[Git][security-tracker-team/security-tracker][master] 5 commits: Add reference to advisory for CVE-2019-10913

Thu Apr 18 18:28:57 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f9e020d by Salvatore Bonaccorso at 2019-04-18T17:28:39Z
Add reference to advisory for CVE-2019-10913

- - - - -
0fae0bf3 by Salvatore Bonaccorso at 2019-04-18T17:28:39Z
Add reference to advisory for CVE-2019-10912

- - - - -
4a69e7cb by Salvatore Bonaccorso at 2019-04-18T17:28:40Z
Add reference to advisory for CVE-2019-10911

- - - - -
830380f6 by Salvatore Bonaccorso at 2019-04-18T17:28:41Z
Add reference to advisory for CVE-2019-10910

- - - - -
c9c98c76 by Salvatore Bonaccorso at 2019-04-18T17:28:42Z
Add reference to advisory for CVE-2019-10909

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -805,24 +805,29 @@ CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside Se
 CVE-2019-10913
 	RESERVED
 	- symfony 3.4.22+dfsg-2
+	NOTE: https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides
 CVE-2019-10912
 	RESERVED
 	- symfony 3.4.22+dfsg-2
+	NOTE: https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized
 CVE-2019-10911
 	RESERVED
 	- drupal7 <not-affected> (Drupal 7 core not affected)
 	- symfony 3.4.22+dfsg-2
 	NOTE: https://www.drupal.org/SA-CORE-2019-005
+	NOTE: https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
 CVE-2019-10910
 	RESERVED
 	- drupal7 <not-affected> (Drupal 7 core not affected)
 	- symfony 3.4.22+dfsg-2
 	NOTE: https://www.drupal.org/SA-CORE-2019-005
+	NOTE: https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
 CVE-2019-10909
 	RESERVED
 	- drupal7 <not-affected> (Drupal 7 core not affected)
 	- symfony 3.4.22+dfsg-2
 	NOTE: https://www.drupal.org/SA-CORE-2019-005
+	NOTE: https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
 CVE-2019-10908 (In Airsonic 10.2.1, RecoverController.java generates passwords via org ...)
 	NOT-FOR-US: Airsonic
 CVE-2019-10907 (Airsonic 10.2.1 uses Spring's default remember-me mechanism based on M ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9caffffbb08394762b687befe7e3bb6a175a9dc9...c9c98c760e482b62092ba84999226ec8543b66d1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9caffffbb08394762b687befe7e3bb6a175a9dc9...c9c98c760e482b62092ba84999226ec8543b66d1
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190418/5a768430/attachment.html>
