[Git][security-tracker-team/security-tracker][master] "new" chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
197436e1 by Moritz Muehlenhoff at 2023-08-18T14:08:26+02:00
"new" chromium issue
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=
data/CVE/list
=
@@ -2030,7 +2030,8 @@ CVE-2023-33373 (Connected IO v2.1.0 and prior keeps
passwords and credentials in
CVE-2023-33372 (Connected IO v2.1.0 and prior uses a hard-coded
username/password pair ...)
NOT-FOR-US: Connected IO
CVE-2022-4955 (Inappropriate implementation in DevTools in Google Chrome prior
to 108 ...)
- TODO: check
+ - chromium 108.0.5359.71-1
+ [buster] - chromium (see DSA 5046)
CVE-2023-4142 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable
to Rem ...)
NOT-FOR-US: WP Ultimate CSV Importer plugin for WordPress
CVE-2023-4141 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable
to Rem ...)
=
data/DSA/list
=
@@ -598,7 +598,7 @@
{CVE-2021-34055 CVE-2022-41751}
[bullseye] - jhead 1:3.04-6+deb11u1
[03 Dec 2022] DSA-5293-1 chromium - security update
- {CVE-2022-4174 CVE-2022-4175 CVE-2022-4176 CVE-2022-4177 CVE-2022-4178
CVE-2022-4179 CVE-2022-4180 CVE-2022-4181 CVE-2022-4182 CVE-2022-4183
CVE-2022-4184 CVE-2022-4185 CVE-2022-4186 CVE-2022-4187 CVE-2022-4188
CVE-2022-4189 CVE-2022-4190 CVE-2022-4191 CVE-2022-4192 CVE-2022-4193
CVE-2022-4194 CVE-2022-4195 CVE-2022-4906 CVE-2022-4907}
+ {CVE-2022-4174 CVE-2022-4175 CVE-2022-4176 CVE-2022-4177 CVE-2022-4178
CVE-2022-4179 CVE-2022-4180 CVE-2022-4181 CVE-2022-4182 CVE-2022-4183
CVE-2022-4184 CVE-2022-4185 CVE-2022-4186 CVE-2022-4187 CVE-2022-4188
CVE-2022-4189 CVE-2022-4190 CVE-2022-4191 CVE-2022-4192 CVE-2022-4193
CVE-2022-4194 CVE-2022-4195 CVE-2022-4906 CVE-2022-4907 CVE-2022-4955}
[bullseye] - chromium 108.0.5359.71-2~deb11u1
[01 Dec 2022] DSA-5292-1 snapd - security update
{CVE-2022-3328}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/197436e19b47e0395f26b07a4e08171ad4e7c8cb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/197436e19b47e0395f26b07a4e08171ad4e7c8cb
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] "new" chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
78c62be6 by Moritz Mühlenhoff at 2023-08-01T13:31:46+02:00
"new" chromium issue
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=
data/CVE/list
=
@@ -9835,7 +9835,9 @@ CVE-2023-27390 (A heap-based buffer overflow
vulnerability exists in the Sequenc
CVE-2023-2314 (Insufficient data validation in DevTools in Google Chrome prior
to 111 ...)
TODO: check
CVE-2023-2313 (Inappropriate implementation in Sandbox in Google Chrome on
Windows pr ...)
- TODO: check
+ {DSA-5386-1}
+ - chromium 112.0.5615.49-1
+ [buster] - chromium (see DSA 5046)
CVE-2023-2312
RESERVED
CVE-2023-2311 (Insufficient policy enforcement in File System API in Google
Chrome pr ...)
