[Git][security-tracker-team/security-tracker][master] dolibarr removed from jessie in 8.11
Salvatore Bonaccorso
carnil at debian.org
Sat Jun 23 10:02:43 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e143d792 by Salvatore Bonaccorso at 2018-06-23T11:02:22+02:00
dolibarr removed from jessie in 8.11
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6668,15 +6668,12 @@ CVE-2018-10096 (joyplus-cms 1.6.0 has XSS via the device_name parameter in a ...
NOT-FOR-US: joyplus-cms
CVE-2018-10095 (Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 ...)
- dolibarr <removed>
- [jessie] - dolibarr <ignored> (Scheduled for removal)
CVE-2018-10094 (SQL injection vulnerability in Dolibarr before 7.0.2 allows remote ...)
- dolibarr <removed>
- [jessie] - dolibarr <ignored> (Scheduled for removal)
CVE-2018-10093
RESERVED
CVE-2018-10092 (The admin panel in Dolibarr before 7.0.2 might allow remote attackers ...)
- dolibarr <removed>
- [jessie] - dolibarr <ignored> (Scheduled for removal)
CVE-2018-10091
RESERVED
CVE-2018-10090
@@ -6935,10 +6932,8 @@ CVE-2018-10000 (The Video Downloader professional extension before 2018-04-05 fo
NOT-FOR-US: The Video Downloader professional extension for Chrome
CVE-2017-18260 (Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities ...)
- dolibarr <removed>
- [jessie] - dolibarr <ignored> (Scheduled for removal)
CVE-2017-18259 (Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in ...)
- dolibarr <removed>
- [jessie] - dolibarr <ignored> (Scheduled for removal)
CVE-2018-9989 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer ...)
- mbedtls 2.8.0-1
[stretch] - mbedtls <no-dsa> (Minor issue)
@@ -9266,7 +9261,6 @@ CVE-2018-9020 (The Events Manager plugin before 5.8.1.2 for WordPress allows XSS
NOT-FOR-US: Wordpress plugin
CVE-2018-9019 (SQL Injection vulnerability in Dolibarr before version 7.0.2 allows ...)
- dolibarr <removed>
- [jessie] - dolibarr <ignored> (Scheduled for removal)
NOTE: https://github.com/Dolibarr/dolibarr/commit/83b762b681c6dfdceb809d26ce95f3667b614739
CVE-2018-9018 (In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage ...)
{DLA-1322-1}
@@ -16884,7 +16878,6 @@ CVE-2017-1000510 (Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripti
NOT-FOR-US: Croogo
CVE-2017-1000509 (Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) ...)
- dolibarr <removed>
- [jessie] - dolibarr <ignored> (Scheduled for removal)
NOTE: https://github.com/Dolibarr/dolibarr/issues/7727
CVE-2017-1000508 (Invoice Plane version 1.5.4 and earlier contains a Cross Site ...)
NOT-FOR-US: Invoice Plane
@@ -23983,7 +23976,6 @@ CVE-2017-17972
RESERVED
CVE-2017-17971 (The test_sql_and_script_inject function in htdocs/main.inc.php in ...)
- dolibarr <removed> (bug #885828)
- [jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/issues/8000
CVE-2018-3809 (Information exposure through directory listings in serve 6.5.3 allows ...)
NOT-FOR-US: serve nodejs module
@@ -24647,20 +24639,16 @@ CVE-2017-17901 (ZyXEL P-660HW v3 devices allow remote attackers to cause a denia
NOT-FOR-US: ZyXEL
CVE-2017-17900 (SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM ...)
- dolibarr <removed> (bug #885321)
- [jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
CVE-2017-17899 (SQL injection vulnerability in adherents/subscription/info.php in ...)
- dolibarr <removed> (bug #885321)
- [jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
CVE-2017-17898 (Dolibarr ERP/CRM version 6.0.4 does not block direct requests to ...)
- dolibarr <removed> (bug #885321)
- [jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
NOTE: https://github.com/Dolibarr/dolibarr/commit/6a62e139604dbbd5729e57df2433b37a5950c35c
CVE-2017-17897 (SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM ...)
- dolibarr <removed> (bug #885321)
- [jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
CVE-2017-17896 (Readymade Job Site Script has XSS via the keyword parameter to the /job ...)
NOT-FOR-US: Readymade Job Site Script
@@ -43807,23 +43795,18 @@ CVE-2017-14243 (An authentication bypass vulnerability on UTStar WA3002G4 ADSL .
NOT-FOR-US: UTStar
CVE-2017-14242 (SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 ...)
- dolibarr <removed> (bug #885319)
- [jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/commit/33e2179b65331d9d9179b59d746817c5be1fecdb
CVE-2017-14241 (Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 ...)
- dolibarr <removed> (bug #885320)
- [jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548
CVE-2017-14240 (There is a sensitive information disclosure vulnerability in ...)
- dolibarr <removed> (bug #885320)
- [jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548
CVE-2017-14239 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM ...)
- dolibarr <removed> (bug #885320)
- [jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548
CVE-2017-14238 (SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM ...)
- dolibarr <removed> (bug #885320)
- [jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548
CVE-2017-14237
RESERVED
@@ -55191,13 +55174,10 @@ CVE-2017-9841 (Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5
NOTE: http://phpunit.vulnbusters.com/
CVE-2017-9840 (Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload ...)
- dolibarr <removed> (bug #867495)
- [jessie] - dolibarr <no-dsa> (Minor issue)
CVE-2017-9839 (Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 ...)
- dolibarr <removed>
- [jessie] - dolibarr <ignored> (Scheduled for removal)
CVE-2017-9838 (Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting ...)
- dolibarr <removed>
- [jessie] - dolibarr <ignored> (Scheduled for removal)
CVE-2017-9837
REJECTED
CVE-2017-9836 (Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote ...)
@@ -58075,7 +58055,6 @@ CVE-2017-9436 (TeamPass before 2.1.27.4 is vulnerable to a SQL injection in ...)
NOT-FOR-US: TeamPass
CVE-2017-9435 (Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in ...)
- dolibarr 5.0.4+dfsg3-1 (bug #864569)
- [jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/commit/70636cc59ffa1ffbc0ce3dba315d7d9b837aad04
CVE-2017-9434 (Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read ...)
- libcrypto++ 5.6.4-7 (bug #864214)
@@ -60017,7 +59996,6 @@ CVE-2017-8880
RESERVED
CVE-2017-8879 (Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the ...)
- dolibarr 5.0.4+dfsg3-1 (bug #863544)
- [jessie] - dolibarr <no-dsa> (Minor issue)
CVE-2017-8878 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 ...)
NOT-FOR-US: ASUS
CVE-2017-8877 (ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 ...)
@@ -62820,15 +62798,12 @@ CVE-2017-7890 (The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c
NOTE: https://github.com/libgd/libgd/commit/c613bc169802bb4b639ee2e15c61b25b80a88424
CVE-2017-7888 (Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which ...)
- dolibarr 5.0.4+dfsg3-1 (bug #863544)
- [jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
CVE-2017-7887 (Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall ...)
- dolibarr 5.0.4+dfsg3-1 (bug #863544)
- [jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
CVE-2017-7886 (Dolibarr ERP/CRM 4.0.4 has SQL Injection in ...)
- dolibarr 5.0.4+dfsg3-1 (bug #863544)
- [jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to ...)
{DSA-3855-1 DLA-942-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e143d7920f02241dad14148d156f1742796e9653
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e143d7920f02241dad14148d156f1742796e9653
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180623/00aab9da/attachment.html>
More information about the debian-security-tracker-commits
mailing list