[Git][security-tracker-team/security-tracker][master] "new" chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 197436e1 by Moritz Muehlenhoff at 2023-08-18T14:08:26+02:00 "new" chromium issue - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: = data/CVE/list = @@ -2030,7 +2030,8 @@ CVE-2023-33373 (Connected IO v2.1.0 and prior keeps passwords and credentials in CVE-2023-33372 (Connected IO v2.1.0 and prior uses a hard-coded username/password pair ...) NOT-FOR-US: Connected IO CVE-2022-4955 (Inappropriate implementation in DevTools in Google Chrome prior to 108 ...) - TODO: check + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) CVE-2023-4142 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Rem ...) NOT-FOR-US: WP Ultimate CSV Importer plugin for WordPress CVE-2023-4141 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Rem ...) = data/DSA/list = @@ -598,7 +598,7 @@ {CVE-2021-34055 CVE-2022-41751} [bullseye] - jhead 1:3.04-6+deb11u1 [03 Dec 2022] DSA-5293-1 chromium - security update - {CVE-2022-4174 CVE-2022-4175 CVE-2022-4176 CVE-2022-4177 CVE-2022-4178 CVE-2022-4179 CVE-2022-4180 CVE-2022-4181 CVE-2022-4182 CVE-2022-4183 CVE-2022-4184 CVE-2022-4185 CVE-2022-4186 CVE-2022-4187 CVE-2022-4188 CVE-2022-4189 CVE-2022-4190 CVE-2022-4191 CVE-2022-4192 CVE-2022-4193 CVE-2022-4194 CVE-2022-4195 CVE-2022-4906 CVE-2022-4907} + {CVE-2022-4174 CVE-2022-4175 CVE-2022-4176 CVE-2022-4177 CVE-2022-4178 CVE-2022-4179 CVE-2022-4180 CVE-2022-4181 CVE-2022-4182 CVE-2022-4183 CVE-2022-4184 CVE-2022-4185 CVE-2022-4186 CVE-2022-4187 CVE-2022-4188 CVE-2022-4189 CVE-2022-4190 CVE-2022-4191 CVE-2022-4192 CVE-2022-4193 CVE-2022-4194 CVE-2022-4195 CVE-2022-4906 CVE-2022-4907 CVE-2022-4955} [bullseye] - chromium 108.0.5359.71-2~deb11u1 [01 Dec 2022] DSA-5292-1 snapd - security update {CVE-2022-3328} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/197436e19b47e0395f26b07a4e08171ad4e7c8cb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/197436e19b47e0395f26b07a4e08171ad4e7c8cb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] "new" chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 78c62be6 by Moritz Mühlenhoff at 2023-08-01T13:31:46+02:00 "new" chromium issue - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: = data/CVE/list = @@ -9835,7 +9835,9 @@ CVE-2023-27390 (A heap-based buffer overflow vulnerability exists in the Sequenc CVE-2023-2314 (Insufficient data validation in DevTools in Google Chrome prior to 111 ...) TODO: check CVE-2023-2313 (Inappropriate implementation in Sandbox in Google Chrome on Windows pr ...) - TODO: check + {DSA-5386-1} + - chromium 112.0.5615.49-1 + [buster] - chromium (see DSA 5046) CVE-2023-2312 RESERVED CVE-2023-2311 (Insufficient policy enforcement in File System API in Google Chrome pr ...) = data/DSA/list = @@ -258,7 +258,7 @@ {CVE-2023-1668} [bullseye] - openvswitch 2.15.0+ds1-2+deb11u4 [12 Apr 2023] DSA-5386-1 chromium - security update - {CVE-2023-1810 CVE-2023-1811 CVE-2023-1812 CVE-2023-1813 CVE-2023-1814 CVE-2023-1815 CVE-2023-1816 CVE-2023-1817 CVE-2023-1818 CVE-2023-1819 CVE-2023-1820 CVE-2023-1821 CVE-2023-1822 CVE-2023-1823} + {CVE-2023-1810 CVE-2023-1811 CVE-2023-1812 CVE-2023-1813 CVE-2023-1814 CVE-2023-1815 CVE-2023-1816 CVE-2023-1817 CVE-2023-1818 CVE-2023-1819 CVE-2023-1820 CVE-2023-1821 CVE-2023-1822 CVE-2023-1823 CVE-2023-2313} [bullseye] - chromium 112.0.5615.49-2~deb11u2 [12 Apr 2023] DSA-5385-1 firefox-esr - security update {CVE-2023-1945 CVE-2023-1999 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78c62be6caf73bfe82503cc4b7b60ca65831f402 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78c62be6caf73bfe82503cc4b7b60ca65831f402 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] "new" chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c0566b11 by Moritz Muehlenhoff at 2023-02-21T17:34:59+01:00 "new" chromium issue - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: = data/CVE/list = @@ -262249,7 +262249,9 @@ CVE-2019-13770 CVE-2019-13769 RESERVED CVE-2019-13768 (Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allow ...) - TODO: check + {DSA-4395-1} + - chromium 72.0.3626.81-1 + [stretch] - chromium (see DSA 4562) CVE-2019-13767 (Use after free in media picker in Google Chrome prior to 79.0.3945.88 ...) {DSA-4606-1} - chromium 79.0.3945.130-1 = data/DSA/list = @@ -3206,7 +3206,7 @@ {CVE-2018-10855 CVE-2018-10875 CVE-2018-16837 CVE-2018-16876 CVE-2019-3828} [stretch] - ansible 2.2.1.0-2+deb9u1 [18 Feb 2019] DSA-4395-1 chromium - security update - {CVE-2018-17481 CVE-2018-20073 CVE-2019-5754 CVE-2019-5755 CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760 CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765 CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769 CVE-2019-5770 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774 CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778 CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5782 CVE-2019-5783 CVE-2019-5784 CVE-2019-13684} + {CVE-2018-17481 CVE-2018-20073 CVE-2019-5754 CVE-2019-5755 CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760 CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765 CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769 CVE-2019-5770 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774 CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778 CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5782 CVE-2019-5783 CVE-2019-5784 CVE-2019-13684 CVE-2019-13768} [stretch] - chromium 72.0.3626.96-1~deb9u1 [18 Feb 2019] DSA-4394-1 rdesktop - security update {CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794 CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20175 CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0566b11ec2b888f12ca6141e433550cbff26e8e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0566b11ec2b888f12ca6141e433550cbff26e8e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 679b7649 by Moritz Mühlenhoff at 2022-10-28T13:16:49+02:00 new chromium issue - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -1816,6 +1816,8 @@ CVE-2022-3724 RESERVED CVE-2022-3723 RESERVED + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-3722 RESERVED CVE-2022-3721 = data/dsa-needed.txt = @@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa -- asterisk (apo) -- +chromium +-- commons-configuration2 -- expat (carnil) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/679b764904af3492892d7bec1e207cc16f880d55 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/679b764904af3492892d7bec1e207cc16f880d55 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0a684ae4 by Moritz Muehlenhoff at 2021-11-24T11:22:45+01:00 new chromium issue NFUs resolve some TODOs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18100,7 +18100,8 @@ CVE-2021-38006 CVE-2021-38005 RESERVED CVE-2021-38004 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...) - TODO: check + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-38003 (Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638 ...) - chromium [stretch] - chromium (see DSA 4562) @@ -43370,9 +43371,9 @@ CVE-2021-27838 CVE-2021-27837 RESERVED CVE-2021-27836 (An issue was discoverered in in function xls_getWorkSheet in xls.c in ...) - - r-cran-readxl + - r-cran-readxl (unimportant) NOTE: https://github.com/libxls/libxls/issues/94 - TODO: check + NOTE: Negligible security impact CVE-2021-27835 RESERVED CVE-2021-27834 @@ -46916,7 +46917,6 @@ CVE-2021-26314 (Potential floating point value injection in all supported CPU pr NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003 NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in NOTE: ("NOTE CONCERNING CVE-2021-0086 / CVE-2021-26314"). - TODO: check CVE-2021-26313 (Potential speculative code store bypass in all supported CPU products, ...) {DSA-4931-1} - xen 4.14.2+25-gb6a8c4f72d-1 @@ -47855,7 +47855,7 @@ CVE-2021-25988 CVE-2021-25987 RESERVED CVE-2021-25986 (In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cros ...) - TODO: check + NOT-FOR-US: Django-wiki CVE-2021-25985 (In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improp ...) NOT-FOR-US: Factor (App Framework & Headless CMS) CVE-2021-25984 (In Factor (App Framework & Headless CMS) forum plugin, versions v1 ...) @@ -53891,7 +53891,7 @@ CVE-2021-23434 (This affects the package object-path before 0.11.6. A type confu NOTE: https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453 NOTE: https://github.com/mariocasciaro/object-path/commit/7bdf4abefd102d16c163d633e8994ef154cab9eb CVE-2021-23433 (The package algoliasearch-helper before 3.6.2 are vulnerable to Protot ...) - TODO: check + NOT-FOR-US: Node algoliasearch-helper CVE-2021-23432 (This affects all versions of package mootools. This is due to the abil ...) NOT-FOR-US: Node mootools CVE-2021-23431 (The package joplin before 2.3.2 are vulnerable to Cross-site Request F ...) @@ -57082,7 +57082,7 @@ CVE-2021-22055 CVE-2021-22054 RESERVED CVE-2021-22053 (Applications using both `spring-cloud-netflix-hystrix-dashboard` and ` ...) - TODO: check + NOT-FOR-US: spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf CVE-2021-22052 RESERVED CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to specifically ...) @@ -57128,11 +57128,11 @@ CVE-2021-22032 CVE-2021-22031 RESERVED CVE-2021-22030 (In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain ...) - TODO: check + NOT-FOR-US: Greenplum CVE-2021-22029 (VMware Workspace ONE UEM REST API contains a denial of service vulnera ...) NOT-FOR-US: VMware CVE-2021-22028 (In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplu ...) - TODO: check + NOT-FOR-US: Greenplum CVE-2021-22027 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...) NOT-FOR-US: VMware CVE-2021-22026 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a684ae47475bbf7827b1e5643d97d570d96bff5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a684ae47475bbf7827b1e5643d97d570d96bff5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5570ff4a by Moritz Muehlenhoff at 2021-02-05T22:43:50+01:00 new chromium issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13557,6 +13557,8 @@ CVE-2021-21149 RESERVED CVE-2021-21148 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-21147 RESERVED - chromium 88.0.4324.146-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5570ff4aeb38c0dd1c2a433ef4700df871d53080 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5570ff4aeb38c0dd1c2a433ef4700df871d53080 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 08a1417b by Moritz Muehlenhoff at 2020-06-23T10:00:37+02:00 new chromium issue fixed in sid jpeg triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2024,9 +2024,13 @@ CVE-2020-14154 (Mutt before 1.14.3 proceeds with a connection even if, in respon NOTE: https://gitlab.com/muttmua/mutt/commit/f64ec1deefb67d471a642004e102cd1c501a1db3 NOTE: Negligible security impact CVE-2020-14153 (In IJG JPEG (aka libjpeg) before 9d, jdhuff.c has an out-of-bounds arr ...) - TODO: check + - libjpeg9 1:9d-1 + - libjpeg-turbo + NOTE: Not clear what the exact change is between 9c and 9d and whether it applies to -turbo CVE-2020-14152 (In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs. ...) - TODO: check + - libjpeg9 1:9d-1 (low) + - libjpeg-turbo (low) + TODO: report to libjpeg-turbo upstream CVE-2020-14151 (In IJG JPEG (aka libjpeg) before 9d, read_*_pixel() in rdtarga.c in cj ...) NOTE: Duplicate of CVE-2018-11813, should be rejected CVE-2020-14150 (GNU Bison before 3.5.4 allows attackers to cause a denial of service ( ...) @@ -22040,6 +22044,8 @@ CVE-2020-6510 RESERVED CVE-2020-6509 RESERVED + - chromium 83.0.4103.116-1 + [stretch] - chromium (see DSA 4562) CVE-2020-6508 RESERVED CVE-2020-6507 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08a1417b534b1ad5b0c5757c2472a8229b594f56 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08a1417b534b1ad5b0c5757c2472a8229b594f56 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 35701fa0 by Moritz Muehlenhoff at 2020-03-04T12:54:56+01:00 new chromium issue mark qt as ignored - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1191,9 +1191,9 @@ CVE-2020-9447 (The file-upload feature in GwtUpload 1.0.3 allows XSS via a craft CVE-2020-9446 RESERVED CVE-2018-21035 (In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB f ...) - - qtwebsockets-opensource-src (bug #953049) - [buster] - qtwebsockets-opensource-src (Minor issue) - [stretch] - qtwebsockets-opensource-src (Minor issue) + - qtwebsockets-opensource-src (low; bug #953049) + [buster] - qtwebsockets-opensource-src (Minor issue) + [stretch] - qtwebsockets-opensource-src (Minor issue) [jessie] - qtwebsockets-opensource-src (Minor issue) NOTE: https://bugreports.qt.io/browse/QTBUG-70693 NOTE: https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735 @@ -8086,6 +8086,8 @@ CVE-2020-6421 RESERVED CVE-2020-6420 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6419 RESERVED CVE-2020-6418 (Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35701fa0a223e484e70378bb70204ab0d18ff914 