=
data/DSA/list
=
@@ -258,7 +258,7 @@
{CVE-2023-1668}
[bullseye] - openvswitch 2.15.0+ds1-2+deb11u4
[12 Apr 2023] DSA-5386-1 chromium - security update
- {CVE-2023-1810 CVE-2023-1811 CVE-2023-1812 CVE-2023-1813 CVE-2023-1814
CVE-2023-1815 CVE-2023-1816 CVE-2023-1817 CVE-2023-1818 CVE-2023-1819
CVE-2023-1820 CVE-2023-1821 CVE-2023-1822 CVE-2023-1823}
+ {CVE-2023-1810 CVE-2023-1811 CVE-2023-1812 CVE-2023-1813 CVE-2023-1814
CVE-2023-1815 CVE-2023-1816 CVE-2023-1817 CVE-2023-1818 CVE-2023-1819
CVE-2023-1820 CVE-2023-1821 CVE-2023-1822 CVE-2023-1823 CVE-2023-2313}
[bullseye] - chromium 112.0.5615.49-2~deb11u2
[12 Apr 2023] DSA-5385-1 firefox-esr - security update
{CVE-2023-1945 CVE-2023-1999 CVE-2023-29533 CVE-2023-29535
CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78c62be6caf73bfe82503cc4b7b60ca65831f402
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78c62be6caf73bfe82503cc4b7b60ca65831f402
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] "new" chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c0566b11 by Moritz Muehlenhoff at 2023-02-21T17:34:59+01:00
"new" chromium issue
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=
data/CVE/list
=
@@ -262249,7 +262249,9 @@ CVE-2019-13770
CVE-2019-13769
RESERVED
CVE-2019-13768 (Use after free in FileAPI in Google Chrome prior to
72.0.3626.81 allow ...)
- TODO: check
+ {DSA-4395-1}
+ - chromium 72.0.3626.81-1
+ [stretch] - chromium (see DSA 4562)
CVE-2019-13767 (Use after free in media picker in Google Chrome prior to
79.0.3945.88 ...)
{DSA-4606-1}
- chromium 79.0.3945.130-1
=
data/DSA/list
=
@@ -3206,7 +3206,7 @@
{CVE-2018-10855 CVE-2018-10875 CVE-2018-16837 CVE-2018-16876
CVE-2019-3828}
[stretch] - ansible 2.2.1.0-2+deb9u1
[18 Feb 2019] DSA-4395-1 chromium - security update
- {CVE-2018-17481 CVE-2018-20073 CVE-2019-5754 CVE-2019-5755
CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760
CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765 CVE-2019-5766
CVE-2019-5767 CVE-2019-5768 CVE-2019-5769 CVE-2019-5770 CVE-2019-5772
CVE-2019-5773 CVE-2019-5774 CVE-2019-5775 CVE-2019-5776 CVE-2019-5777
CVE-2019-5778 CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5782
CVE-2019-5783 CVE-2019-5784 CVE-2019-13684}
+ {CVE-2018-17481 CVE-2018-20073 CVE-2019-5754 CVE-2019-5755
CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760
CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765 CVE-2019-5766
CVE-2019-5767 CVE-2019-5768 CVE-2019-5769 CVE-2019-5770 CVE-2019-5772
CVE-2019-5773 CVE-2019-5774 CVE-2019-5775 CVE-2019-5776 CVE-2019-5777
CVE-2019-5778 CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5782
CVE-2019-5783 CVE-2019-5784 CVE-2019-13684 CVE-2019-13768}
[stretch] - chromium 72.0.3626.96-1~deb9u1
[18 Feb 2019] DSA-4394-1 rdesktop - security update
{CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794 CVE-2018-8795
CVE-2018-8796 CVE-2018-8797 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800
CVE-2018-20174 CVE-2018-20175 CVE-2018-20176 CVE-2018-20177 CVE-2018-20178
CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0566b11ec2b888f12ca6141e433550cbff26e8e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0566b11ec2b888f12ca6141e433550cbff26e8e
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 679b7649 by Moritz Mühlenhoff at 2022-10-28T13:16:49+02:00 new chromium issue - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -1816,6 +1816,8 @@ CVE-2022-3724 RESERVED CVE-2022-3723 RESERVED + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-3722 RESERVED CVE-2022-3721 = data/dsa-needed.txt = @@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa -- asterisk (apo) -- +chromium +-- commons-configuration2 -- expat (carnil) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/679b764904af3492892d7bec1e207cc16f880d55 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/679b764904af3492892d7bec1e207cc16f880d55 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0a684ae4 by Moritz Muehlenhoff at 2021-11-24T11:22:45+01:00
new chromium issue
NFUs
resolve some TODOs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -18100,7 +18100,8 @@ CVE-2021-38006
CVE-2021-38005
RESERVED
CVE-2021-38004 (Insufficient policy enforcement in Autofill in Google Chrome
prior to ...)
