[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] civicrm fixed
Moritz Muehlenhoff
jmm at debian.org
Mon Mar 19 16:07:56 UTC 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
59c7b74c by Moritz Muehlenhoff at 2018-03-19T17:07:25+01:00
civicrm fixed
also rewrite older NFU entries
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,6 @@
+CVE-2018-XXXX [Multiple vulnerabilities in CiviCRM]
+ - civicrm 4.7.30+dfsg-1 (bug #887330)
+ NOTE: https://civicrm.org/blog/dev-team/security-release-civicrm-4726-and-4633-monthly-release-4727
CVE-2017-18240 (The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ...)
TODO: check
CVE-2018-8776
@@ -159424,7 +159427,7 @@ CVE-2013-5960 (The authenticated-encryption feature in the symmetric-encryption
CVE-2013-5958 (The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before ...)
NOT-FOR-US: Symfony
CVE-2013-5957 (Multiple SQL injection vulnerabilities in ...)
- NOT-FOR-US: CiviCRM
+ - civicrm <not-affected> (Fixed before initial upload to the archive)
CVE-2013-5956 (Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php ...)
NOT-FOR-US: Joomla plugin
CVE-2013-5955 (Cross-site scripting (XSS) vulnerability in manage.php in the ...)
@@ -162564,9 +162567,9 @@ CVE-2013-4664
CVE-2013-4663 (git_http_controller.rb in the redmine_git_hosting plugin for Redmine ...)
NOT-FOR-US: Redmine plugin redmine_git_hosting
CVE-2013-4662 (The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through ...)
- NOT-FOR-US: CiviCRM
+ - civicrm <not-affected> (Fixed before initial upload to the archive)
CVE-2013-4661 (CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly ...)
- NOT-FOR-US: CiviCRM
+ - civicrm <not-affected> (Fixed before initial upload to the archive)
CVE-2013-4660 (The JS-YAML module before 2.0.5 for Node.js parses input without ...)
NOT-FOR-US: js-yaml
CVE-2013-4659 (Buffer overflow in Broadcom ACSD allows remote attackers to execute ...)
@@ -177591,8 +177594,7 @@ CVE-2011-5241 (Services_Twitter 0.6.3 does not verify that the server hostname .
CVE-2011-5240 (Magento 1.5 and 1.6.2 does not verify that the server hostname matches ...)
NOT-FOR-US: Magento
CVE-2011-5239 (CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname ...)
- NOT-FOR-US: CiviCRM
- NOTE: RFP #645700
+ - civicrm <not-affected> (Fixed before initial upload to the archive)
CVE-2011-5238 (google-checkout-php-sample-code before 1.3.2 does not verify that the ...)
NOT-FOR-US: google-checkout-php-sample-code
CVE-2011-5237 (PayPal WPS ToolKit does not verify that the server hostname matches a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/59c7b74c72fc0a47dedfe91fe9ed96f5d3553921
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/59c7b74c72fc0a47dedfe91fe9ed96f5d3553921
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180319/32b393ee/attachment.html>
More information about the Secure-testing-commits
mailing list