Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f912933a by security tracker role at 2019-03-31T20:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,26 @@
-CVE-2019-10672
+CVE-2019-10675 (** DISPUTED ** WordPress 5.1.1 allows remote authenticated
authors to ...)
+ TODO: check
+CVE-2019-10674
+ RESERVED
+CVE-2019-10673
+ RESERVED
+CVE-2019-10671
+ RESERVED
+CVE-2019-10670
+ RESERVED
+CVE-2019-10669
+ RESERVED
+CVE-2019-10668
+ RESERVED
+CVE-2019-10667
+ RESERVED
+CVE-2019-10666
+ RESERVED
+CVE-2019-10665
+ RESERVED
+CVE-2019-10664 (Domoticz before 4.10578 allows SQL Injection via the idx
parameter in ...)
+ TODO: check
+CVE-2019-10672 (treeRead in hdf/btree.c in libmysofa before 0.7 does not
properly vali ...)
- libmysofa <unfixed> (bug #926125)
NOTE:
https://github.com/hoene/libmysofa/commit/d39a171e9c6a1c44dbdf43f9db6c3fbd887e38c1
CVE-2019-10663 (Grandstream UCM6204 before 1.0.19.20 devices allow remote
authenticate ...)
@@ -2681,6 +2703,7 @@ CVE-2019-9780
CVE-2018-20801 (In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the
use of b ...)
NOT-FOR-US: Highcharts JS
CVE-2019-9787 (WordPress before 5.1.1 does not properly filter comment
content, leadi ...)
+ {DLA-1742-1}
- wordpress 5.1.1+dfsg1-1 (bug #924546)
NOTE: https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
NOTE: Fixed by:
https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
@@ -3076,35 +3099,35 @@ CVE-2019-9634 (Go through 1.12 on Windows misuses
certain LoadLibrary functional
- golang-1.11 <not-affected> (Only affects Go on Windows)
- golang-1.10 <not-affected> (Only affects Go on Windows)
CVE-2019-9637 (An issue was discovered in PHP before 7.1.27, 7.2.x before
7.2.16, and ...)
- {DSA-4403-1}
+ {DSA-4403-1 DLA-1741-1}
- php7.3 7.3.3-1
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77630
CVE-2019-9641 (An issue was discovered in the EXIF component in PHP before
7.1.27, 7. ...)
- {DSA-4403-1}
+ {DSA-4403-1 DLA-1741-1}
- php7.3 7.3.3-1
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77509
CVE-2019-9640 (An issue was discovered in the EXIF component in PHP before
7.1.27, 7. ...)
- {DSA-4403-1}
+ {DSA-4403-1 DLA-1741-1}
- php7.3 7.3.3-1
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77540
CVE-2019-9639 (An issue was discovered in the EXIF component in PHP before
7.1.27, 7. ...)
- {DSA-4403-1}
+ {DSA-4403-1 DLA-1741-1}
- php7.3 7.3.3-1 (unimportant)
- php7.0 <removed> (unimportant)
- php5 <removed> (unimportant)
NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77659
CVE-2019-9638 (An issue was discovered in the EXIF component in PHP before
7.1.27, 7. ...)
- {DSA-4403-1}
+ {DSA-4403-1 DLA-1741-1}
- php7.3 7.3.3-1
- php7.0 <removed>
- php5 <removed>
@@ -4688,7 +4711,7 @@ CVE-2019-9023 (An issue was discovered in PHP before
5.6.40, 7.x before 7.1.26,
NOTE:
https://github.com/php/php-src/commit/28362ed4fae6969b5a8878591a5a06eadf114e03
(7.1)
NOTE:
https://github.com/php/php-src/commit/9d6c59eeea88a3e9d7039cb4fed5126ef704593a
(7.1)
CVE-2019-9022 (An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before
7.2.14, ...)
- {DSA-4398-1}
+ {DSA-4398-1 DLA-1741-1}
- php7.3 7.3.2-1
- php7.0 <removed>
- php5 <removed>
@@ -4918,7 +4941,7 @@ CVE-2019-8943 (WordPress through 5.0.3 allows Path
Traversal in wp_crop_image().
- wordpress <unfixed> (bug #923583)
NOTE:
https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
CVE-2019-8942 (WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code
executi ...)
- {DSA-4401-1}
+ {DSA-4401-1 DLA-1742-1}
- wordpress 5.0.1+dfsg1-1
NOTE:
https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
NOTE: Issue fixed in 4.9.9 and 5.0.1 upstream
@@ -12336,54 +12359,70 @@ CVE-2019-5804
- chromium <not-affected> (Windows-specific)
CVE-2019-5803
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5802
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5801
RESERVED
- chromium <not-affected> (iOS specific)
CVE-2019-5800
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5799
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5798
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5797
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5796
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5795
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5794
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5793
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5792
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5791
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5790
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5789
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5788
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5787
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5786
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f912933aec4a9b024b75dc526dfce255bb3beb07
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f912933aec4a9b024b75dc526dfce255bb3beb07
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
