[Git][security-tracker-team/security-tracker][master] Associate CVE-2018-1999022 with civicrm issue
Salvatore Bonaccorso
carnil at debian.org
Tue Jul 24 06:17:15 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d69b8a02 by Salvatore Bonaccorso at 2018-07-24T07:15:59+02:00
Associate CVE-2018-1999022 with civicrm issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,8 +1,6 @@
CVE-2018-1999024 (MathJax version prior to version 2.7.4 contains a Cross Site Scripting ...)
- mathjax 2.7.4+dfsg-1
NOTE: https://github.com/mathjax/MathJax/commit/a55da396c18cafb767a26aa9ad96f6f4199852f1
-CVE-2018-1999022 (PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) ...)
- TODO: check
CVE-2018-1999021 (Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) ...)
NOT-FOR-US: Gleezcms Gleez Cms
CVE-2018-1999020 (Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier ...)
@@ -219,7 +217,7 @@ CVE-2018-14493
RESERVED
CVE-2018-14492 (Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, ...)
NOT-FOR-US: Tenda devices
-CVE-2018-XXXX [CIVI-SA-2018-07: Remote code execution in QuickForm]
+CVE-2018-1999022 [CIVI-SA-2018-07: Remote code execution in QuickForm]
- civicrm 5.3.1+dfsg-1 (bug #904215)
NOTE: https://civicrm.org/advisory/civi-sa-2018-07-remote-code-execution-in-quickform
CVE-2018-14491
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d69b8a02bdef0b6520faf5b6511ec84fdb2d213f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d69b8a02bdef0b6520faf5b6511ec84fdb2d213f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180724/c19d7297/attachment.html>
More information about the debian-security-tracker-commits
mailing list