[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Apr 16 21:10:33 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
27048f6f by security tracker role at 2019-04-16T20:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -484,6 +484,7 @@ CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has
 	- poppler <unfixed> (bug #926721)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/752
 CVE-2019-11025 (In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping o ...)
+	{DLA-1757-1}
 	- cacti 1.2.2+ds1-2 (low; bug #926700)
 	[stretch] - cacti <no-dsa> (Minor issue)
 	NOTE: https://github.com/Cacti/cacti/issues/2581
@@ -3878,8 +3879,8 @@ CVE-2019-9857 (In the Linux kernel through 5.0.2, the function inotify_update_ex
 	NOTE: https://git.kernel.org/linus/62c9d2674b31d4c8a674bee86b7edc6da2803aea
 CVE-2019-9846 (RockOA 1.8.7 allows remote attackers to obtain sensitive information b ...)
 	NOT-FOR-US: RockOA
-CVE-2019-9845
-	RESERVED
+CVE-2019-9845 (madskristensen Miniblog.Core through 2019-01-16 allows remote attacker ...)
+	TODO: check
 CVE-2019-9844 (simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows ...)
 	NOT-FOR-US: Khan Academy simple-markdown
 CVE-2019-9843 (In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and befo ...)
@@ -18242,6 +18243,7 @@ CVE-2019-3840 (A NULL pointer dereference flaw was discovered in libvirt before
 CVE-2019-3839
 	RESERVED
 CVE-2019-3838 (It was found that the forceput operator could be extracted from the De ...)
+	{DSA-4432-1}
 	[experimental] - ghostscript 9.27~~dc1~dfsg-1
 	- ghostscript 9.27~dfsg-1 (bug #925257)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/03/21/1
@@ -18261,6 +18263,7 @@ CVE-2019-3836 (It was discovered in gnutls before version 3.6.7 upstream that th
 	NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27
 	NOTE: Upstream versions affected are 3.6.3 and later before 3.6.7
 CVE-2019-3835 (It was found that the superexec operator was available in the internal ...)
+	{DSA-4432-1}
 	[experimental] - ghostscript 9.27~~dc1~dfsg-1
 	- ghostscript 9.27~dfsg-1 (bug #925256)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/03/21/1
@@ -24403,8 +24406,8 @@ CVE-2018-19973
 	RESERVED
 CVE-2018-19972
 	RESERVED
-CVE-2018-19971
-	RESERVED
+CVE-2018-19971 (JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. ...)
+	TODO: check
 CVE-2018-19970 (In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navi ...)
 	{DLA-1658-1}
 	- phpmyadmin <unfixed>
@@ -32192,8 +32195,8 @@ CVE-2018-18491
 	RESERVED
 CVE-2018-18490
 	RESERVED
-CVE-2018-18489
-	RESERVED
+CVE-2018-18489 (The ping feature in the Diagnostic functionality on TP-LINK WR840N v2  ...)
+	TODO: check
 CVE-2018-18488 (In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injectio ...)
 	NOT-FOR-US: Gxlcms
 CVE-2018-18487 (In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database ...)
@@ -47115,7 +47118,7 @@ CVE-2018-12655 (Reflected Cross-Site Scripting (XSS) exists in the Circulation m
 	NOT-FOR-US: SLiMS 8 Akasia
 CVE-2018-12654 (Reflected Cross-Site Scripting (XSS) exists in the Bibliography module ...)
 	NOT-FOR-US: SLiMS 8 Akasia
-CVE-2018-12653 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
+CVE-2018-12653 (A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenal ...)
 	NOT-FOR-US: Adrenalin HRMS Software
 CVE-2018-12652 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
 	NOT-FOR-US: Adrenalin HRMS Software



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/27048f6fe5b09e5de296437cd8751e7f5cc4e483

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/27048f6fe5b09e5de296437cd8751e7f5cc4e483
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190416/255c8fde/attachment.html>

More information about the debian-security-tracker-commits mailing list