Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 10437f6c by security tracker role at 2019-03-10T08:10:15Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -9126,6 +9126,7 @@ CVE-2019-5787 RESERVED CVE-2019-5786 RESERVED + {DSA-4404-1} - chromium 72.0.3626.121-1 CVE-2019-5785 RESERVED @@ -20731,9 +20732,11 @@ CVE-2018-19792 (The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows lo CVE-2018-19791 (The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not ...) NOT-FOR-US: OpenLiteSpeed CVE-2018-19790 (An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x ...) + {DLA-1707-1} - symfony 3.4.20+dfsg-1 NOTE: https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http CVE-2018-19789 (An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before ...) + {DLA-1707-1} - symfony 3.4.20+dfsg-1 NOTE: https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path CVE-2018-19788 (A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user ...) @@ -36566,6 +36569,7 @@ CVE-2018-14774 (An issue was discovered in HttpKernel in Symfony 2.7.0 through 2 [jessie] - symfony <not-affected> (Vulnerable code not present, introduced later in commit 4c8a25a6e2) NOTE: https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache CVE-2018-14773 (An issue was discovered in Http Foundation in Symfony 2.7.0 through ...) + {DLA-1707-1} - symfony 3.4.14+dfsg-1 [stretch] - symfony <no-dsa> (Minor issue) NOTE: https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers @@ -45673,6 +45677,7 @@ CVE-2018-11410 (An issue was discovered in Liblouis 3.5.0. A invalid free in the CVE-2018-11409 (Splunk through 7.0.1 allows information disclosure by appending ...) NOT-FOR-US: Splunk CVE-2018-11408 (The security handlers in the Security component in Symfony in 2.7.x ...) + {DLA-1707-1} - symfony 3.4.12+dfsg-1 [stretch] - symfony <not-affected> (Incomplete fix for CVE-2017-16652 wasn't backported) NOTE: https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers @@ -45732,7 +45737,7 @@ CVE-2018-11386 (An issue was discovered in the HttpFoundation component in Symfo [jessie] - symfony <not-affected> (vulnerable code no present, no rollback mechanism in this version) NOTE: https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler CVE-2018-11385 (An issue was discovered in the Security component in Symfony 2.7.x ...) - {DSA-4262-1} + {DSA-4262-1 DLA-1707-1} - symfony 3.4.12+dfsg-1 NOTE: https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication CVE-2018-11384 (The sh_op() function in radare2 2.5.0 allows remote attackers to cause ...) @@ -80112,7 +80117,7 @@ CVE-2017-16656 CVE-2017-16655 RESERVED CVE-2017-16654 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, ...) - {DSA-4262-1} + {DSA-4262-1 DLA-1707-1} - symfony 3.4.0+dfsg-1 NOTE: https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths NOTE: https://github.com/symfony/symfony/pull/24994 @@ -80123,7 +80128,7 @@ CVE-2017-16653 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14 NOTE: https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https NOTE: https://github.com/symfony/symfony/pull/24992 CVE-2017-16652 (An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before ...) - {DSA-4262-1} + {DSA-4262-1 DLA-1707-1} - symfony 3.4.0+dfsg-1 NOTE: https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers NOTE: https://github.com/symfony/symfony/pull/24995 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10437f6c996561e2df9fd75e4b1e8e829bb6ebe4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10437f6c996561e2df9fd75e4b1e8e829bb6ebe4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits