[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 15 Jan 2019 00:10:44 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1e64335e by security tracker role at 2019-01-15T08:10:14Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2019-6293 (An issue was discovered in the function 
mark_beginning_as_normal in ...)
+       TODO: check
+CVE-2019-6292 (An issue was discovered in singledocparser.cpp in yaml-cpp (aka 
...)
+       TODO: check
+CVE-2019-6291 (An issue was discovered in the function expr6 in eval.c in 
Netwide ...)
+       TODO: check
+CVE-2019-6290 (An infinite recursion issue was discovered in eval.c in Netwide 
...)
+       TODO: check
+CVE-2019-6289 (uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 
allows ...)
+       TODO: check
+CVE-2019-6288
+       RESERVED
+CVE-2019-6287
+       RESERVED
+CVE-2019-6286 (In LibSass 3.5.5, a heap-based buffer over-read exists in ...)
+       TODO: check
+CVE-2019-6285 (The SingleDocParser::HandleFlowSequence function in yaml-cpp 
(aka ...)
+       TODO: check
+CVE-2019-6284 (In LibSass 3.5.5, a heap-based buffer over-read exists in ...)
+       TODO: check
+CVE-2019-6283 (In LibSass 3.5.5, a heap-based buffer over-read exists in ...)
+       TODO: check
+CVE-2019-6282
+       RESERVED
+CVE-2019-6281
+       RESERVED
+CVE-2019-6280
+       RESERVED
+CVE-2019-6279
+       RESERVED
+CVE-2018-20712 (A heap-based buffer over-read exists in the function 
d_expression_1 in ...)
+       TODO: check
+CVE-2018-20711
+       RESERVED
+CVE-2018-20710
+       RESERVED
+CVE-2018-20709
+       RESERVED
+CVE-2018-20708
+       RESERVED
 CVE-2019-6278 (XSS exists in JPress v1.0.4 via Markdown input, or Markdown 
input with ...)
        NOT-FOR-US: JPress
 CVE-2019-6277
@@ -20,8 +60,8 @@ CVE-2019-6269
        RESERVED
 CVE-2019-6268
        RESERVED
-CVE-2019-6267
-       RESERVED
+CVE-2019-6267 (The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for 
...)
+       TODO: check
 CVE-2019-6266
        RESERVED
 CVE-2019-6265
@@ -67,6 +107,7 @@ CVE-2019-6251 (embed/ephy-web-view.c in GNOME Web (aka 
Epiphany) through 3.31.4
 CVE-2019-6249 (An issue was discovered in HuCart v5.7.4. There is a CSRF 
vulnerability ...)
        NOT-FOR-US: HuCart
 CVE-2019-6250 (A pointer overflow, with code execution, was discovered in 
ZeroMQ ...)
+       {DSA-4368-1}
        - zeromq3 4.3.1-1 (bug #919098)
        [jessie] - zeromq3 <not-affected> (Vulnerable code introduced later)
        NOTE: https://github.com/zeromq/libzmq/issues/3351
@@ -9857,19 +9898,25 @@ CVE-2018-20073 [chromium stores download meta data in 
extended attributes]
 CVE-2018-20072
        RESERVED
 CVE-2018-20071 (Insufficiently strict origin checks during JIT payment app ...)
+       {DSA-4330-1}
        - chromium-browser 70.0.3538.67-1
        [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-20070 (Incorrect handling of confusable characters in URL Formatter 
in Google ...)
+       {DSA-4352-1}
        - chromium 71.0.3578.80-1
 CVE-2018-20069 (Failure to prevent navigation to top frame to data URLs in 
Navigation ...)
        - chromium <not-affected> (Specific to iOS)
 CVE-2018-20068 (Incorrect handling of 304 status codes in Navigation in Google 
Chrome ...)
+       {DSA-4352-1}
        - chromium 71.0.3578.80-1
 CVE-2018-20067 (A renderer initiated back navigation was incorrectly allowed 
to cancel ...)
+       {DSA-4352-1}
        - chromium 71.0.3578.80-1
 CVE-2018-20066 (Incorrect object lifecycle in Extensions in Google Chrome 
prior to ...)
+       {DSA-4352-1}
        - chromium 71.0.3578.80-1
 CVE-2018-20065 (Handling of URI action in PDFium in Google Chrome prior to ...)
+       {DSA-4352-1}
        - chromium 71.0.3578.80-1
 CVE-2018-20064 (doorGets 7.0 allows remote attackers to write to arbitrary 
files via ...)
        NOT-FOR-US: doorGets
@@ -16090,9 +16137,11 @@ CVE-2018-19368
 CVE-2018-19367 (Portainer through 1.19.2 provides an API endpoint ...)
        NOT-FOR-US: Portainer
 CVE-2018-19966 (An issue was discovered in Xen through 4.11.x allowing x86 PV 
guest OS ...)
+       {DSA-4369-1}
        - xen 4.11.1-1
        NOTE: https://xenbits.xen.org/xsa/advisory-280.txt
 CVE-2018-19965 (An issue was discovered in Xen through 4.11.x allowing 64-bit 
PV guest ...)
+       {DSA-4369-1}
        - xen 4.11.1-1
        NOTE: https://xenbits.xen.org/xsa/advisory-279.txt
 CVE-2018-19964 (An issue was discovered in Xen 4.11.x allowing x86 guest OS 
users to ...)
@@ -16106,9 +16155,11 @@ CVE-2018-19963 (An issue was discovered in Xen 4.11 
allowing HVM guest OS users
        [jessie] - xen <not-affected> (Only affects 4.11)
        NOTE: https://xenbits.xen.org/xsa/advisory-276.txt
 CVE-2018-19962 (An issue was discovered in Xen through 4.11.x on AMD x86 
platforms, ...)
+       {DSA-4369-1}
        - xen 4.11.1-1
        NOTE: https://xenbits.xen.org/xsa/advisory-275.txt
 CVE-2018-19961 (An issue was discovered in Xen through 4.11.x on AMD x86 
platforms, ...)
+       {DSA-4369-1}
        - xen 4.11.1-1
        NOTE: https://xenbits.xen.org/xsa/advisory-275.txt
 CVE-2018-19366
@@ -17026,7 +17077,7 @@ CVE-2018-19117
 CVE-2018-19116
        RESERVED
 CVE-2018-19967 (An issue was discovered in Xen through 4.11.x on Intel x86 
platforms ...)
-       {DLA-1577-1}
+       {DSA-4369-1 DLA-1577-1}
        - xen 4.11.1-1
        NOTE: https://xenbits.xen.org/xsa/advisory-282.txt
 CVE-2018-19115 (keepalived before 2.0.7 has a heap-based buffer overflow when 
parsing ...)
@@ -22600,8 +22651,7 @@ CVE-2018-16889 [debug logging for v4 auth does not 
sanitize encryption keys]
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1665334
        NOTE: http://tracker.ceph.com/issues/37847
        NOTE: 
https://github.com/ceph/ceph/commit/ba55e2a96c9dfcc7aa2311431beaaa23cb05c30d
-CVE-2018-16888 [kills privileged process if unprivileged PIDFile was tampered]
-       RESERVED
+CVE-2018-16888 (It was discovered systemd does not correctly check the content 
of ...)
        - systemd 237-1
        [jessie] - systemd <no-dsa> (low priority because this is inherently a 
bug in the PID file logic)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1662867



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e64335ef412de2b2d656e2a9a3bae3aa9f91e64

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e64335ef412de2b2d656e2a9a3bae3aa9f91e64
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to