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35701fa0a223e484e70378bb70204ab0d18ff914 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 31278e9a by Moritz Muehlenhoff at 2020-01-10T12:39:44+01:00 new chromium issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -838,6 +838,7 @@ CVE-2020-6378 RESERVED CVE-2020-6377 RESERVED + - chromium CVE-2020-6376 RESERVED CVE-2020-6375 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/31278e9a7a5698f96d8df21755bca4f0ec03f240 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/31278e9a7a5698f96d8df21755bca4f0ec03f240 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] "new" chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b73f96fb by Moritz Muehlenhoff at 2019-12-24T09:09:44Z "new" chromium issue NFUs - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: = data/CVE/list = @@ -19117,15 +19117,15 @@ CVE-2019-15602 CVE-2019-15601 RESERVED CVE-2019-15600 (A Path traversal exists in http_server which allows an attacker to rea ...) - TODO: check + NOT-FOR-US: Node module http_server CVE-2019-15599 (A Code Injection exists in tree-kill on Windows which allows a remote ...) - TODO: check + NOT-FOR-US: Node module tree-kill CVE-2019-15598 (A Code Injection exists in treekill on Windows which allows a remote c ...) - TODO: check + NOT-FOR-US: Node module treekill CVE-2019-15597 (A code injection exists in node-df v0.1.4 that can allow an attacker t ...) - TODO: check + NOT-FOR-US: Node module node-df CVE-2019-15596 (A path traversal in statics-server exists in all version that allows a ...) - TODO: check + NOT-FOR-US: Node module statics-server CVE-2019-15595 (A privilege escalation exists in UniFi Video Controller =<3.10.6 th ...) NOT-FOR-US: UniFi Video Controller CVE-2019-15594 @@ -21581,7 +21581,6 @@ CVE-2019-14855 [WoT forgeries using SHA-1] NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c4f2d9e3e1d77d2f1f168764fcdfed32f7d1dfc4 NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=7d9aad63c4f1aefe97da61baf5acd96c12c0278e NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=dd18be979e138dd3712315ee390463e8ee1fe8c1 - TODO: check for details, possibly more commits? CVE-2019-14854 RESERVED NOT-FOR-US: OpenShift @@ -25296,7 +25295,8 @@ CVE-2019-13673 (Insufficient data validation in developer tools in Google Chrome {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13672 (Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.7 ...) - TODO: check + {DSA-4562-1} + - chromium 78.0.3904.87-1 CVE-2019-13671 (UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a ...) {DSA-4562-1} - chromium 78.0.3904.87-1 @@ -29293,9 +29293,9 @@ CVE-2019-12570 (A SQL injection vulnerability in the Xpert Solution "Server Stat CVE-2019-12569 (A vulnerability in Viber before 10.7.0 for Desktop (Windows) could all ...) NOT-FOR-US: Viber CVE-2019-12568 (Stack-based overflow vulnerability in the logMess function in Open TFT ...) - TODO: check + NOT-FOR-US: Open TFTP Server CVE-2019-12567 (Stack-based overflow vulnerability in the logMess function in Open TFT ...) - TODO: check + NOT-FOR-US: Open TFTP Server CVE-2019-12566 (The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS i ...) NOT-FOR-US: WP Statistics plugin for WordPress CVE-2019-12565 @@ -32986,7 +32986,7 @@ CVE-2019-11296 CVE-2019-11295 RESERVED CVE-2019-11294 (Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows spac ...) - TODO: check + NOT-FOR-US: Cloud Foundry CVE-2019-11293 (Cloud Foundry UAA Release, versions prior to v74.10.0, when set to log ...) NOT-FOR-US: Cloud Foundry UAA Release CVE-2019-11292 @@ -34407,7 +34407,7 @@ CVE-2019-10773 (In Yarn before 1.21.1, the package install functionality can be NOTE: https://github.com/yarnpkg/yarn/commit/039bafd74b7b1a88a53a54f8fa6fa872615e90e7 NOTE: https://snyk.io/vuln/SNYK-JS-YARN-537806 CVE-2019-10772 (It is possible to bypass enshrined/svg-sanitize before 0.13.1 using th ...) - TODO: check + NOT-FOR-US: svg-sanitize CVE-2019-10771 (Characters in the GET url path are not properly escaped and can be ref ...) NOT-FOR-US: IOBroker CVE-2019-10770 @@ -40780,7 +40780,7 @@ CVE-2019-8851 CVE-2019-8850 RESERVED CVE-2019-8849 (The issue was addressed by signaling that an executable stack is not r ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8848 RESERVED CVE-2019-8847 @@ -40864,7 +40864,7 @@ CVE-2019-8819 (Multiple memory corruption issues were addressed with improved me CVE-2019-8818 RESERVED CVE-2019-8817 (A validation issue was addressed with improved input sanitization. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8816 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.1-1 @@ -40914,7 +40914,7 @@ CVE-2019-8808 (Multiple memory corruption issues were addressed with improved me CVE-2019-8807 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8806 (A memory corruption issue was addressed with improved validation. This ...) - TODO
