Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
33ded815 by security tracker role at 2019-03-05T08:10:12Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7881,8 +7881,8 @@ CVE-2019-6237
RESERVED
CVE-2019-6236
RESERVED
-CVE-2019-6235
- RESERVED
+CVE-2019-6235 (A memory corruption issue was addressed with improved
validation. This ...)
+ TODO: check
CVE-2019-6234
RESERVED
- webkit2gtk 2.22.4-1 (unimportant)
@@ -7957,8 +7957,8 @@ CVE-2019-6208
RESERVED
CVE-2019-6207
RESERVED
-CVE-2019-6206
- RESERVED
+CVE-2019-6206 (An issue existed with autofill resuming after it was canceled.
The ...)
+ TODO: check
CVE-2019-6205
RESERVED
CVE-2019-6204
@@ -23977,7 +23977,7 @@ CVE-2018-19465
RESERVED
CVE-2018-19464 (Discuz! X3.4 allows XSS via admin.php because ...)
NOT-FOR-US: Discuz!
-CVE-2018-19463 (zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1
allows ...)
+CVE-2018-19463 (** DISPUTED ** zb_system/function/lib/upload.php in Z-BlogPHP
through 1.5.1 allows remote attackers to execute arbitrary PHP code by using
the image/jpeg content type in an upload to the
zb_system/admin/index.php?act=UploadMng URI. NOTE: The vendor's position is
"We have no dynamic including. No one can run PHP by uploading an image in
current version." It also requires authentication. ...)
NOT-FOR-US: Z-BlogPHP
CVE-2018-19462
RESERVED
@@ -26691,6 +26691,7 @@ CVE-2018-18509
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18511
CVE-2018-18508 [NULL pointer dereference in several CMS functions resulting in
a denial of service]
RESERVED
+ {DLA-1704-1}
- nss 2:3.42.1-1 (bug #921614)
NOTE: https://hg.mozilla.org/projects/nss/rev/08d1b0c1117f
NOTE: https://hg.mozilla.org/projects/nss/rev/5e70b72131ac
@@ -42582,6 +42583,7 @@ CVE-2018-12405 (Mozilla developers and community
members reported memory safety
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-12405
CVE-2018-12404 [Cache side-channel variant of the Bleichenbacher attack]
RESERVED
+ {DLA-1704-1}
- nss 2:3.41-1
NOTE: http://cat.eyalro.net/
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1485864 (not public)
@@ -62380,8 +62382,8 @@ CVE-2018-5484
RESERVED
CVE-2018-5483
RESERVED
-CVE-2018-5482
- RESERVED
+CVE-2018-5482 (NetApp SnapCenter Server prior to 4.1 does not set the secure
flag for ...)
+ TODO: check
CVE-2018-5481 (OnCommand Unified Manager for 7-Mode (core package) prior to
5.2.4 ...)
NOT-FOR-US: OnCommand Unified Manager
CVE-2018-5480
@@ -83067,8 +83069,8 @@ CVE-2017-15517 (AltaVault OST Plug-in versions prior to
1.2.2 may allow attacker
NOT-FOR-US: AltaVault OST Plug-in
CVE-2017-15516 (NetApp SnapCenter Server versions 1.1 through 2.x are
susceptible to a ...)
NOT-FOR-US: NetApp
-CVE-2017-15515
- RESERVED
+CVE-2017-15515 (NetApp SnapCenter Server prior to 4.0 is susceptible to cross
site ...)
+ TODO: check
CVE-2017-15514
RESERVED
CVE-2017-15568 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before
3.4.3, ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/33ded815d9c9163e0a740e4e0e85670d6ad957e0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/33ded815d9c9163e0a740e4e0e85670d6ad957e0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
