Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: bba8a0e0 by Salvatore Bonaccorso at 2018-01-19T10:40:10+01:00 Add CVE-2012-6708/jquery - - - - - 0da19d3f by Salvatore Bonaccorso at 2018-01-19T10:40:28+01:00 Cleanup trailing whitespaces - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -36,7 +36,10 @@ CVE-2016-10707 (jQuery before 3.0.0 is vulnerable to Denial of Service (DoS) due CVE-2015-9251 (jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks ...) TODO: check CVE-2012-6708 (jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) ...) - TODO: check + - jquery 1.11.3+dfsg-1 + NOTE: https://bugs.jquery.com/ticket/11290 + NOTE: https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d + NOTE: https://snyk.io/vuln/npm:jquery:20120206 CVE-2018-5776 [XSS vulnerability in MediaElement] - wordpress <unfixed> (bug #887596) NOTE: https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/ @@ -7641,7 +7644,7 @@ CVE-2018-2694 (Vulnerability in the Oracle VM VirtualBox component of Oracle ... CVE-2018-2693 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...) - virtualbox-guest-additions-iso 5.2.6-1 [jessie] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported) - [wheezy] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported) + [wheezy] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported) NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html CVE-2018-2692 (Vulnerability in the Oracle Financial Services Asset Liability ...) NOT-FOR-US: Oracle View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/895e749b3fc7ba8c28f4bede5a27687cac8f6609...0da19d3fdad37079f2ba292c0d488aba2a1cbeb8 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/895e749b3fc7ba8c28f4bede5a27687cac8f6609...0da19d3fdad37079f2ba292c0d488aba2a1cbeb8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits