[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Aug 17 09:10:24 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
66874c00 by security tracker role at 2019-08-17T08:10:12Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-15124
+	RESERVED
 CVE-2019-15123
 	RESERVED
 CVE-2019-15122
@@ -14,14 +16,14 @@ CVE-2019-15118 (check_input_term in sound/usb/mixer.c in the Linux kernel throug
 CVE-2019-15117 (parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel throug ...)
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/daac07156b330b18eb5071aec4b3ddca1c377f2c
-CVE-2019-15116
-	RESERVED
-CVE-2019-15115
-	RESERVED
-CVE-2019-15114
-	RESERVED
-CVE-2019-15113
-	RESERVED
+CVE-2019-15116 (The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS  ...)
+	TODO: check
+CVE-2019-15115 (The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. ...)
+	TODO: check
+CVE-2019-15114 (The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF. ...)
+	TODO: check
+CVE-2019-15113 (The companion-sitemap-generator plugin before 3.7.0 for WordPress has  ...)
+	TODO: check
 CVE-2019-15112
 	RESERVED
 CVE-2019-15111
@@ -76,14 +78,14 @@ CVE-2019-15084 (Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops,
 	TODO: check
 CVE-2019-15083
 	RESERVED
-CVE-2018-20974
-	RESERVED
-CVE-2018-20973
-	RESERVED
-CVE-2018-20972
-	RESERVED
-CVE-2018-20971
-	RESERVED
+CVE-2018-20974 (The js-jobs plugin before 1.0.7 for WordPress has CSRF. ...)
+	TODO: check
+CVE-2018-20973 (The companion-auto-update plugin before 3.2.1 for WordPress has local  ...)
+	TODO: check
+CVE-2018-20972 (The companion-auto-update plugin before 3.2.1 for WordPress has CSRF. ...)
+	TODO: check
+CVE-2018-20971 (The church-admin plugin before 1.2550 for WordPress has CSRF affecting ...)
+	TODO: check
 CVE-2018-20970
 	RESERVED
 CVE-2018-20969 (do_ed_script in pch.c in GNU patch through 2.7.6 does not block string ...)
@@ -92,20 +94,20 @@ CVE-2018-20969 (do_ed_script in pch.c in GNU patch through 2.7.6 does not block
 	NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0
 CVE-2017-18548 (The note-press plugin before 0.1.2 for WordPress has SQL injection. ...)
 	NOT-FOR-US: note-press plugin for WordPress
-CVE-2017-18547
-	RESERVED
-CVE-2017-18546
-	RESERVED
-CVE-2017-18545
-	RESERVED
-CVE-2017-18544
-	RESERVED
-CVE-2017-18543
-	RESERVED
-CVE-2017-18542
-	RESERVED
-CVE-2017-18541
-	RESERVED
+CVE-2017-18547 (The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in exp ...)
+	TODO: check
+CVE-2017-18546 (The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF. ...)
+	TODO: check
+CVE-2017-18545 (The invite-anyone plugin before 1.3.16 for WordPress has incorrect esc ...)
+	TODO: check
+CVE-2017-18544 (The invite-anyone plugin before 1.3.16 for WordPress has admin-panel C ...)
+	TODO: check
+CVE-2017-18543 (The invite-anyone plugin before 1.3.16 for WordPress has incorrect acc ...)
+	TODO: check
+CVE-2017-18542 (The zendesk-help-center plugin before 1.0.5 for WordPress has multiple ...)
+	TODO: check
+CVE-2017-18541 (The xo-security plugin before 1.5.3 for WordPress has XSS. ...)
+	TODO: check
 CVE-2017-18540
 	RESERVED
 CVE-2017-18539
@@ -160,18 +162,18 @@ CVE-2015-9326 (The wp-business-intelligence-lite plugin before 1.6.3 for WordPre
 	NOT-FOR-US: wp-business-intelligence-lite plugin for WordPress
 CVE-2015-9325 (The visitors-online plugin before 0.4 for WordPress has SQL injection. ...)
 	NOT-FOR-US: visitors-online plugin for WordPress
-CVE-2015-9324
-	RESERVED
-CVE-2015-9323
-	RESERVED
-CVE-2015-9322
-	RESERVED
+CVE-2015-9324 (The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL i ...)
+	TODO: check
+CVE-2015-9323 (The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection. ...)
+	TODO: check
+CVE-2015-9322 (The erident-custom-login-and-dashboard plugin before 3.5 for WordPress ...)
+	TODO: check
 CVE-2015-9321
 	RESERVED
 CVE-2015-9320
 	RESERVED
-CVE-2014-10376
-	RESERVED
+CVE-2014-10376 (The i-recommend-this plugin before 3.7.3 for WordPress has SQL injecti ...)
+	TODO: check
 CVE-2019-15099 (drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2. ...)
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/linux-wireless/20190804003101.11541-1-benquike@gmail.com/T/#u
@@ -7793,7 +7795,7 @@ CVE-2019-12732 (The Chartkick gem through 3.1.0 for Ruby allows XSS. ...)
 CVE-2019-12731 (The Windows versions of Snapview Mikogo, versions before 5.10.2 are af ...)
 	NOT-FOR-US: Snapview Mikogo
 CVE-2019-12730 (aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x  ...)
-	{DSA-4449-1}
+	{DSA-4502-1 DSA-4449-1}
 	- ffmpeg 7:4.1.4-1 (low; bug #932469)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b
 CVE-2019-12729



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/66874c0091b028f50acebf85f259b61a166d1488

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/66874c0091b028f50acebf85f259b61a166d1488
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190817/599efcb5/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list