[Git][security-tracker-team/security-tracker][master] new borgbackup issue

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d17effe2 by Moritz Muehlenhoff at 2019-02-11T10:58:51Z
new borgbackup issue
gpac bug
zoneminder, yum-utils fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-XXXX [borgbackup unspecified security issue]
+	- borgbackup 1.1.9-1
 CVE-2019-7721 (lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the ...)
 	TODO: check
 CVE-2019-7720 (taocms through 2014-05-24 allows eval injection by placing PHP code in ...)
@@ -437,19 +439,19 @@ CVE-2019-7543 (In KindEditor 4.1.11, the php/demo.php content1 parameter has a .
 CVE-2019-7542
 	RESERVED
 CVE-2018-20763 (In GPAC through 0.7.2, gf_text_get_utf8_line in ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #921969)
 	NOTE: https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd
 	NOTE: https://github.com/gpac/gpac/issues/1188
 CVE-2018-20762 (GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #921969)
 	NOTE: https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658
 	NOTE: https://github.com/gpac/gpac/issues/1187
 CVE-2018-20761 (GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #921969)
 	NOTE: https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658
 	NOTE: https://github.com/gpac/gpac/issues/1186
 CVE-2018-20760 (In GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #921969)
 	NOTE: https://github.com/gpac/gpac/commit/4c1360818fc8948e9307059fba4dc47ba8ad255d
 	NOTE: https://github.com/gpac/gpac/issues/1177
 CVE-2019-7541
@@ -1820,15 +1822,15 @@ CVE-2019-6994
 CVE-2019-6993
 	RESERVED
 CVE-2019-6992 (A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ...)
-	- zoneminder <unfixed> (bug #920999)
+	- zoneminder 1.32.3-2 (bug #920999)
 	NOTE: https://github.com/ZoneMinder/zoneminder/commit/8c5687ca308e441742725e0aff9075779fa1a498
 	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2445
 CVE-2019-6991 (A classic Stack-based buffer overflow exists in the zmLoadUser() ...)
-	- zoneminder <unfixed> (bug #921000)
+	- zoneminder 1.32.3-2 (bug #921000)
 	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2478
 	NOTE: https://github.com/ZoneMinder/zoneminder/pull/2482
 CVE-2019-6990 (A stored-self XSS exists in web/skins/classic/views/zones.php of ...)
-	- zoneminder <unfixed> (bug #921001)
+	- zoneminder 1.32.3-2 (bug #921001)
 	NOTE: https://github.com/ZoneMinder/zoneminder/commit/a3e8fd4fd5b579865f35aac3b964bc78d5b7a94a
 	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2444
 CVE-2016-10741 (In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users ...)
@@ -2350,7 +2352,7 @@ CVE-2019-6778 [slirp: heap buffer overflow in tcp_emu()]
 	- slirp4netns 0.2.1-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html
 CVE-2019-6777 (An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in ...)
-	- zoneminder <unfixed> (bug #920375)
+	- zoneminder 1.32.3-2 (bug #920375)
 	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2436
 	NOTE: https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41
 CVE-2019-6776
@@ -42470,7 +42472,7 @@ CVE-2018-10899
 CVE-2018-10898 (A vulnerability was found in openstack-tripleo-heat-templates before ...)
 	- tripleo-heat-templates <removed>
 CVE-2018-10897 (A directory traversal issue was found in reposync, a part of ...)
-	- yum-utils <unfixed> (bug #921131)
+	- yum-utils 1.1.31-2.1 (bug #921131)
 	[stretch] - yum-utils <ignored> (Minor issue)
 	[jessie] - yum-utils <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1600221



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d17effe211ab1f8c67d606c3d55f074bc2004da5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d17effe211ab1f8c67d606c3d55f074bc2004da5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190211/3503fc65/attachment.html>