[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 25 Mar 2019 01:18:04 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f803d02c by security tracker role at 2019-03-25T08:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2019-10027 (PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka 
E-mail) field  ...)
+       TODO: check
+CVE-2019-10026 (An issue was discovered in Xpdf 4.01.01. There is an FPE in 
the functi ...)
+       TODO: check
+CVE-2019-10025 (An issue was discovered in Xpdf 4.01.01. There is an FPE in 
the functi ...)
+       TODO: check
+CVE-2019-10024 (An issue was discovered in Xpdf 4.01.01. There is an FPE in 
the functi ...)
+       TODO: check
+CVE-2019-10023 (An issue was discovered in Xpdf 4.01.01. There is an FPE in 
the functi ...)
+       TODO: check
+CVE-2019-10022 (An issue was discovered in Xpdf 4.01.01. There is a NULL 
pointer deref ...)
+       TODO: check
+CVE-2019-10021 (An issue was discovered in Xpdf 4.01.01. There is an FPE in 
the functi ...)
+       TODO: check
+CVE-2019-10020 (An issue was discovered in Xpdf 4.01.01. There is an FPE in 
the functi ...)
+       TODO: check
+CVE-2019-10019 (An issue was discovered in Xpdf 4.01.01. There is an FPE in 
the functi ...)
+       TODO: check
+CVE-2019-10018 (An issue was discovered in Xpdf 4.01.01. There is an FPE in 
the functi ...)
+       TODO: check
+CVE-2019-10017 (CMS Made Simple 2.2.10 has XSS via the moduleinterface.php 
Name field, ...)
+       TODO: check
+CVE-2019-10016 (GForge Advanced Server 6.4.4 allows XSS via the 
commonsearch.php words ...)
+       TODO: check
+CVE-2019-10015 (baigoStudio baigoSSO v3.0.1 allows remote attackers to execute 
arbitra ...)
+       TODO: check
+CVE-2019-10014 (In DedeCMS 5.7SP2, member/resetpassword.php allows remote 
authenticate ...)
+       TODO: check
 CVE-2019-9999
        RESERVED
 CVE-2019-9998
@@ -63823,7 +63851,7 @@ CVE-2018-5766 (In Libav through 12.2, there is an 
invalid memcpy in the av_packe
 CVE-2018-5765
        RESERVED
 CVE-2018-5764 (The parse_arguments function in options.c in rsyncd in rsync 
before 3. ...)
-       {DLA-1247-1}
+       {DLA-1725-1 DLA-1247-1}
        - rsync 3.1.2-2.2 (bug #887588)
        [stretch] - rsync <no-dsa> (Minor issue)
        NOTE: 
https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07
@@ -124263,6 +124291,7 @@ CVE-2016-9845 (QEMU (aka Quick Emulator) built with 
the Virtio GPU Device emulat
        - qemu-kvm <not-affected> (Vulnerable code not present)
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html
 CVE-2016-9843 (The crc32_big function in crc32.c in zlib 1.2.8 might allow 
context-de ...)
+       {DLA-1725-1}
        - zlib 1:1.2.8.dfsg-3 (bug #847275)
        [jessie] - zlib <no-dsa> (Minor issue)
        [wheezy] - zlib <no-dsa> (Minor issue)
@@ -124271,6 +124300,7 @@ CVE-2016-9843 (The crc32_big function in crc32.c in 
zlib 1.2.8 might allow conte
        NOTE: 
https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
        NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
 CVE-2016-9842 (The inflateMark function in inflate.c in zlib 1.2.8 might allow 
contex ...)
+       {DLA-1725-1}
        - zlib 1:1.2.8.dfsg-3 (bug #847274)
        [jessie] - zlib <no-dsa> (Minor issue)
        [wheezy] - zlib <no-dsa> (Minor issue)
@@ -124279,6 +124309,7 @@ CVE-2016-9842 (The inflateMark function in inflate.c 
in zlib 1.2.8 might allow c
        NOTE: 
https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
        NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
 CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow context-dependent attackers 
to hav ...)
+       {DLA-1725-1}
        - zlib 1:1.2.8.dfsg-4 (bug #847270)
        [jessie] - zlib <no-dsa> (Minor issue)
        [wheezy] - zlib <no-dsa> (Minor issue)
@@ -124287,6 +124318,7 @@ CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow 
context-dependent attackers t
        NOTE: 
https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
        NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
 CVE-2016-9840 (inftrees.c in zlib 1.2.8 might allow context-dependent 
attackers to ha ...)
+       {DLA-1725-1}
        - zlib 1:1.2.8.dfsg-3 (bug #847270)
        [jessie] - zlib <no-dsa> (Minor issue)
        [wheezy] - zlib <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f803d02cdf64199e80c153aa2120b456286fcb47

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f803d02cdf64199e80c153aa2120b456286fcb47
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to