[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
13ddf373 by security tracker role at 2019-04-17T08:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7799,7 +7799,7 @@ CVE-2019-8326
 	RESERVED
 CVE-2019-8325 [Escape sequence injection vulnerability in errors]
 	RESERVED
-	{DLA-1735-1}
+	{DSA-4433-1 DLA-1735-1}
 	- ruby2.5 2.5.5-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -7810,7 +7810,7 @@ CVE-2019-8325 [Escape sequence injection vulnerability in errors]
 	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
 CVE-2019-8324 [Installing a malicious gem may lead to arbitrary code execution]
 	RESERVED
-	{DLA-1735-1}
+	{DSA-4433-1 DLA-1735-1}
 	- ruby2.5 2.5.5-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -7821,7 +7821,7 @@ CVE-2019-8324 [Installing a malicious gem may lead to arbitrary code execution]
 	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
 CVE-2019-8323 [Escape sequence injection vulnerability in API response handling]
 	RESERVED
-	{DLA-1735-1}
+	{DSA-4433-1 DLA-1735-1}
 	- ruby2.5 2.5.5-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -7832,7 +7832,7 @@ CVE-2019-8323 [Escape sequence injection vulnerability in API response handling]
 	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
 CVE-2019-8322 [Escape sequence injection vulnerability in gem owner]
 	RESERVED
-	{DLA-1735-1}
+	{DSA-4433-1 DLA-1735-1}
 	- ruby2.5 2.5.5-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -7843,6 +7843,7 @@ CVE-2019-8322 [Escape sequence injection vulnerability in gem owner]
 	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
 CVE-2019-8321 [Escape sequence injection vulnerability in verbose]
 	RESERVED
+	{DSA-4433-1}
 	- ruby2.5 2.5.5-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -7854,7 +7855,7 @@ CVE-2019-8321 [Escape sequence injection vulnerability in verbose]
 	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
 CVE-2019-8320 [Delete directory using symlink when decompressing tar]
 	RESERVED
-	{DLA-1735-1}
+	{DSA-4433-1 DLA-1735-1}
 	- ruby2.5 2.5.5-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -10665,8 +10666,7 @@ CVE-2019-7156 (In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows
 	- catdoc <unfixed> (unimportant)
 	NOTE: https://github.com/uvoteam/libdoc/issues/5
 	NOTE: catdoc embeds the code; crash in CLI tool, no security impact
-CVE-2019-7155
-	RESERVED
+CVE-2019-7155 (An issue was discovered in GitLab Community and Enterprise Edition 9.x ...)
 	- gitlab 11.5.10+dfsg-1 (bug #921059)
 	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
 CVE-2019-7154 (The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap- ...)
@@ -12892,7 +12892,7 @@ CVE-2019-6253
 	RESERVED
 CVE-2019-6252
 	RESERVED
-CVE-2019-6251 (embed/ephy-web-view.c in GNOME Web (aka Epiphany) through 3.31.4 allow ...)
+CVE-2019-6251 (WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to add ...)
 	- webkit2gtk 2.24.1-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/13ddf37364219e5671160112db7460caec6e4820

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/13ddf37364219e5671160112db7460caec6e4820
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190417/db50f632/attachment-0001.html>