- TODO: check
+ - chromium
+ [stretch] - chromium (see DSA 4562)
CVE-2021-38003 (Inappropriate implementation in V8 in Google Chrome prior to
95.0.4638 ...)
- chromium
[stretch] - chromium (see DSA 4562)
@@ -43370,9 +43371,9 @@ CVE-2021-27838
CVE-2021-27837
RESERVED
CVE-2021-27836 (An issue was discoverered in in function xls_getWorkSheet in
xls.c in ...)
- - r-cran-readxl
+ - r-cran-readxl (unimportant)
NOTE: https://github.com/libxls/libxls/issues/94
- TODO: check
+ NOTE: Negligible security impact
CVE-2021-27835
RESERVED
CVE-2021-27834
@@ -46916,7 +46917,6 @@ CVE-2021-26314 (Potential floating point value
injection in all supported CPU pr
NOTE:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003
NOTE: Claimed to not affect Xen, Cf.
https://xenbits.xen.org/xsa/advisory-375.html in
NOTE: ("NOTE CONCERNING CVE-2021-0086 / CVE-2021-26314").
- TODO: check
CVE-2021-26313 (Potential speculative code store bypass in all supported CPU
products, ...)
{DSA-4931-1}
- xen 4.14.2+25-gb6a8c4f72d-1
@@ -47855,7 +47855,7 @@ CVE-2021-25988
CVE-2021-25987
RESERVED
CVE-2021-25986 (In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: Django-wiki
CVE-2021-25985 (In Factor (App Framework & Headless CMS) v1.0.4 to
v1.8.30, improp ...)
NOT-FOR-US: Factor (App Framework & Headless CMS)
CVE-2021-25984 (In Factor (App Framework & Headless CMS) forum plugin,
versions v1 ...)
@@ -53891,7 +53891,7 @@ CVE-2021-23434 (This affects the package object-path
before 0.11.6. A type confu
NOTE: https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453
NOTE:
https://github.com/mariocasciaro/object-path/commit/7bdf4abefd102d16c163d633e8994ef154cab9eb
CVE-2021-23433 (The package algoliasearch-helper before 3.6.2 are vulnerable
to Protot ...)
- TODO: check
+ NOT-FOR-US: Node algoliasearch-helper
CVE-2021-23432 (This affects all versions of package mootools. This is due to
the abil ...)
NOT-FOR-US: Node mootools
CVE-2021-23431 (The package joplin before 2.3.2 are vulnerable to Cross-site
Request F ...)
@@ -57082,7 +57082,7 @@ CVE-2021-22055
CVE-2021-22054
RESERVED
CVE-2021-22053 (Applications using both
`spring-cloud-netflix-hystrix-dashboard` and ` ...)
- TODO: check
+ NOT-FOR-US: spring-cloud-netflix-hystrix-dashboard and
spring-boot-starter-thymeleaf
CVE-2021-22052
RESERVED
CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to
specifically ...)
@@ -57128,11 +57128,11 @@ CVE-2021-22032
CVE-2021-22031
RESERVED
CVE-2021-22030 (In versions of Greenplum database prior to 5.28.14 and 6.17.0,
certain ...)
- TODO: check
+ NOT-FOR-US: Greenplum
CVE-2021-22029 (VMware Workspace ONE UEM REST API contains a denial of service
vulnera ...)
NOT-FOR-US: VMware
CVE-2021-22028 (In versions of Greenplum database prior to 5.28.6 and 6.14.0,
greenplu ...)
- TODO: check
+ NOT-FOR-US: Greenplum
CVE-2021-22027 (The vRealize Operations Manager API (8.x prior to 8.5)
contains a Serv ...)
NOT-FOR-US: VMware
CVE-2021-22026 (The vRealize Operations Manager API (8.x prior to 8.5)
contains a Serv ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a684ae47475bbf7827b1e5643d97d570d96bff5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a684ae47475bbf7827b1e5643d97d570d96bff5
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5570ff4a by Moritz Muehlenhoff at 2021-02-05T22:43:50+01:00 new chromium issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13557,6 +13557,8 @@ CVE-2021-21149 RESERVED CVE-2021-21148 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-21147 RESERVED - chromium 88.0.4324.146-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5570ff4aeb38c0dd1c2a433ef4700df871d53080 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5570ff4aeb38c0dd1c2a433ef4700df871d53080 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 08a1417b by Moritz Muehlenhoff at 2020-06-23T10:00:37+02:00 new chromium issue fixed in sid jpeg triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2024,9 +2024,13 @@ CVE-2020-14154 (Mutt before 1.14.3 proceeds with a connection even if, in respon NOTE: https://gitlab.com/muttmua/mutt/commit/f64ec1deefb67d471a642004e102cd1c501a1db3 NOTE: Negligible security impact CVE-2020-14153 (In IJG JPEG (aka libjpeg) before 9d, jdhuff.c has an out-of-bounds arr ...) - TODO: check + - libjpeg9 1:9d-1 + - libjpeg-turbo + NOTE: Not clear what the exact change is between 9c and 9d and whether it applies to -turbo CVE-2020-14152 (In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs. ...) - TODO: check + - libjpeg9 1:9d-1 (low) + - libjpeg-turbo (low) + TODO: report to libjpeg-turbo upstream CVE-2020-14151 (In IJG JPEG (aka libjpeg) before 9d, read_*_pixel() in rdtarga.c in cj ...) NOTE: Duplicate of CVE-2018-11813, should be rejected CVE-2020-14150 (GNU Bison before 3.5.4 allows attackers to cause a denial of service ( ...) @@ -22040,6 +22044,8 @@ CVE-2020-6510 RESERVED CVE-2020-6509 RESERVED + - chromium 83.0.4103.116-1 + [stretch] - chromium (see DSA 4562) CVE-2020-6508 RESERVED CVE-2020-6507 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08a1417b534b1ad5b0c5757c2472a8229b594f56 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08a1417b534b1ad5b0c5757c2472a8229b594f56 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 35701fa0 by Moritz Muehlenhoff at 2020-03-04T12:54:56+01:00 new chromium issue mark qt as ignored - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1191,9 +1191,9 @@ CVE-2020-9447 (The file-upload feature in GwtUpload 1.0.3 allows XSS via a craft CVE-2020-9446 RESERVED CVE-2018-21035 (In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB f ...) - - qtwebsockets-opensource-src (bug #953049) - [buster] - qtwebsockets-opensource-src (Minor issue) - [stretch] - qtwebsockets-opensource-src (Minor issue) + - qtwebsockets-opensource-src (low; bug #953049) + [buster] - qtwebsockets-opensource-src (Minor issue) + [stretch] - qtwebsockets-opensource-src (Minor issue) [jessie] - qtwebsockets-opensource-src (Minor issue) NOTE: https://bugreports.qt.io/browse/QTBUG-70693 NOTE: https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735 @@ -8086,6 +8086,8 @@ CVE-2020-6421 RESERVED CVE-2020-6420 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6419 RESERVED CVE-2020-6418 (Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35701fa0a223e484e70378bb70204ab0d18ff914 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35701fa0a223e484e70378bb70204ab0d18ff914 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 31278e9a by Moritz Muehlenhoff at 2020-01-10T12:39:44+01:00 new chromium issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -838,6 +838,7 @@ CVE-2020-6378 RESERVED CVE-2020-6377 RESERVED + - chromium CVE-2020-6376 RESERVED CVE-2020-6375 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/31278e9a7a5698f96d8df21755bca4f0ec03f240 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/31278e9a7a5698f96d8df21755bca4f0ec03f240 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] "new" chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b73f96fb by Moritz Muehlenhoff at 2019-12-24T09:09:44Z
"new" chromium issue
NFUs
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=
data/CVE/list
=
@@ -19117,15 +19117,15 @@ CVE-2019-15602
CVE-2019-15601
RESERVED
CVE-2019-15600 (A Path traversal exists in http_server which allows an
attacker to rea ...)
- TODO: check
+ NOT-FOR-US: Node module http_server
CVE-2019-15599 (A Code Injection exists in tree-kill on Windows which allows a
remote ...)
