Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 90dc8906 by Moritz Muehlenhoff at 2019-02-18T22:27:35Z stretch triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -2364,10 +2364,11 @@ CVE-2019-7754 CVE-2019-7753 (Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer ...) NOT-FOR-US: Verydows CVE-2018-20781 (In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's ...) - - gnome-keyring 3.28.0-1 + - gnome-keyring 3.28.0-1 (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781486 NOTE: https://gitlab.gnome.org/GNOME/gnome-keyring/issues/3 + NOTE: Not a vulnerability, just a hardening patch CVE-2019-7752 RESERVED CVE-2019-7751 @@ -2613,6 +2614,7 @@ CVE-2019-7660 CVE-2019-7659 (Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a ...) {DLA-1681-1} - gsoap 2.8.75-1 + [stretch] - gsoap <no-dsa> (Minor issue) - r-other-x4r <undetermined> NOTE: https://www.genivia.com/advisory.html#Bug_in_gSOAP_versions_2.7.0_to_2.8.74_for_applications_built_with_the_WITH_COOKIES_flag_enabled_ NOTE: https://lists.debian.org/debian-lts/2019/02/msg00131.html @@ -12469,6 +12471,7 @@ CVE-2018-20594 (An issue was discovered in hsweb 3.0.4. It is a reflected XSS .. NOT-FOR-US: hsweb CVE-2018-20593 (In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in ...) - mxml <unfixed> + [stretch] - mxml <ignored> (Minor issue) [jessie] - mxml <no-dsa> (Minor issue, only affects the mxmldoc tool) NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt.err (error output) @@ -12478,6 +12481,7 @@ CVE-2018-20593 (In Mini-XML (aka mxml) v2.12, there is stack-based buffer overfl NOTE: upstream tagged the issue with 'wontfix' and removed mxmldoc code completely CVE-2018-20592 (In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd ...) - mxml <unfixed> + [stretch] - mxml <ignored> (Minor issue) [jessie] - mxml <no-dsa> (Minor issue, only affected the mxmldoc tool) NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_1.txt NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_1.txt.err (error output) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/90dc8906034f1c907349984be86df87d8f404cff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/90dc8906034f1c907349984be86df87d8f404cff You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits