Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1e64335e by security tracker role at 2019-01-15T08:10:14Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,43 @@ +CVE-2019-6293 (An issue was discovered in the function mark_beginning_as_normal in ...) + TODO: check +CVE-2019-6292 (An issue was discovered in singledocparser.cpp in yaml-cpp (aka ...) + TODO: check +CVE-2019-6291 (An issue was discovered in the function expr6 in eval.c in Netwide ...) + TODO: check +CVE-2019-6290 (An infinite recursion issue was discovered in eval.c in Netwide ...) + TODO: check +CVE-2019-6289 (uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows ...) + TODO: check +CVE-2019-6288 + RESERVED +CVE-2019-6287 + RESERVED +CVE-2019-6286 (In LibSass 3.5.5, a heap-based buffer over-read exists in ...) + TODO: check +CVE-2019-6285 (The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka ...) + TODO: check +CVE-2019-6284 (In LibSass 3.5.5, a heap-based buffer over-read exists in ...) + TODO: check +CVE-2019-6283 (In LibSass 3.5.5, a heap-based buffer over-read exists in ...) + TODO: check +CVE-2019-6282 + RESERVED +CVE-2019-6281 + RESERVED +CVE-2019-6280 + RESERVED +CVE-2019-6279 + RESERVED +CVE-2018-20712 (A heap-based buffer over-read exists in the function d_expression_1 in ...) + TODO: check +CVE-2018-20711 + RESERVED +CVE-2018-20710 + RESERVED +CVE-2018-20709 + RESERVED +CVE-2018-20708 + RESERVED CVE-2019-6278 (XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with ...) NOT-FOR-US: JPress CVE-2019-6277 @@ -20,8 +60,8 @@ CVE-2019-6269 RESERVED CVE-2019-6268 RESERVED -CVE-2019-6267 - RESERVED +CVE-2019-6267 (The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for ...) + TODO: check CVE-2019-6266 RESERVED CVE-2019-6265 @@ -67,6 +107,7 @@ CVE-2019-6251 (embed/ephy-web-view.c in GNOME Web (aka Epiphany) through 3.31.4 CVE-2019-6249 (An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability ...) NOT-FOR-US: HuCart CVE-2019-6250 (A pointer overflow, with code execution, was discovered in ZeroMQ ...) + {DSA-4368-1} - zeromq3 4.3.1-1 (bug #919098) [jessie] - zeromq3 <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/zeromq/libzmq/issues/3351 @@ -9857,19 +9898,25 @@ CVE-2018-20073 [chromium stores download meta data in extended attributes] CVE-2018-20072 RESERVED CVE-2018-20071 (Insufficiently strict origin checks during JIT payment app ...) + {DSA-4330-1} - chromium-browser 70.0.3538.67-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) CVE-2018-20070 (Incorrect handling of confusable characters in URL Formatter in Google ...) + {DSA-4352-1} - chromium 71.0.3578.80-1 CVE-2018-20069 (Failure to prevent navigation to top frame to data URLs in Navigation ...) - chromium <not-affected> (Specific to iOS) CVE-2018-20068 (Incorrect handling of 304 status codes in Navigation in Google Chrome ...) + {DSA-4352-1} - chromium 71.0.3578.80-1 CVE-2018-20067 (A renderer initiated back navigation was incorrectly allowed to cancel ...) + {DSA-4352-1} - chromium 71.0.3578.80-1 CVE-2018-20066 (Incorrect object lifecycle in Extensions in Google Chrome prior to ...) + {DSA-4352-1} - chromium 71.0.3578.80-1 CVE-2018-20065 (Handling of URI action in PDFium in Google Chrome prior to ...) + {DSA-4352-1} - chromium 71.0.3578.80-1 CVE-2018-20064 (doorGets 7.0 allows remote attackers to write to arbitrary files via ...) NOT-FOR-US: doorGets @@ -16090,9 +16137,11 @@ CVE-2018-19368 CVE-2018-19367 (Portainer through 1.19.2 provides an API endpoint ...) NOT-FOR-US: Portainer CVE-2018-19966 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) + {DSA-4369-1} - xen 4.11.1-1 NOTE: https://xenbits.xen.org/xsa/advisory-280.txt CVE-2018-19965 (An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest ...) + {DSA-4369-1} - xen 4.11.1-1 NOTE: https://xenbits.xen.org/xsa/advisory-279.txt CVE-2018-19964 (An issue was discovered in Xen 4.11.x allowing x86 guest OS users to ...) @@ -16106,9 +16155,11 @@ CVE-2018-19963 (An issue was discovered in Xen 4.11 allowing HVM guest OS users [jessie] - xen <not-affected> (Only affects 4.11) NOTE: https://xenbits.xen.org/xsa/advisory-276.txt CVE-2018-19962 (An issue was discovered in Xen through 4.11.x on AMD x86 platforms, ...) + {DSA-4369-1} - xen 4.11.1-1 NOTE: https://xenbits.xen.org/xsa/advisory-275.txt CVE-2018-19961 (An issue was discovered in Xen through 4.11.x on AMD x86 platforms, ...) + {DSA-4369-1} - xen 4.11.1-1 NOTE: https://xenbits.xen.org/xsa/advisory-275.txt CVE-2018-19366 @@ -17026,7 +17077,7 @@ CVE-2018-19117 CVE-2018-19116 RESERVED CVE-2018-19967 (An issue was discovered in Xen through 4.11.x on Intel x86 platforms ...) - {DLA-1577-1} + {DSA-4369-1 DLA-1577-1} - xen 4.11.1-1 NOTE: https://xenbits.xen.org/xsa/advisory-282.txt CVE-2018-19115 (keepalived before 2.0.7 has a heap-based buffer overflow when parsing ...) @@ -22600,8 +22651,7 @@ CVE-2018-16889 [debug logging for v4 auth does not sanitize encryption keys] NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1665334 NOTE: http://tracker.ceph.com/issues/37847 NOTE: https://github.com/ceph/ceph/commit/ba55e2a96c9dfcc7aa2311431beaaa23cb05c30d -CVE-2018-16888 [kills privileged process if unprivileged PIDFile was tampered] - RESERVED +CVE-2018-16888 (It was discovered systemd does not correctly check the content of ...) - systemd 237-1 [jessie] - systemd <no-dsa> (low priority because this is inherently a bug in the PID file logic) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1662867 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e64335ef412de2b2d656e2a9a3bae3aa9f91e64 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e64335ef412de2b2d656e2a9a3bae3aa9f91e64 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits