[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 13 09:13:50 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c9e8d23d by security tracker role at 2019-08-13T08:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2019-14992
+ RESERVED
+CVE-2019-14991
+ RESERVED
+CVE-2019-14990
+ RESERVED
+CVE-2019-14989
+ RESERVED
+CVE-2019-14988
+ RESERVED
+CVE-2019-14987 (Adive Framework through 2.0.7 is affected by XSS in the Create New Tab ...)
+ TODO: check
+CVE-2019-14986
+ RESERVED
+CVE-2019-14985
+ RESERVED
+CVE-2019-14984
+ RESERVED
+CVE-2019-14983
+ RESERVED
+CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerability in ...)
+ TODO: check
+CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is ...)
+ TODO: check
+CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is ...)
+ TODO: check
+CVE-2019-14979
+ RESERVED
+CVE-2019-14978
+ RESERVED
+CVE-2019-14977
+ RESERVED
+CVE-2019-14976 (iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter ...)
+ TODO: check
+CVE-2019-14975
+ RESERVED
CVE-2019-14974
RESERVED
CVE-2019-14973
@@ -1042,6 +1078,8 @@ CVE-2019-14553
CVE-2019-14552
RESERVED
CVE-2017-18509 [IPv6 mroute missing type check]
+ RESERVED
+ {DSA-4497-1}
- linux 4.11.6-1
NOTE: https://git.kernel.org/linus/99253eb750fda6a644d5188fb26c43bad8d5a745
NOTE: https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-inetcsklistenstop-gpf
@@ -1907,6 +1945,7 @@ CVE-2019-14441 (An issue was discovered in Libav 12.3. An access violation allow
CVE-2019-14440
RESERVED
CVE-2019-14439 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
+ {DLA-1879-1}
- jackson-databind 2.9.9.3-1 (bug #933393)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2389
NOTE: https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b
@@ -2048,6 +2087,7 @@ CVE-2019-14380 (libopenmpt before 0.4.5 allows a crash during playback due to an
[stretch] - libopenmpt <not-affected> (Vulnerable code not present in 0.2 branch)
NOTE: https://lib.openmpt.org/libopenmpt/2019/05/27/security-update-0.4.5/
CVE-2019-14379 (SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mis ...)
+ {DLA-1879-1}
- jackson-databind 2.9.9.3-1 (bug #933393)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2387
NOTE: https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b
@@ -2131,8 +2171,8 @@ CVE-2019-14361
REJECTED
CVE-2019-14360
RESERVED
-CVE-2019-14359
- RESERVED
+CVE-2019-14359 (** DISPUTED ** On BC Vault devices, a side channel for the row-based S ...)
+ TODO: check
CVE-2019-14358
RESERVED
CVE-2019-14357 (** DISPUTED ** On Mooltipass Mini devices, a side channel for the row- ...)
@@ -5353,10 +5393,10 @@ CVE-2019-13420
RESERVED
CVE-2019-13419
RESERVED
-CVE-2019-13418
- RESERVED
-CVE-2019-13417
- RESERVED
+CVE-2019-13418 (Search Guard versions before 24.0 had an issue that values of string a ...)
+ TODO: check
+CVE-2019-13417 (Search Guard versions before 24.0 had an issue that field caps and map ...)
