20065 (Handling of URI action in PDFium in Google Chrome prior to ...) + TODO: check CVE-2018-20064 (doorGets 7.0 allows remote attackers to write to arbitrary files via ...) NOT-FOR-US: doorGets CVE-2018-20063 @@ -13481,8 +13521,8 @@ CVE-2019-0544 RESERVED CVE-2019-0543 (An elevation of privilege vulnerability exists when Windows improperly ...) TODO: check -CVE-2019-0542 - RESERVED +CVE-2019-0542 (A remote code execution vulnerability exists in Xterm.js when the ...) + TODO: check CVE-2019-0541 (A remote code execution vulnerability exists in the way that the ...) TODO: check CVE-2019-0540 @@ -19807,7 +19847,7 @@ CVE-2018-17483 RESERVED CVE-2018-17482 RESERVED -CVE-2018-17481 (Incorrect object lifecycle in PDFium in Google Chrome prior to ...) +CVE-2018-17481 (Incorrect object lifecycle handling in PDFium in Google Chrome prior ...) {DSA-4352-1} - chromium 71.0.3578.80-1 CVE-2018-17480 (Execution of user supplied Javascript during array deserialization ...) @@ -19851,8 +19891,7 @@ CVE-2018-17471 (Incorrect dialog placement in WebContents in Google Chrome prior {DSA-4330-1} - chromium-browser 70.0.3538.67-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-17470 - RESERVED +CVE-2018-17470 (A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 ...) {DSA-4330-1} - chromium-browser 70.0.3538.67-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -19892,12 +19931,12 @@ CVE-2018-17462 (Incorrect refcounting in AppCache in Google Chrome prior to ...) {DSA-4330-1} - chromium-browser 70.0.3538.67-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-17461 - RESERVED +CVE-2018-17461 (An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 ...) + TODO: check CVE-2018-17460 RESERVED -CVE-2018-17457 - RESERVED +CVE-2018-17457 (An object lifecycle issue in Blink could lead to a use after free in ...) + TODO: check CVE-2018-17456 (Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x ...) {DSA-4311-1 DLA-1533-1} - git 1:2.19.1-1 @@ -21512,13 +21551,11 @@ CVE-2018-16947 (An issue was discovered in OpenAFS before 1.6.23 and 1.8.x befor {DSA-4302-1 DLA-1513-1} - openafs 1.8.2-1 (bug #908616) NOTE: http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt -CVE-2018-17458 [function signature mismatch in webassembly] - RESERVED +CVE-2018-17458 (An improper update of the WebAssembly dispatch table in WebAssembly in ...) {DSA-4297-1} - chromium-browser 69.0.3497.92-1 (bug #908806) [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-17459 [url spoofing in omnibox] - RESERVED +CVE-2018-17459 (Incorrect handling of clicks in the omnibox in Navigation in Google ...) {DSA-4297-1} - chromium-browser 69.0.3497.92-1 (bug #908806) [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -23389,13 +23426,11 @@ CVE-2018-16090 (In System Management Module (SMM) versions prior to 1.06, the SM NOT-FOR-US: Lenovo / System Management Module (SMM) CVE-2018-16089 (In System Management Module (SMM) versions prior to 1.06, a field in ...) NOT-FOR-US: Lenovo / System Management Module (SMM) -CVE-2018-16088 - RESERVED +CVE-2018-16088 (A missing check for JS-simulated input events in Blink in Google ...) {DSA-4289-1} - chromium-browser 69.0.3497.81-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-16087 - RESERVED +CVE-2018-16087 (Lack of proper state tracking in Permissions in Google Chrome prior to ...) {DSA-4289-1} - chromium-browser 69.0.3497.81-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -23404,43 +23439,35 @@ CVE-2018-16086 {DSA-4289-1} - chromium-browser 69.0.3497.81-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-16085 - RESERVED +CVE-2018-16085 (A use after free in ResourceCoordinator in Google Chrome prior to ...) {DSA-4289-1} - chromium-browser 69.0.3497.81-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-16084 - RESERVED +CVE-2018-16084 (The default selected dialog button in CustomHandlers in Google Chrome ...) {DSA-4289-1} - chromium-browser 69.0.3497.81-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-16083 - RESERVED +CVE-2018-16083 (An out of bounds read in forward error correction code in WebRTC in ...) {DSA-4289-1} - chromium-browser 69.0.3497.81-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-16082 - RESERVED +CVE-2018-16082 (An out of bounds read in Swiftshader in Google Chrome prior to ...) {DSA-4289-1} - chromium-browser 69.0.3497.81-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-16081 - RESERVED +CVE-2018-16081 (Allowing the chrome.debugger API to run on file:// URLs in DevTools in ...) {DSA-4289-1} - chromium-browser 69.0.3497.81-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-16080 - RESERVED +CVE-2018-16080 (A missing check for popup window handling in Fullscreen in Google ...) {DSA-4289-1} - chromium-browser 69.0.3497.81-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-16079 - RESERVED +CVE-2018-16079 (A race condition between permission prompts and navigations in Prompts ...) {DSA-4289-1} - chromium-browser 69.0.3497.81-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-16078 - RESERVED +CVE-2018-16078 (Unsafe handling of credit card details in Autofill in Google Chrome ...) {DSA-4289-1} - chromium-browser 69.0.3497.81-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -23449,8 +23476,7 @@ CVE-2018-16077 {DSA-4289-1} - chromium-browser 69.0.3497.81-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-16076 - RESERVED +CVE-2018-16076 (Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 ...) {DSA-4289-1} - chromium-browser 69.0.3497.81-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -23469,11 +23495,9 @@ CVE-2018-16073 {DSA-4289-1} - chromium-browser 69.0.3497.81-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-16072 - RESERVED +CVE-2018-16072 (A missing origin check related to HLS manifests in Blink in Google ...) - chromium-browser <not-affected> (Android-specific) -CVE-2018-16071 - RESERVED +CVE-2018-16071 (A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 ...) {DSA-4289-1} - chromium-browser 69.0.3497.81-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -23487,23 +23511,19 @@ CVE-2018-16069 {DSA-4289-1} - chromium-browser 69.0.3497.81-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-16068 - RESERVED +CVE-2018-16068 (Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 ...) {DSA-4289-1} - chromium-browser 69.0.3497.81-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-16067 - RESERVED +CVE-2018-16067 (A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 ...) {DSA-4289-1} - chromium-browser 69.0.3497.81-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-16066 - RESERVED +CVE-2018-16066 (A use after free in Blink in Google Chrome prior to 69.0.3497.81 ...) {DSA-4289-1} - chromium-browser 69.0.3497.81-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-16065 - RESERVED +CVE-2018-16065 (A Javascript reentrancy issues that caused a use-after-free in V8 in ...) {DSA-4289-1} - chromium-browser 69.0.3497.81-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50294,13 +50314,11 @@ CVE-2017-18075 (crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles fr NOTE: Fixed by: https://git.kernel.org/linus/d76c68109f37cb85b243a1cf0f40313afd2bae68 CVE-2018-1000018 (An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 ...) NOT-FOR-US: ovirt-engine -CVE-2018-6179 - RESERVED +CVE-2018-6179 (Insufficient enforcement of file access permission in the activeTab ...) {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-6178 - RESERVED +CVE-2018-6178 (Eliding from the wrong side in an infobar in DevTools in Google Chrome ...) {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50314,23 +50332,19 @@ CVE-2018-6176 {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-6175 - RESERVED +CVE-2018-6175 (Incorrect handling of confusable characters in URL Formatter in Google ...) {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-6174 - RESERVED +CVE-2018-6174 (Integer overflows in Swiftshader in Google Chrome prior to ...) {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-6173 - RESERVED +CVE-2018-6173 (Incorrect handling of confusable characters in URL Formatter in Google ...) {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-6172 - RESERVED +CVE-2018-6172 (Incorrect handling of confusable characters in URL Formatter in Google ...) {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50339,13 +50353,11 @@ CVE-2018-6171 {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-6170 - RESERVED +CVE-2018-6170 (A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a ...) {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-6169 - RESERVED +CVE-2018-6169 (Lack of timeout on extension install prompt in Extensions in Google ...) {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50354,33 +50366,27 @@ CVE-2018-6168 {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-6167 - RESERVED +CVE-2018-6167 (Incorrect handling of confusable characters in URL Formatter in Google ...) {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-6166 - RESERVED +CVE-2018-6166 (Incorrect handling of confusable characters in URL Formatter in Google ...) {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-6165 - RESERVED +CVE-2018-6165 (Incorrect handling of reloads in Navigation in Google Chrome prior to ...) {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-6164 - RESERVED +CVE-2018-6164 (Insufficient origin checks for CSS content in Blink in Google Chrome ...) {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-6163 - RESERVED +CVE-2018-6163 (Incorrect handling of confusable characters in URL Formatter in Google ...) {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-6162 - RESERVED +CVE-2018-6162 (Improper deserialization in WebGL in Google Chrome on Mac prior to ...) {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50389,16 +50395,14 @@ CVE-2018-6161 {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-6160 - RESERVED +CVE-2018-6160 (JavaScript alert handling in Prompts in Google Chrome prior to ...) - chromium-browser <not-affected> (Only affects Chrome on iOS) CVE-2018-6159 RESERVED {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-6158 - RESERVED +CVE-2018-6158 (A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 ...) {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50422,8 +50426,7 @@ CVE-2018-6154 {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-6153 - RESERVED +CVE-2018-6153 (A precision error in Skia in Google Chrome prior to 68.0.3440.75 ...) {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50431,8 +50434,7 @@ CVE-2018-6152 (The implementation of the Page.downloadBehavior backend ...) {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-6151 - RESERVED +CVE-2018-6151 (Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS ...) {DSA-4256-1} - chromium-browser 68.0.3440.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50451,8 +50453,7 @@ CVE-2018-6148 {DSA-4237-1} - chromium-browser 67.0.3396.79-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) -CVE-2018-6147 - RESERVED +CVE-2018-6147 (Lack of secure text entry mode in Browser UI in Google Chrome on Mac ...) {DSA-4237-1} - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50465,14 +50466,12 @@ CVE-2018-6145 - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6144 - RESERVED +CVE-2018-6144 (Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 ...) {DSA-4237-1} - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6143 - RESERVED +CVE-2018-6143 (Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 ...) {DSA-4237-1} - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50483,20 +50482,17 @@ CVE-2018-6142 - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6141 - RESERVED +CVE-2018-6141 (Insufficient validation of an image filter in Skia in Google Chrome ...) {DSA-4237-1} - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6140 - RESERVED +CVE-2018-6140 (Allowing the chrome.debugger API to attach to Web UI pages in DevTools ...) {DSA-4237-1} - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6139 - RESERVED +CVE-2018-6139 (Insufficient target checks on the chrome.debugger API in DevTools in ...) {DSA-4237-1} - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50507,8 +50503,7 @@ CVE-2018-6138 - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6137 - RESERVED +CVE-2018-6137 (CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed ...) {DSA-4237-1} - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50519,8 +50514,7 @@ CVE-2018-6136 - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6135 - RESERVED +CVE-2018-6135 (Lack of clearing the previous site before loading alerts from a new ...) {DSA-4237-1} - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50531,8 +50525,7 @@ CVE-2018-6134 - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6133 - RESERVED +CVE-2018-6133 (Incorrect handling of confusable characters in URL Formatter in Google ...) {DSA-4237-1} - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50564,14 +50557,12 @@ CVE-2018-6129 CVE-2018-6128 RESERVED - chromium-browser <not-affected> (ios specific) -CVE-2018-6127 - RESERVED +CVE-2018-6127 (Early free of object in use in IndexDB in Google Chrome prior to ...) {DSA-4237-1} - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6126 - RESERVED +CVE-2018-6126 (A precision error in Skia in Google Chrome prior to 67.0.3396.62 ...) {DSA-4237-1 DSA-4220-1} - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50586,14 +50577,12 @@ CVE-2018-6125 - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6124 - RESERVED +CVE-2018-6124 (Type confusion in ReadableStreams in Blink in Google Chrome prior to ...) {DSA-4237-1} - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6123 - RESERVED +CVE-2018-6123 (A use after free in Blink in Google Chrome prior to 67.0.3396.62 ...) {DSA-4237-1} - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50610,8 +50599,7 @@ CVE-2018-6121 - chromium-browser 66.0.3359.181-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6120 - RESERVED +CVE-2018-6120 (An integer overflow that could lead to an attacker-controlled heap ...) {DSA-4237-1} - chromium-browser 66.0.3359.181-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50626,8 +50614,7 @@ CVE-2018-6118 - chromium-browser 66.0.3359.139-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6117 - RESERVED +CVE-2018-6117 (Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 ...) {DSA-4182-1} - chromium-browser 66.0.3359.117-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50639,38 +50626,32 @@ CVE-2018-6116 (A nullptr dereference in WebAssembly in Google Chrome prior to .. [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2018-6115 (Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file ...) - chromium-browser <not-affected> (windows specific) -CVE-2018-6114 - RESERVED +CVE-2018-6114 (Incorrect enforcement of CSP for <object> tags in Blink in Google ...) {DSA-4182-1} - chromium-browser 66.0.3359.117-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6113 - RESERVED +CVE-2018-6113 (Improper handling of pending navigation entries in Navigation in ...) {DSA-4182-1} - chromium-browser 66.0.3359.117-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6112 - RESERVED +CVE-2018-6112 (Making URLs clickable and allowing them to be styled in DevTools in ...) {DSA-4182-1} - chromium-browser 66.0.3359.117-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6111 - RESERVED +CVE-2018-6111 (An object lifetime issue in the developer tools network handler in ...) {DSA-4182-1} - chromium-browser 66.0.3359.117-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6110 - RESERVED +CVE-2018-6110 (Parsing documents as HTML in Downloads in Google Chrome prior to ...) {DSA-4182-1} - chromium-browser 66.0.3359.117-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6109 - RESERVED +CVE-2018-6109 (readAsText() can indefinitely read the file picked by the user, rather ...) {DSA-4182-1} - chromium-browser 66.0.3359.117-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50685,8 +50666,7 @@ CVE-2018-6107 (Incorrect handling of confusable characters in URL Formatter in G - chromium-browser 66.0.3359.117-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6106 - RESERVED +CVE-2018-6106 (An asynchronous generator may return an incorrect state in V8 in ...) {DSA-4182-1} - chromium-browser 66.0.3359.117-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50716,13 +50696,12 @@ CVE-2018-6101 (A lack of host validation in DevTools in Google Chrome prior to . - chromium-browser 66.0.3359.117-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6100 - RESERVED +CVE-2018-6100 (Incorrect handling of confusable characters in URL Formatter in Google ...) {DSA-4182-1} - chromium-browser 66.0.3359.117-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6099 (A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.106 ...) +CVE-2018-6099 (A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 ...) {DSA-4182-1} - chromium-browser 66.0.3359.117-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50732,14 +50711,12 @@ CVE-2018-6098 (Incorrect handling of confusable characters in URL Formatter in G - chromium-browser 66.0.3359.117-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6097 - RESERVED +CVE-2018-6097 (Incorrect handling of asynchronous methods in Fullscreen in Google ...) {DSA-4182-1} - chromium-browser 66.0.3359.117-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6096 - RESERVED +CVE-2018-6096 (A JavaScript focused window could overlap the fullscreen notification ...) {DSA-4182-1} - chromium-browser 66.0.3359.117-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50754,8 +50731,7 @@ CVE-2018-6094 (Inline metadata in GarbageCollection in Google Chrome prior to .. - chromium-browser 66.0.3359.117-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6093 - RESERVED +CVE-2018-6093 (Insufficient origin checks in Blink in Google Chrome prior to ...) {DSA-4182-1} - chromium-browser 66.0.3359.117-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50765,8 +50741,7 @@ CVE-2018-6092 (An integer overflow on 32-bit systems in WebAssembly in Google Ch - chromium-browser 66.0.3359.117-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6091 - RESERVED +CVE-2018-6091 (Service Workers can intercept any request made by an <embed> or ...) {DSA-4182-1} - chromium-browser 66.0.3359.117-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -50801,8 +50776,7 @@ CVE-2018-6085 (Re-entry of a destructor in Networking Disk Cache in Google Chrom - chromium-browser 66.0.3359.117-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6084 - RESERVED +CVE-2018-6084 (Insufficiently sanitized distributed objects in Updater in Google ...) - chromium-browser <not-affected> (Specific to MacOS) CVE-2018-6083 (Failure to disallow PWA installation from CSP sandboxed pages in ...) {DSA-4182-1} @@ -50941,8 +50915,7 @@ CVE-2018-6057 (Lack of special casing of Android ashmem in Google Chrome prior t - chromium-browser 65.0.3325.146-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6056 - RESERVED +CVE-2018-6056 (Type confusion could lead to a heap out-of-bounds write in V8 in ...) {DSA-4182-1} [experimental] - chromium-browser 65.0.3325.73-1 - chromium-browser 65.0.3325.146-1 @@ -73584,8 +73557,8 @@ CVE-2017-15429 (Inappropriate implementation in V8 WebAssembly JS bindings in Go [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - libv8 <unfixed> (unimportant) NOTE: libv8 not covered by security support -CVE-2017-15428 - RESERVED +CVE-2017-15428 (Insufficient data validation in V8 builtins string generator could ...) + TODO: check CVE-2017-15427 (Insufficient policy enforcement in Omnibox in Google Chrome prior to ...) {DSA-4064-1} - chromium-browser 63.0.3239.84-1 @@ -73620,7 +73593,7 @@ CVE-2017-15422 (Integer overflow in international date handling in International NOTE: Issue fixed in: https://ssl.icu-project.org/trac/changeset/40654 CVE-2017-15421 RESERVED -CVE-2017-15420 (Inappropriate implementation in browser navigation in Google Chrome ...) +CVE-2017-15420 (Incorrect handling of back navigations in error pages in Navigation in ...) {DSA-4103-1 DSA-4064-1} - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -73695,16 +73668,16 @@ CVE-2017-15406 (A stack buffer overflow in V8 in Google Chrome prior to 62.0.320 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - libv8 <unfixed> (unimportant) NOTE: libv8 not covered by security support -CVE-2017-15405 - RESERVED -CVE-2017-15404 - RESERVED -CVE-2017-15403 - RESERVED -CVE-2017-15402 - RESERVED -CVE-2017-15401 - RESERVED +CVE-2017-15405 (Inappropriate symlink handling and a race condition in the stateful ...) + TODO: check +CVE-2017-15404 (An ability to process crash dumps under root privileges and ...) + TODO: check +CVE-2017-15403 (Insufficient data validation in crosh could lead to a command ...) + TODO: check +CVE-2017-15402 (Using an ID that can be controlled by a compromised renderer which ...) + TODO: check +CVE-2017-15401 (A memory corruption bug in WebAssembly could lead to out of bounds ...) + TODO: check CVE-2017-15400 (Insufficient restriction of IPP filters in CUPS in Google Chrome OS ...) {DSA-4243-1} - cups 2.2.3-2 @@ -83591,8 +83564,8 @@ CVE-2017-12202 RESERVED CVE-2017-12201 RESERVED -CVE-2016-10403 - RESERVED +CVE-2016-10403 (Insufficient data validation on image data in PDFium in Google Chrome ...) + TODO: check CVE-2017-12425 (An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, ...) {DSA-3924-1} - varnish 5.0.0-7.1 (bug #870467) @@ -118407,8 +118380,7 @@ CVE-2016-9652 {DSA-3731-1} - chromium-browser 55.0.2883.75-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2016-9651 - RESERVED +CVE-2016-9651 (A missing check for whether a property of a JS object is private in V8 ...) {DSA-3731-1} - chromium-browser 55.0.2883.75-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5ccc3367638c52653e2347fa17686e5583ada6ae -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5ccc3367638c52653e2347fa17686e5583ada6ae You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits