[Git][security-tracker-team/security-tracker][master] new libsass issues
Moritz Muehlenhoff
jmm at debian.org
Wed Dec 5 11:08:16 GMT 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bdaf8f77 by Moritz Muehlenhoff at 2018-12-05T11:07:42Z
new libsass issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -44,11 +44,19 @@ CVE-2018-19840 (The function WavpackPackInit in pack_utils.c in libwavpack.a in
NOTE: https://github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51
NOTE: https://github.com/dbry/WavPack/issues/53
CVE-2018-19839 (In LibSass prior to 3.5.5, the function handle_error in ...)
- TODO: check
+ - libsass <unfixed>
+ [stretch] - libsass <no-dsa> (Minor issue)
+ NOTE: https://github.com/sass/libsass/issues/2657
+ NOTE: https://github.com/sass/libsass/pull/2767
CVE-2018-19838 (In LibSass prior to 3.5.5, functions inside ast.cpp for ...)
- TODO: check
+ - libsass <unfixed>
+ [stretch] - libsass <no-dsa> (Minor issue)
+ NOTE: https://github.com/sass/libsass/issues/2660
CVE-2018-19837 (In LibSass prior to 3.5.5, ...)
- TODO: check
+ - libsass <unfixed>
+ [stretch] - libsass <no-dsa> (Minor issue)
+ NOTE: https://github.com/sass/libsass/commit/210fdff7a65370c2ae24e022a2b35da8c423cc5f
+ NOTE: https://github.com/sass/libsass/issues/2659
CVE-2018-19836 (In Metinfo 6.1.3, include/interface/applogin.php allows setting ...)
NOT-FOR-US: Metinfo
CVE-2018-19835 (Metinfo 6.1.3 has reflected XSS via the admin/column/move.php ...)
@@ -68,9 +76,13 @@ CVE-2018-19829
CVE-2018-19828
RESERVED
CVE-2018-19827 (In LibSass 3.5.5, a use-after-free vulnerability exists in the ...)
- TODO: check
+ - libsass <unfixed>
+ [stretch] - libsass <no-dsa> (Minor issue)
+ NOTE: https://github.com/sass/libsass/issues/2782
CVE-2018-19826 (In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an ...)
- TODO: check
+ - libsass <unfixed>
+ [stretch] - libsass <no-dsa> (Minor issue)
+ NOTE: https://github.com/sass/libsass/issues/2781
CVE-2018-19825
RESERVED
CVE-2018-19824 (In the Linux kernel through 4.19.6, a local user could exploit a ...)
@@ -133,7 +145,9 @@ CVE-2018-19799
CVE-2018-19798
RESERVED
CVE-2018-19797 (In LibSass 3.5.5, a NULL Pointer Dereference in the function ...)
- TODO: check
+ - libsass <unfixed>
+ [stretch] - libsass <no-dsa> (Minor issue)
+ NOTE: https://github.com/sass/libsass/issues/2779
CVE-2018-19796 (An open redirect in the Ninja Forms plugin before 3.3.19.1 for ...)
NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2018-19795 (ChipsBank UMPTool saves the password to the NAND with a simple ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bdaf8f773ea74be5349eb41725b7bfa46b7987e6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bdaf8f773ea74be5349eb41725b7bfa46b7987e6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181205/6d03ae8a/attachment.html>
More information about the debian-security-tracker-commits
mailing list