[Git][security-tracker-team/security-tracker][master] 5 commits: Add reference to advisory for CVE-2019-10913
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 18 18:28:57 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4f9e020d by Salvatore Bonaccorso at 2019-04-18T17:28:39Z
Add reference to advisory for CVE-2019-10913
- - - - -
0fae0bf3 by Salvatore Bonaccorso at 2019-04-18T17:28:39Z
Add reference to advisory for CVE-2019-10912
- - - - -
4a69e7cb by Salvatore Bonaccorso at 2019-04-18T17:28:40Z
Add reference to advisory for CVE-2019-10911
- - - - -
830380f6 by Salvatore Bonaccorso at 2019-04-18T17:28:41Z
Add reference to advisory for CVE-2019-10910
- - - - -
c9c98c76 by Salvatore Bonaccorso at 2019-04-18T17:28:42Z
Add reference to advisory for CVE-2019-10909
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -805,24 +805,29 @@ CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside Se
CVE-2019-10913
RESERVED
- symfony 3.4.22+dfsg-2
+ NOTE: https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides
CVE-2019-10912
RESERVED
- symfony 3.4.22+dfsg-2
+ NOTE: https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized
CVE-2019-10911
RESERVED
- drupal7 <not-affected> (Drupal 7 core not affected)
- symfony 3.4.22+dfsg-2
NOTE: https://www.drupal.org/SA-CORE-2019-005
+ NOTE: https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
CVE-2019-10910
RESERVED
- drupal7 <not-affected> (Drupal 7 core not affected)
- symfony 3.4.22+dfsg-2
NOTE: https://www.drupal.org/SA-CORE-2019-005
+ NOTE: https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
CVE-2019-10909
RESERVED
- drupal7 <not-affected> (Drupal 7 core not affected)
- symfony 3.4.22+dfsg-2
NOTE: https://www.drupal.org/SA-CORE-2019-005
+ NOTE: https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
CVE-2019-10908 (In Airsonic 10.2.1, RecoverController.java generates passwords via org ...)
NOT-FOR-US: Airsonic
CVE-2019-10907 (Airsonic 10.2.1 uses Spring's default remember-me mechanism based on M ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9caffffbb08394762b687befe7e3bb6a175a9dc9...c9c98c760e482b62092ba84999226ec8543b66d1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9caffffbb08394762b687befe7e3bb6a175a9dc9...c9c98c760e482b62092ba84999226ec8543b66d1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190418/5a768430/attachment.html>
More information about the debian-security-tracker-commits
mailing list