+ TODO: check
CVE-2019-13416
RESERVED
CVE-2019-13415
@@ -11592,12 +11632,14 @@ CVE-2019-11044
CVE-2019-11043
RESERVED
CVE-2019-11042 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
+ {DLA-1878-1}
- php7.3 7.3.8-1
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in 7.1.31, 7.2.21, 7.3.8
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78256
CVE-2019-11041 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
+ {DLA-1878-1}
- php7.3 7.3.8-1
- php7.0 <removed>
- php5 <removed>
@@ -25683,67 +25725,87 @@ CVE-2019-5869
RESERVED
CVE-2019-5868
RESERVED
+ {DSA-4500-1}
- chromium 76.0.3809.100-1
CVE-2019-5867
RESERVED
+ {DSA-4500-1}
- chromium 76.0.3809.100-1
CVE-2019-5866
RESERVED
CVE-2019-5865
RESERVED
+ {DSA-4500-1}
- chromium 76.0.3809.87-1
CVE-2019-5864
RESERVED
+ {DSA-4500-1}
- chromium 76.0.3809.87-1
CVE-2019-5863
RESERVED
- chromium <not-affected> (Windows-specific)
CVE-2019-5862
RESERVED
+ {DSA-4500-1}
- chromium 76.0.3809.87-1
CVE-2019-5861
RESERVED
+ {DSA-4500-1}
- chromium 76.0.3809.87-1
CVE-2019-5860
RESERVED
+ {DSA-4500-1}
- chromium 76.0.3809.87-1
CVE-2019-5859
RESERVED
+ {DSA-4500-1}
- chromium 76.0.3809.87-1
CVE-2019-5858
RESERVED
+ {DSA-4500-1}
- chromium 76.0.3809.87-1
CVE-2019-5857
RESERVED
+ {DSA-4500-1}
- chromium 76.0.3809.87-1
CVE-2019-5856
RESERVED
+ {DSA-4500-1}
- chromium 76.0.3809.87-1
CVE-2019-5855
RESERVED
+ {DSA-4500-1}
- chromium 76.0.3809.87-1
CVE-2019-5854
RESERVED
+ {DSA-4500-1}
- chromium 76.0.3809.87-1
CVE-2019-5853
RESERVED
+ {DSA-4500-1}
- chromium 76.0.3809.87-1
CVE-2019-5852
RESERVED
+ {DSA-4500-1}
- chromium 76.0.3809.87-1
CVE-2019-5851
RESERVED
+ {DSA-4500-1}
- chromium 76.0.3809.87-1
CVE-2019-5850
RESERVED
+ {DSA-4500-1}
- chromium 76.0.3809.87-1
CVE-2019-5849
RESERVED
+ {DSA-4500-1}
CVE-2019-5848
RESERVED
+ {DSA-4500-1}
- chromium 76.0.3809.87-1
CVE-2019-5847
RESERVED
+ {DSA-4500-1}
- chromium 76.0.3809.87-1
CVE-2019-5846
RESERVED
@@ -25755,36 +25817,50 @@ CVE-2019-5843
RESERVED
CVE-2019-5842
RESERVED
+ {DSA-4500-1}
- chromium 75.0.3770.90-1
CVE-2019-5841
RESERVED
CVE-2019-5840 (Incorrect security UI in popup blocker in Google Chrome on iOS prior t ...)
+ {DSA-4500-1}
- chromium 75.0.3770.80-1
CVE-2019-5839 (Excessive data validation in URL parser in Google Chrome prior to 75.0 ...)
+ {DSA-4500-1}
- chromium 75.0.3770.80-1
CVE-2019-5838 (Insufficient policy enforcement in extensions API in Google Chrome pri ...)
+ {DSA-4500-1}
- chromium 75.0.3770.80-1
CVE-2019-5837 (Resource size information leakage in Blink in Google Chrome prior to 7 ...)
+ {DSA-4500-1}
- chromium 75.0.3770.80-1
CVE-2019-5836 (Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 a ...)
+ {DSA-4500-1}
- chromium 75.0.3770.80-1
CVE-2019-5835 (Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3 ...)
- chromium 75.0.3770.80-1
CVE-2019-5834 (Insufficient data validation in Blink in Google Chrome prior to 75.0.3 ...)
+ {DSA-4500-1}
- chromium <not-affected> (iOS-specific)
CVE-2019-5833 (Incorrect dialog box scoping in browser in Google Chrome on Android pr ...)
+ {DSA-4500-1}
- chromium 75.0.3770.80-1
CVE-2019-5832 (Insufficient policy enforcement in XMLHttpRequest in Google Chrome pri ...)
+ {DSA-4500-1}
- chromium 75.0.3770.80-1
CVE-2019-5831 (Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 al ...)
+ {DSA-4500-1}
- chromium 75.0.3770.80-1
CVE-2019-5830 (Insufficient policy enforcement in CORS in Google Chrome prior to 75.0 ...)
+ {DSA-4500-1}
- chromium 75.0.3770.80-1
CVE-2019-5829 (Integer overflow in download manager in Google Chrome prior to 75.0.37 ...)
+ {DSA-4500-1}
- chromium 75.0.3770.80-1
CVE-2019-5828 (Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0 ...)
+ {DSA-4500-1}
- chromium 75.0.3770.80-1
CVE-2019-5827 (Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3 ...)
+ {DSA-4500-1}
- chromium 75.0.3770.80-1
- sqlite3 3.27.2-3
[stretch] - sqlite3 <no-dsa> (Minor issue; mainly with inpact in chromium)
@@ -25792,23 +25868,32 @@ CVE-2019-5827 (Integer overflow in SQLite via WebSQL in Google Chrome prior to 7
NOTE: https://www.sqlite.org/src/info/0b6ae032c28e7fe3
CVE-2019-5826
RESERVED
+ {DSA-4500-1}
- chromium 75.0.3770.80-1
CVE-2019-5825
RESERVED
+ {DSA-4500-1}
- chromium 75.0.3770.80-1
CVE-2019-5824 (Parameter passing error in media in Google Chrome prior to 74.0.3729.1 ...)
+ {DSA-4500-1}
- chromium 75.0.3770.80-1
CVE-2019-5823 (Insufficient policy enforcement in service workers in Google Chrome pr ...)
+ {DSA-4500-1}
- chromium 74.0.3729.108-1
CVE-2019-5822 (Inappropriate implementation in Blink in Google Chrome prior to 74.0.3 ...)
+ {DSA-4500-1}
- chromium 74.0.3729.108-1
CVE-2019-5821 (Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 all ...)
+ {DSA-4500-1}
- chromium 74.0.3729.108-1
CVE-2019-5820 (Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 all ...)
+ {DSA-4500-1}
- chromium 74.0.3729.108-1
CVE-2019-5819 (Insufficient data validation in developer tools in Google Chrome on OS ...)
+ {DSA-4500-1}
- chromium 74.0.3729.108-1
CVE-2019-5818 (Uninitialized data in media in Google Chrome prior to 74.0.3729.108 al ...)
+ {DSA-4500-1}
- chromium 74.0.3729.108-1
CVE-2019-5817 (Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74. ...)
- chromium <not-affected> (Windows-specific)
@@ -25816,26 +25901,36 @@ CVE-2019-5816 (Process lifetime issue in Chrome in Google Chrome on Android prio
- chromium <not-affected> (Android-specific issue)
CVE-2019-5815
RESERVED
+ {DSA-4500-1}
- chromium 74.0.3729.108-1
CVE-2019-5814 (Insufficient policy enforcement in Blink in Google Chrome prior to 74. ...)
+ {DSA-4500-1}
- chromium 74.0.3729.108-1
CVE-2019-5813 (Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a ...)
+ {DSA-4500-1}
- chromium 74.0.3729.108-1
CVE-2019-5812 (Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.1 ...)
- chromium <not-affected> (iOS specific)
CVE-2019-5811 (Incorrect handling of CORS in ServiceWorker in Google Chrome prior to ...)
+ {DSA-4500-1}
- chromium 74.0.3729.108-1
CVE-2019-5810 (Information leak in autofill in Google Chrome prior to 74.0.3729.108 a ...)
+ {DSA-4500-1}
- chromium 74.0.3729.108-1
CVE-2019-5809 (Use after free in file chooser in Google Chrome prior to 74.0.3729.108 ...)
+ {DSA-4500-1}
- chromium 74.0.3729.108-1
CVE-2019-5808 (Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowe ...)
+ {DSA-4500-1}
- chromium 74.0.3729.108-1
CVE-2019-5807 (Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 al ...)
+ {DSA-4500-1}
- chromium 74.0.3729.108-1
CVE-2019-5806 (Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.37 ...)
+ {DSA-4500-1}
- chromium 74.0.3729.108-1
CVE-2019-5805 (Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allow ...)
+ {DSA-4500-1}
- chromium 74.0.3729.108-1
CVE-2019-5804 (Incorrect command line processing in Chrome in Google Chrome prior to ...)
- chromium <not-affected> (Windows-specific)
@@ -110123,7 +110218,7 @@ CVE-2017-12613 (When apr_time_exp*() or apr_os_exp_time*() functions are invoked
NOTE: Fixed by: https://github.com/apache/apr/commit/ad958385a4180d7a83d90589689fcd36e3bbc57a
CVE-2017-12612 (In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe de ...)
NOT-FOR-US: Apache Spark
-CVE-2017-12611 (In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, using an ...)
+CVE-2017-12611 (In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using ...)
- libstruts1.2-java <removed>
[wheezy] - libstruts1.2-java <ignored> (Minor issue)
NOTE: Only a problem if the application programmer has made a security mistake.
@@ -116557,7 +116652,7 @@ CVE-2017-9806 (A vulnerability in the OpenOffice Writer DOC file parser before 4
NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0295
NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-9806
NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=bb494d6bd8c5868f34bd8f9444ed3eb401145f10
-CVE-2017-9805 (The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and ...)
+CVE-2017-9805 (The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and ...)
- libstruts1.2-java <removed>
[wheezy] - libstruts1.2-java <not-affected> (vulnerable code not present)
NOTE: https://struts.apache.org/docs/s2-052.html
@@ -116598,13 +116693,13 @@ CVE-2017-9795 (When an Apache Geode cluster before v1.3.0 is operating in secure
NOT-FOR-US: Apache Geode
CVE-2017-9794 (When a cluster is operating in secure mode, a user with read privilege ...)
NOT-FOR-US: Apache Geode
-CVE-2017-9793 (The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through ...)
+CVE-2017-9793 (The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 t ...)
- libstruts1.2-java <removed>
[wheezy] - libstruts1.2-java <not-affected> (vulnerable code not present)
NOTE: https://struts.apache.org/docs/s2-051.html
CVE-2017-9792 (In Apache Impala (incubating) before 2.10.0, a malicious user with "AL ...)
NOT-FOR-US: Apache Impala
-CVE-2017-9791 (The Struts 1 plugin in Apache Struts 2.3.x might allow remote code exe ...)
+CVE-2017-9791 (The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remot ...)
- libstruts1.2-java <not-affected> (Vulnerable code not present)
NOTE: Issue is specific to Struts 2.x.
CVE-2017-9790 (When handling a libprocess message wrapped in an HTTP request, libproc ...)
@@ -155494,7 +155589,7 @@ CVE-2016-6796 (A malicious web application running on Apache Tomcat 9.0.0.M1 to
NOTE: Fixed by: http://svn.apache.org/r1758494 (8.0.x)
NOTE: Fixed by: http://svn.apache.org/r1758495 (7.0.x)
NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1758496 (6.0.x)
-CVE-2016-6795 (In the Convention plugin in Apache Struts 2.3.20 through 2.3.30, it is ...)
+CVE-2016-6795 (In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5 ...)
- libstruts1.2-java <removed>
[wheezy] - libstruts1.2-java <end-of-life> (no longer supported)
NOTE: https://struts.apache.org/docs/s2-042.html
@@ -164010,7 +164105,7 @@ CVE-2016-4439 (The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCS
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337502
-CVE-2016-4438 (The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows remo ...)
+CVE-2016-4438 (The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remo ...)
- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
NOTE: https://struts.apache.org/docs/s2-037.html
CVE-2016-4437 (Apache Shiro before 1.2.5, when a cipher key has not been configured f ...)
@@ -167645,7 +167740,7 @@ CVE-2016-3088 (The Fileserver web application in Apache ActiveMQ 5.x before 5.14
[jessie] - activemq <not-affected> (file server was only enabled in 5.13.2+dfsg-2)
[wheezy] - activemq <not-affected> (file server was only enabled in 5.13.2+dfsg-2)
NOTE: http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
-CVE-2016-3087 (Apache Struts 2.3.20.x before 2.3.20.3, 2.3.24.x before 2.3.24.3, and ...)
+CVE-2016-3087 (Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2. ...)
- libstruts1.2-java <not-affected> (Only affects Struts 2.x)
NOTE: https://struts.apache.org/docs/s2-033.html
CVE-2016-3086 (The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x bef ...)
@@ -167659,7 +167754,7 @@ CVE-2016-3083 (Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and
CVE-2016-3082 (XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.2 ...)
- libstruts1.2-java <not-affected> (Only affects Struts 2.x)
NOTE: https://struts.apache.org/docs/s2-031.html
-CVE-2016-3081 (Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.2 ...)
+CVE-2016-3081 (Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2. ...)
- libstruts1.2-java <not-affected> (Only affects Struts 2.x)
NOTE: https://struts.apache.org/docs/s2-032.html
CVE-2016-3080 (Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat ...)
@@ -229153,7 +229248,7 @@ CVE-2014-0117 (The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.1
- apache2 2.4.10-1
[squeeze] - apache2 <not-affected> (Affects 2.4.6 to 2.4.9)
[wheezy] - apache2 <not-affected> (Affects 2.4.6 to 2.4.9)
-CVE-2014-0116 (CookieInterceptor in Apache Struts 2.x before 2.3.16.3, when a wildcar ...)
+CVE-2014-0116 (CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard ...)
- libstruts1.2-java <not-affected> (Struts 2.0.0 through to Struts 2.3.16.2)
NOTE: https://cwiki.apache.org/confluence/display/WW/S2-022
CVE-2014-0115 (Directory traversal vulnerability in the log viewer in Apache Storm 0. ...)
@@ -229166,10 +229261,10 @@ CVE-2014-0114 (Apache Commons BeanUtils, as distributed in lib/commons-beanutils
[wheezy] - commons-beanutils <no-dsa> (Too intrusive to backport; might break existing apps)
[squeeze] - commons-beanutils <no-dsa> (Too intrusive to backport; might break existing apps)
NOTE: https://issues.apache.org/jira/browse/BEANUTILS-463
-CVE-2014-0113 (CookieInterceptor in Apache Struts before 2.3.16.2, when a wildcard co ...)
+CVE-2014-0113 (CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cook ...)
- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.16)
NOTE: https://struts.apache.org/release/2.3.x/docs/s2-021.html
-CVE-2014-0112 (ParametersInterceptor in Apache Struts before 2.3.16.2 does not proper ...)
+CVE-2014-0112 (ParametersInterceptor in Apache Struts before 2.3.20 does not properly ...)
- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.16)
NOTE: https://struts.apache.org/release/2.3.x/docs/s2-021.html
CVE-2014-0111 (Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote ...)
@@ -229244,7 +229339,7 @@ CVE-2014-0096 (java/org/apache/catalina/servlets/DefaultServlet.java in the defa
[wheezy] - tomcat7 7.0.28-4+deb7u4
CVE-2014-0095 (java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat ...)
- tomcat8 8.0.5-1
-CVE-2014-0094 (The ParametersInterceptor in Apache Struts before 2.3.16.1 allows remo ...)
+CVE-2014-0094 (The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remo ...)
- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.16)
CVE-2014-0093 (Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when usin ...)
NOT-FOR-US: JBoss EAP
@@ -242791,7 +242886,7 @@ CVE-2013-1968 (Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote au
CVE-2013-1967 (Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in M ...)
- owncloud <not-affected> (Vulnerable code not present)
NOTE: oC >= 4.5 only
-CVE-2013-1966 (Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arb ...)
+CVE-2013-1966 (Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arb ...)
- libstruts1.2-java <not-affected> (Only affects Struts 2)
CVE-2013-1965 (Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 b ...)
- libstruts1.2-java <not-affected> (Only affects Struts 2)
@@ -264525,7 +264620,7 @@ CVE-2012-0392 (The CookieInterceptor component in Apache Struts before 2.3.1.1 d
- libstruts1.2-java <not-affected> (Affects Struts 2, #657870)
CVE-2012-0391 (The ExceptionDelegator component in Apache Struts before 2.2.3.1 inter ...)
- libstruts1.2-java <not-affected> (Affects Struts 2, #657870)
-CVE-2011-5057 (Apache Struts 2.3.1.1 and earlier provides interfaces that do not prop ...)
+CVE-2011-5057 (Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces ...)
- libstruts1.2-java <not-affected> (Affects Struts 2, #657870)
CVE-2011-5056 (The authoritative server in MaraDNS through 2.0.04 computes hash value ...)
- maradns <not-affected> (Only affects 2.x, see #653838)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c9e8d23d176cc5ec0a26c971b8e2659c77a6df78
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c9e8d23d176cc5ec0a26c971b8e2659c77a6df78
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190813/58d0d9b0/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list