Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 33ded815 by security tracker role at 2019-03-05T08:10:12Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -7881,8 +7881,8 @@ CVE-2019-6237 RESERVED CVE-2019-6236 RESERVED -CVE-2019-6235 - RESERVED +CVE-2019-6235 (A memory corruption issue was addressed with improved validation. This ...) + TODO: check CVE-2019-6234 RESERVED - webkit2gtk 2.22.4-1 (unimportant) @@ -7957,8 +7957,8 @@ CVE-2019-6208 RESERVED CVE-2019-6207 RESERVED -CVE-2019-6206 - RESERVED +CVE-2019-6206 (An issue existed with autofill resuming after it was canceled. The ...) + TODO: check CVE-2019-6205 RESERVED CVE-2019-6204 @@ -23977,7 +23977,7 @@ CVE-2018-19465 RESERVED CVE-2018-19464 (Discuz! X3.4 allows XSS via admin.php because ...) NOT-FOR-US: Discuz! -CVE-2018-19463 (zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows ...) +CVE-2018-19463 (** DISPUTED ** zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. NOTE: The vendor's position is "We have no dynamic including. No one can run PHP by uploading an image in current version." It also requires authentication. ...) NOT-FOR-US: Z-BlogPHP CVE-2018-19462 RESERVED @@ -26691,6 +26691,7 @@ CVE-2018-18509 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18511 CVE-2018-18508 [NULL pointer dereference in several CMS functions resulting in a denial of service] RESERVED + {DLA-1704-1} - nss 2:3.42.1-1 (bug #921614) NOTE: https://hg.mozilla.org/projects/nss/rev/08d1b0c1117f NOTE: https://hg.mozilla.org/projects/nss/rev/5e70b72131ac @@ -42582,6 +42583,7 @@ CVE-2018-12405 (Mozilla developers and community members reported memory safety NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-12405 CVE-2018-12404 [Cache side-channel variant of the Bleichenbacher attack] RESERVED + {DLA-1704-1} - nss 2:3.41-1 NOTE: http://cat.eyalro.net/ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1485864 (not public) @@ -62380,8 +62382,8 @@ CVE-2018-5484 RESERVED CVE-2018-5483 RESERVED -CVE-2018-5482 - RESERVED +CVE-2018-5482 (NetApp SnapCenter Server prior to 4.1 does not set the secure flag for ...) + TODO: check CVE-2018-5481 (OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 ...) NOT-FOR-US: OnCommand Unified Manager CVE-2018-5480 @@ -83067,8 +83069,8 @@ CVE-2017-15517 (AltaVault OST Plug-in versions prior to 1.2.2 may allow attacker NOT-FOR-US: AltaVault OST Plug-in CVE-2017-15516 (NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a ...) NOT-FOR-US: NetApp -CVE-2017-15515 - RESERVED +CVE-2017-15515 (NetApp SnapCenter Server prior to 4.0 is susceptible to cross site ...) + TODO: check CVE-2017-15514 RESERVED CVE-2017-15568 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/33ded815d9c9163e0a740e4e0e85670d6ad957e0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/33ded815d9c9163e0a740e4e0e85670d6ad957e0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits