[Git][security-tracker-team/security-tracker][master] new borgbackup issue
Moritz Muehlenhoff
jmm at debian.org
Mon Feb 11 10:59:22 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d17effe2 by Moritz Muehlenhoff at 2019-02-11T10:58:51Z
new borgbackup issue
gpac bug
zoneminder, yum-utils fixed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-XXXX [borgbackup unspecified security issue]
+ - borgbackup 1.1.9-1
CVE-2019-7721 (lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the ...)
TODO: check
CVE-2019-7720 (taocms through 2014-05-24 allows eval injection by placing PHP code in ...)
@@ -437,19 +439,19 @@ CVE-2019-7543 (In KindEditor 4.1.11, the php/demo.php content1 parameter has a .
CVE-2019-7542
RESERVED
CVE-2018-20763 (In GPAC through 0.7.2, gf_text_get_utf8_line in ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #921969)
NOTE: https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd
NOTE: https://github.com/gpac/gpac/issues/1188
CVE-2018-20762 (GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #921969)
NOTE: https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658
NOTE: https://github.com/gpac/gpac/issues/1187
CVE-2018-20761 (GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #921969)
NOTE: https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658
NOTE: https://github.com/gpac/gpac/issues/1186
CVE-2018-20760 (In GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #921969)
NOTE: https://github.com/gpac/gpac/commit/4c1360818fc8948e9307059fba4dc47ba8ad255d
NOTE: https://github.com/gpac/gpac/issues/1177
CVE-2019-7541
@@ -1820,15 +1822,15 @@ CVE-2019-6994
CVE-2019-6993
RESERVED
CVE-2019-6992 (A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ...)
- - zoneminder <unfixed> (bug #920999)
+ - zoneminder 1.32.3-2 (bug #920999)
NOTE: https://github.com/ZoneMinder/zoneminder/commit/8c5687ca308e441742725e0aff9075779fa1a498
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2445
CVE-2019-6991 (A classic Stack-based buffer overflow exists in the zmLoadUser() ...)
- - zoneminder <unfixed> (bug #921000)
+ - zoneminder 1.32.3-2 (bug #921000)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2478
NOTE: https://github.com/ZoneMinder/zoneminder/pull/2482
CVE-2019-6990 (A stored-self XSS exists in web/skins/classic/views/zones.php of ...)
- - zoneminder <unfixed> (bug #921001)
+ - zoneminder 1.32.3-2 (bug #921001)
NOTE: https://github.com/ZoneMinder/zoneminder/commit/a3e8fd4fd5b579865f35aac3b964bc78d5b7a94a
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2444
CVE-2016-10741 (In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users ...)
@@ -2350,7 +2352,7 @@ CVE-2019-6778 [slirp: heap buffer overflow in tcp_emu()]
- slirp4netns 0.2.1-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html
CVE-2019-6777 (An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in ...)
- - zoneminder <unfixed> (bug #920375)
+ - zoneminder 1.32.3-2 (bug #920375)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2436
NOTE: https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41
CVE-2019-6776
@@ -42470,7 +42472,7 @@ CVE-2018-10899
CVE-2018-10898 (A vulnerability was found in openstack-tripleo-heat-templates before ...)
- tripleo-heat-templates <removed>
CVE-2018-10897 (A directory traversal issue was found in reposync, a part of ...)
- - yum-utils <unfixed> (bug #921131)
+ - yum-utils 1.1.31-2.1 (bug #921131)
[stretch] - yum-utils <ignored> (Minor issue)
[jessie] - yum-utils <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1600221
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d17effe211ab1f8c67d606c3d55f074bc2004da5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d17effe211ab1f8c67d606c3d55f074bc2004da5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190211/3503fc65/attachment.html>
More information about the debian-security-tracker-commits
mailing list