[Git][security-tracker-team/security-tracker][master] automatic update

Sun Apr 7 21:10:29 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
98d631b4 by security tracker role at 2019-04-07T20:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2019-10913
+	RESERVED
+CVE-2019-10912
+	RESERVED
+CVE-2019-10911
+	RESERVED
+CVE-2019-10910
+	RESERVED
+CVE-2019-10909
+	RESERVED
+CVE-2019-10908 (In Airsonic 10.2.1, RecoverController.java generates passwords via org ...)
+	TODO: check
+CVE-2019-10907 (Airsonic 10.2.1 uses Spring's default remember-me mechanism based on M ...)
+	TODO: check
 CVE-2019-10906 (In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape ...)
 	- jinja2 <unfixed> (bug #926602)
 	NOTE: https://palletsprojects.com/blog/jinja-2-10-1-released/
@@ -5,6 +19,7 @@ CVE-2019-10906 (In Pallets Jinja before 2.10.1, str.format_map allows a sandbox
 CVE-2019-10905 (Parsedown before 1.7.2, when safe mode is used and HTML markup is disa ...)
 	NOT-FOR-US: Parsedown
 CVE-2019-10904 (Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and r ...)
+	{DLA-1750-1}
 	- roundup <removed> (bug #926587)
 	NOTE: https://github.com/python/bugs.python.org/issues/34
 	NOTE: https://issues.roundup-tracker.org/issue2551035
@@ -353,10 +368,10 @@ CVE-2019-10743
 	RESERVED
 CVE-2019-10742
 	RESERVED
-CVE-2019-10741
-	RESERVED
-CVE-2019-10740
-	RESERVED
+CVE-2019-10741 (K-9 Mail v5.600 can include the original quoted HTML code of a special ...)
+	TODO: check
+CVE-2019-10740 (In Roundcube Webmail 1.3.4, an attacker in possession of S/MIME or PGP ...)
+	TODO: check
 CVE-2019-10739
 	RESERVED
 CVE-2019-10738
@@ -365,14 +380,14 @@ CVE-2019-10737
 	RESERVED
 CVE-2019-10736
 	RESERVED
-CVE-2019-10735
-	RESERVED
-CVE-2019-10734
-	RESERVED
+CVE-2019-10735 (In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encry ...)
+	TODO: check
+CVE-2019-10734 (In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypt ...)
+	TODO: check
 CVE-2019-10733
 	RESERVED
-CVE-2019-10732
-	RESERVED
+CVE-2019-10732 (In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypt ...)
+	TODO: check
 CVE-2019-10731
 	RESERVED
 CVE-2019-10730
@@ -491,6 +506,7 @@ CVE-2019-1003052 (Jenkins AWS Elastic Beanstalk Publisher Plugin stores credenti
 CVE-2019-1003051 (Jenkins IRC Plugin stores credentials unencrypted in its global config ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2019-10868 (In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 befo ...)
+	{DSA-4426-1}
 	- tryton-server 5.0.4-2
 	[jessie] - tryton-server <not-affected> (vulnerable code is not present)
 	NOTE: https://discuss.tryton.org/t/security-release-for-issue8189/1262



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/98d631b4b8c97d682f8cfc1dc66b7c144484f084

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/98d631b4b8c97d682f8cfc1dc66b7c144484f084
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190407/c2d31b1e/attachment-0001.html>