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 929fbf19 by Moritz Muehlenhoff at 2019-12-17T22:40:34Z new chromium issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24516,6 +24516,7 @@ CVE-2019-13768 RESERVED CVE-2019-13767 RESERVED + - chromium CVE-2019-13766 RESERVED CVE-2019-13765 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/929fbf196ab3113ec48a8f8d193d352ded733b5d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/929fbf196ab3113ec48a8f8d193d352ded733b5d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f5274c04 by Moritz Muehlenhoff at 2019-08-28T08:17:54Z new chromium issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -28150,6 +28150,7 @@ CVE-2019-5870 RESERVED CVE-2019-5869 RESERVED + - chromium CVE-2019-5868 RESERVED {DSA-4500-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5274c04033157e87ae98c85b9442ff75b741672 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5274c04033157e87ae98c85b9442ff75b741672 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5e1a611b by Moritz Muehlenhoff at 2019-01-03T13:04:25Z new chromium issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4081,8 +4081,9 @@ CVE-2018-20075 RESERVED CVE-2018-20074 RESERVED -CVE-2018-20073 +CVE-2018-20073 [chromium stores download meta data in extended attributes] RESERVED + - chromium CVE-2018-20072 RESERVED CVE-2018-20071 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5e1a611bb46c35c41c525f46a8d231e2614e1d6a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5e1a611bb46c35c41c525f46a8d231e2614e1d6a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 398fbe2a by Moritz Muehlenhoff at 2018-11-19T22:28:08Z new chromium issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4878,6 +4878,8 @@ CVE-2018-17480 RESERVED CVE-2018-17479 RESERVED + - chromium-browser + [jessie] - chromium-browser (End of life, see DSA 4020) CVE-2018-17478 RESERVED {DSA-4340-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/398fbe2a6bf59112ac67ac762267c2d9e30960ff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/398fbe2a6bf59112ac67ac762267c2d9e30960ff You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: fac307bb by Moritz Muehlenhoff at 2018-11-11T11:38:11Z new chromium issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4088,6 +4088,8 @@ CVE-2018-17479 RESERVED CVE-2018-17478 RESERVED + - chromium-browser + [jessie] - chromium-browser (End of life, see DSA 4020) CVE-2018-17477 RESERVED {DSA-4330-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fac307bbfab0e50c2d1b6f46fd1b99a874d31a1b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fac307bbfab0e50c2d1b6f46fd1b99a874d31a1b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 2371e479 by Moritz Muehlenhoff at 2018-06-12T23:05:58+02:00 new chromium issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -16182,6 +16182,8 @@ CVE-2018-6150 RESERVED CVE-2018-6149 RESERVED + - chromium-browser + [jessie] - chromium-browser (End of life, see DSA 4020) CVE-2018-6148 RESERVED - chromium-browser 67.0.3396.79-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2371e479e54985f3b37a1781170619a8fd22137d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2371e479e54985f3b37a1781170619a8fd22137d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3d3d4328 by Moritz Muehlenhoff at 2018-06-07T10:41:20+02:00 new chromium issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -15180,6 +15180,8 @@ CVE-2018-6149 RESERVED CVE-2018-6148 RESERVED + - chromium-browser + [jessie] - chromium-browser (End of life, see DSA 4020) CVE-2018-6147 RESERVED - chromium-browser 67.0.3396.62-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d3d432815b3f9ca4020f9adb0123339d477cb8a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d3d432815b3f9ca4020f9adb0123339d477cb8a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits