Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f912933a by security tracker role at 2019-03-31T20:10:19Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,4 +1,26 @@ -CVE-2019-10672 +CVE-2019-10675 (** DISPUTED ** WordPress 5.1.1 allows remote authenticated authors to ...) + TODO: check +CVE-2019-10674 + RESERVED +CVE-2019-10673 + RESERVED +CVE-2019-10671 + RESERVED +CVE-2019-10670 + RESERVED +CVE-2019-10669 + RESERVED +CVE-2019-10668 + RESERVED +CVE-2019-10667 + RESERVED +CVE-2019-10666 + RESERVED +CVE-2019-10665 + RESERVED +CVE-2019-10664 (Domoticz before 4.10578 allows SQL Injection via the idx parameter in ...) + TODO: check +CVE-2019-10672 (treeRead in hdf/btree.c in libmysofa before 0.7 does not properly vali ...) - libmysofa <unfixed> (bug #926125) NOTE: https://github.com/hoene/libmysofa/commit/d39a171e9c6a1c44dbdf43f9db6c3fbd887e38c1 CVE-2019-10663 (Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticate ...) @@ -2681,6 +2703,7 @@ CVE-2019-9780 CVE-2018-20801 (In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of b ...) NOT-FOR-US: Highcharts JS CVE-2019-9787 (WordPress before 5.1.1 does not properly filter comment content, leadi ...) + {DLA-1742-1} - wordpress 5.1.1+dfsg1-1 (bug #924546) NOTE: https://blog.ripstech.com/2019/wordpress-csrf-to-rce/ NOTE: Fixed by: https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b @@ -3076,35 +3099,35 @@ CVE-2019-9634 (Go through 1.12 on Windows misuses certain LoadLibrary functional - golang-1.11 <not-affected> (Only affects Go on Windows) - golang-1.10 <not-affected> (Only affects Go on Windows) CVE-2019-9637 (An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and ...) - {DSA-4403-1} + {DSA-4403-1 DLA-1741-1} - php7.3 7.3.3-1 - php7.0 <removed> - php5 <removed> NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77630 CVE-2019-9641 (An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ...) - {DSA-4403-1} + {DSA-4403-1 DLA-1741-1} - php7.3 7.3.3-1 - php7.0 <removed> - php5 <removed> NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77509 CVE-2019-9640 (An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ...) - {DSA-4403-1} + {DSA-4403-1 DLA-1741-1} - php7.3 7.3.3-1 - php7.0 <removed> - php5 <removed> NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77540 CVE-2019-9639 (An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ...) - {DSA-4403-1} + {DSA-4403-1 DLA-1741-1} - php7.3 7.3.3-1 (unimportant) - php7.0 <removed> (unimportant) - php5 <removed> (unimportant) NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77659 CVE-2019-9638 (An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ...) - {DSA-4403-1} + {DSA-4403-1 DLA-1741-1} - php7.3 7.3.3-1 - php7.0 <removed> - php5 <removed> @@ -4688,7 +4711,7 @@ CVE-2019-9023 (An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, NOTE: https://github.com/php/php-src/commit/28362ed4fae6969b5a8878591a5a06eadf114e03 (7.1) NOTE: https://github.com/php/php-src/commit/9d6c59eeea88a3e9d7039cb4fed5126ef704593a (7.1) CVE-2019-9022 (An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, ...) - {DSA-4398-1} + {DSA-4398-1 DLA-1741-1} - php7.3 7.3.2-1 - php7.0 <removed> - php5 <removed> @@ -4918,7 +4941,7 @@ CVE-2019-8943 (WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). - wordpress <unfixed> (bug #923583) NOTE: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/ CVE-2019-8942 (WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code executi ...) - {DSA-4401-1} + {DSA-4401-1 DLA-1742-1} - wordpress 5.0.1+dfsg1-1 NOTE: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/ NOTE: Issue fixed in 4.9.9 and 5.0.1 upstream @@ -12336,54 +12359,70 @@ CVE-2019-5804 - chromium <not-affected> (Windows-specific) CVE-2019-5803 RESERVED + {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5802 RESERVED + {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5801 RESERVED - chromium <not-affected> (iOS specific) CVE-2019-5800 RESERVED + {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5799 RESERVED + {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5798 RESERVED + {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5797 RESERVED + {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5796 RESERVED + {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5795 RESERVED + {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5794 RESERVED + {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5793 RESERVED + {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5792 RESERVED + {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5791 RESERVED + {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5790 RESERVED + {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5789 RESERVED + {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5788 RESERVED + {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5787 RESERVED + {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5786 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f912933aec4a9b024b75dc526dfce255bb3beb07 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f912933aec4a9b024b75dc526dfce255bb3beb07 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits