[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sun, 10 Mar 2019 00:11:07 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
10437f6c by security tracker role at 2019-03-10T08:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9126,6 +9126,7 @@ CVE-2019-5787
        RESERVED
 CVE-2019-5786
        RESERVED
+       {DSA-4404-1}
        - chromium 72.0.3626.121-1
 CVE-2019-5785
        RESERVED
@@ -20731,9 +20732,11 @@ CVE-2018-19792 (The server in LiteSpeed OpenLiteSpeed 
before 1.5.0 RC6 allows lo
 CVE-2018-19791 (The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does 
not ...)
        NOT-FOR-US: OpenLiteSpeed
 CVE-2018-19790 (An open redirect was discovered in Symfony 2.7.x before 
2.7.50, 2.8.x ...)
+       {DLA-1707-1}
        - symfony 3.4.20+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http
 CVE-2018-19789 (An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x 
before ...)
+       {DLA-1707-1}
        - symfony 3.4.20+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path
 CVE-2018-19788 (A flaw was found in PolicyKit (aka polkit) 0.115 that allows a 
user ...)
@@ -36566,6 +36569,7 @@ CVE-2018-14774 (An issue was discovered in HttpKernel 
in Symfony 2.7.0 through 2
        [jessie] - symfony <not-affected> (Vulnerable code not present, 
introduced later in commit 4c8a25a6e2)
        NOTE: 
https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache
 CVE-2018-14773 (An issue was discovered in Http Foundation in Symfony 2.7.0 
through ...)
+       {DLA-1707-1}
        - symfony 3.4.14+dfsg-1
        [stretch] - symfony <no-dsa> (Minor issue)
        NOTE: 
https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
@@ -45673,6 +45677,7 @@ CVE-2018-11410 (An issue was discovered in Liblouis 
3.5.0. A invalid free in the
 CVE-2018-11409 (Splunk through 7.0.1 allows information disclosure by 
appending ...)
        NOT-FOR-US: Splunk
 CVE-2018-11408 (The security handlers in the Security component in Symfony in 
2.7.x ...)
+       {DLA-1707-1}
        - symfony 3.4.12+dfsg-1
        [stretch] - symfony <not-affected> (Incomplete fix for CVE-2017-16652 
wasn't backported)
        NOTE: 
https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers
@@ -45732,7 +45737,7 @@ CVE-2018-11386 (An issue was discovered in the 
HttpFoundation component in Symfo
        [jessie] - symfony <not-affected> (vulnerable code no present, no 
rollback mechanism in this version)
        NOTE: 
https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler
 CVE-2018-11385 (An issue was discovered in the Security component in Symfony 
2.7.x ...)
-       {DSA-4262-1}
+       {DSA-4262-1 DLA-1707-1}
        - symfony 3.4.12+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication
 CVE-2018-11384 (The sh_op() function in radare2 2.5.0 allows remote attackers 
to cause ...)
@@ -80112,7 +80117,7 @@ CVE-2017-16656
 CVE-2017-16655
        RESERVED
 CVE-2017-16654 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 
3.2.14, ...)
-       {DSA-4262-1}
+       {DSA-4262-1 DLA-1707-1}
        - symfony 3.4.0+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths
        NOTE: https://github.com/symfony/symfony/pull/24994
@@ -80123,7 +80128,7 @@ CVE-2017-16653 (An issue was discovered in Symfony 
before 2.7.38, 2.8.31, 3.2.14
        NOTE: 
https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https
        NOTE: https://github.com/symfony/symfony/pull/24992
 CVE-2017-16652 (An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x 
before ...)
-       {DSA-4262-1}
+       {DSA-4262-1 DLA-1707-1}
        - symfony 3.4.0+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
        NOTE: https://github.com/symfony/symfony/pull/24995



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/10437f6c996561e2df9fd75e4b1e8e829bb6ebe4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/10437f6c996561e2df9fd75e4b1e8e829bb6ebe4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to