- TODO: check
+ NOT-FOR-US: Node module tree-kill
CVE-2019-15598 (A Code Injection exists in treekill on Windows which allows a
remote c ...)
- TODO: check
+ NOT-FOR-US: Node module treekill
CVE-2019-15597 (A code injection exists in node-df v0.1.4 that can allow an
attacker t ...)
- TODO: check
+ NOT-FOR-US: Node module node-df
CVE-2019-15596 (A path traversal in statics-server exists in all version that
allows a ...)
- TODO: check
+ NOT-FOR-US: Node module statics-server
CVE-2019-15595 (A privilege escalation exists in UniFi Video Controller
=<3.10.6 th ...)
NOT-FOR-US: UniFi Video Controller
CVE-2019-15594
@@ -21581,7 +21581,6 @@ CVE-2019-14855 [WoT forgeries using SHA-1]
NOTE:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c4f2d9e3e1d77d2f1f168764fcdfed32f7d1dfc4
NOTE:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=7d9aad63c4f1aefe97da61baf5acd96c12c0278e
NOTE:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=dd18be979e138dd3712315ee390463e8ee1fe8c1
- TODO: check for details, possibly more commits?
CVE-2019-14854
RESERVED
NOT-FOR-US: OpenShift
@@ -25296,7 +25295,8 @@ CVE-2019-13673 (Insufficient data validation in
developer tools in Google Chrome
{DSA-4562-1}
- chromium 78.0.3904.87-1
CVE-2019-13672 (Incorrect security UI in Omnibox in Google Chrome prior to
77.0.3865.7 ...)
- TODO: check
+ {DSA-4562-1}
+ - chromium 78.0.3904.87-1
CVE-2019-13671 (UI spoofing in Blink in Google Chrome prior to 77.0.3865.75
allowed a ...)
{DSA-4562-1}
- chromium 78.0.3904.87-1
@@ -29293,9 +29293,9 @@ CVE-2019-12570 (A SQL injection vulnerability in the
Xpert Solution "Server Stat
CVE-2019-12569 (A vulnerability in Viber before 10.7.0 for Desktop (Windows)
could all ...)
NOT-FOR-US: Viber
CVE-2019-12568 (Stack-based overflow vulnerability in the logMess function in
Open TFT ...)
- TODO: check
+ NOT-FOR-US: Open TFTP Server
CVE-2019-12567 (Stack-based overflow vulnerability in the logMess function in
Open TFT ...)
- TODO: check
+ NOT-FOR-US: Open TFTP Server
CVE-2019-12566 (The WP Statistics plugin through 12.6.5 for Wordpress has
stored XSS i ...)
NOT-FOR-US: WP Statistics plugin for WordPress
CVE-2019-12565
@@ -32986,7 +32986,7 @@ CVE-2019-11296
CVE-2019-11295
RESERVED
CVE-2019-11294 (Cloud Foundry Cloud Controller API (CAPI), version 1.88.0,
allows spac ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2019-11293 (Cloud Foundry UAA Release, versions prior to v74.10.0, when
set to log ...)
NOT-FOR-US: Cloud Foundry UAA Release
CVE-2019-11292
@@ -34407,7 +34407,7 @@ CVE-2019-10773 (In Yarn before 1.21.1, the package
install functionality can be
NOTE:
https://github.com/yarnpkg/yarn/commit/039bafd74b7b1a88a53a54f8fa6fa872615e90e7
NOTE: https://snyk.io/vuln/SNYK-JS-YARN-537806
CVE-2019-10772 (It is possible to bypass enshrined/svg-sanitize before 0.13.1
using th ...)
- TODO: check
+ NOT-FOR-US: svg-sanitize
CVE-2019-10771 (Characters in the GET url path are not properly escaped and
can be ref ...)
NOT-FOR-US: IOBroker
CVE-2019-10770
@@ -40780,7 +40780,7 @@ CVE-2019-8851
CVE-2019-8850
RESERVED
CVE-2019-8849 (The issue was addressed by signaling that an executable stack
is not r ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8848
RESERVED
CVE-2019-8847
@@ -40864,7 +40864,7 @@ CVE-2019-8819 (Multiple memory corruption issues were
addressed with improved me
CVE-2019-8818
RESERVED
CVE-2019-8817 (A validation issue was addressed with improved input
sanitization. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8816 (Multiple memory corruption issues were addressed with improved
memory ...)
{DSA-4558-1}
- webkit2gtk 2.26.1-1
@@ -40914,7 +40914,7 @@ CVE-2019-8808 (Multiple memory corruption issues were
addressed with improved me
CVE-2019-8807 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
CVE-2019-8806 (A memory corruption issue was addressed with improved
validation. This ...)
- TODO
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 929fbf19 by Moritz Muehlenhoff at 2019-12-17T22:40:34Z new chromium issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24516,6 +24516,7 @@ CVE-2019-13768 RESERVED CVE-2019-13767 RESERVED + - chromium CVE-2019-13766 RESERVED CVE-2019-13765 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/929fbf196ab3113ec48a8f8d193d352ded733b5d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/929fbf196ab3113ec48a8f8d193d352ded733b5d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f5274c04 by Moritz Muehlenhoff at 2019-08-28T08:17:54Z
new chromium issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -28150,6 +28150,7 @@ CVE-2019-5870
RESERVED
CVE-2019-5869
RESERVED
+ - chromium
CVE-2019-5868
RESERVED
{DSA-4500-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5274c04033157e87ae98c85b9442ff75b741672
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5274c04033157e87ae98c85b9442ff75b741672
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5e1a611b by Moritz Muehlenhoff at 2019-01-03T13:04:25Z new chromium issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4081,8 +4081,9 @@ CVE-2018-20075 RESERVED CVE-2018-20074 RESERVED -CVE-2018-20073 +CVE-2018-20073 [chromium stores download meta data in extended attributes] RESERVED + - chromium CVE-2018-20072 RESERVED CVE-2018-20071 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5e1a611bb46c35c41c525f46a8d231e2614e1d6a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5e1a611bb46c35c41c525f46a8d231e2614e1d6a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
398fbe2a by Moritz Muehlenhoff at 2018-11-19T22:28:08Z
new chromium issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -4878,6 +4878,8 @@ CVE-2018-17480
RESERVED
CVE-2018-17479
RESERVED
+ - chromium-browser
+ [jessie] - chromium-browser (End of life, see DSA 4020)
CVE-2018-17478
RESERVED
{DSA-4340-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/398fbe2a6bf59112ac67ac762267c2d9e30960ff
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/398fbe2a6bf59112ac67ac762267c2d9e30960ff
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fac307bb by Moritz Muehlenhoff at 2018-11-11T11:38:11Z
new chromium issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -4088,6 +4088,8 @@ CVE-2018-17479
RESERVED
CVE-2018-17478
RESERVED
+ - chromium-browser
+ [jessie] - chromium-browser (End of life, see DSA 4020)
CVE-2018-17477
RESERVED
{DSA-4330-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fac307bbfab0e50c2d1b6f46fd1b99a874d31a1b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fac307bbfab0e50c2d1b6f46fd1b99a874d31a1b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 2371e479 by Moritz Muehlenhoff at 2018-06-12T23:05:58+02:00 new chromium issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -16182,6 +16182,8 @@ CVE-2018-6150 RESERVED CVE-2018-6149 RESERVED + - chromium-browser + [jessie] - chromium-browser (End of life, see DSA 4020) CVE-2018-6148 RESERVED - chromium-browser 67.0.3396.79-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2371e479e54985f3b37a1781170619a8fd22137d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2371e479e54985f3b37a1781170619a8fd22137d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3d3d4328 by Moritz Muehlenhoff at 2018-06-07T10:41:20+02:00 new chromium issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -15180,6 +15180,8 @@ CVE-2018-6149 RESERVED CVE-2018-6148 RESERVED + - chromium-browser + [jessie] - chromium-browser (End of life, see DSA 4020) CVE-2018-6147 RESERVED - chromium-browser 67.0.3396.62-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d3d432815b3f9ca4020f9adb0123339d477cb8a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d3d432815b3f9ca4020f9adb0123339d477cb8a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
