[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 19 08:10:22 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f83cf5a6 by security tracker role at 2019-02-19T08:10:13Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2019-8933 (In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ ...)
+ TODO: check
+CVE-2019-8932
+ RESERVED
+CVE-2019-8931
+ RESERVED
+CVE-2019-8930
+ RESERVED
+CVE-2019-8929
+ RESERVED
+CVE-2019-8928
+ RESERVED
+CVE-2019-8927
+ RESERVED
+CVE-2019-8926
+ RESERVED
+CVE-2019-8925
+ RESERVED
+CVE-2019-8924
+ RESERVED
+CVE-2019-8923
+ RESERVED
+CVE-2019-8922
+ RESERVED
+CVE-2019-8921
+ RESERVED
+CVE-2019-8920
+ RESERVED
+CVE-2019-8919 (The seadroid (aka Seafile Android Client) application through 2.2.13 ...)
+ TODO: check
+CVE-2019-8918
+ RESERVED
CVE-2019-8917 (SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code ...)
NOT-FOR-US: SolarWinds Orion NPM
CVE-2019-8916
@@ -2701,8 +2733,8 @@ CVE-2019-7631
RESERVED
CVE-2019-7630
RESERVED
-CVE-2019-7629
- RESERVED
+CVE-2019-7629 (Stack-based buffer overflow in the strip_vt102_codes function in ...)
+ TODO: check
CVE-2019-7628 (Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail ...)
- pagure <itp> (bug #829046)
CVE-2019-7627
@@ -5647,6 +5679,7 @@ CVE-2018-20723 (A cross-site scripting (XSS) vulnerability exists in ...)
CVE-2018-20722
RESERVED
CVE-2018-20721 (URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds ...)
+ {DLA-1682-1}
- uriparser 0.9.1-1 (low)
[stretch] - uriparser <no-dsa> (Minor issue)
NOTE: https://github.com/uriparser/uriparser/commit/cef25028de5ff872c2e1f0a6c562eb3ea9ecbce4
@@ -7212,95 +7245,124 @@ CVE-2019-5785
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2019-5785
CVE-2019-5784
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.109-1
CVE-2019-5783
RESERVED
+ {DSA-4395-1}
CVE-2019-5782
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5781
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5780
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5779
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5778
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5777
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5776
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5775
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5774
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5773
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5772
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5771
RESERVED
- chromium <not-affected> (chromium package does not build swiftshader)
CVE-2019-5770
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5769
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5768
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5767
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5766
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5765
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5764
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5763
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5762
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5761
RESERVED
- chromium <not-affected> (chromium package does not build swiftshader)
CVE-2019-5760
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5759
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5758
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5757
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5756
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5755
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2019-5754
RESERVED
+ {DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2018-20685 (In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to ...)
{DSA-4387-1}
@@ -13871,38 +13933,47 @@ CVE-2018-20183
RESERVED
CVE-2018-20182 [Remote code execution in seamless_process_line()]
RESERVED
+ {DSA-4394-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20181 [Remote code execution in seamless_process()]
RESERVED
+ {DSA-4394-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20180 [Remote code execution in rdpsnddbg_process()]
RESERVED
+ {DSA-4394-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20179 [Remote code execution in lspci_process()]
RESERVED
+ {DSA-4394-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20178 [DoS in process_demand_active()]
RESERVED
+ {DSA-4394-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20177 [Memory corruption in rdp_in_unistr()]
RESERVED
+ {DSA-4394-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20176 [DoS in sec_parse_crypt_info() and in sec_recv()]
RESERVED
+ {DSA-4394-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20175 [DoS in mcs_recv_connect_response() and in mcs_parse_domain_params()]
RESERVED
+ {DSA-4394-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20174 [Major information leak in ui_clip_handle_data()]
RESERVED
+ {DSA-4394-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20173 (Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via ...)
@@ -27656,7 +27727,7 @@ CVE-2018-17483
CVE-2018-17482
RESERVED
CVE-2018-17481 (Incorrect object lifecycle handling in PDFium in Google Chrome prior ...)
- {DSA-4352-1}
+ {DSA-4395-1 DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-17480 (Execution of user supplied Javascript during array deserialization ...)
{DSA-4352-1}
@@ -50570,33 +50641,43 @@ CVE-2018-8801 (GitLab Community and Enterprise Editions version 8.3 up to 10.x b
- gitlab 10.5.6+dfsg-1 (bug #893905)
NOTE: https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
CVE-2018-8800 (rdesktop versions up to and including v1.8.3 contain a Heap-Based ...)
+ {DSA-4394-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8799 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds ...)
+ {DSA-4394-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8798 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds ...)
+ {DSA-4394-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8797 (rdesktop versions up to and including v1.8.3 contain a Heap-Based ...)
+ {DSA-4394-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8796 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds ...)
+ {DSA-4394-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8795 (rdesktop versions up to and including v1.8.3 contain an Integer ...)
+ {DSA-4394-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8794 (rdesktop versions up to and including v1.8.3 contain an Integer ...)
+ {DSA-4394-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8793 (rdesktop versions up to and including v1.8.3 contain a Heap-Based ...)
+ {DSA-4394-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8792 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds ...)
+ {DSA-4394-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8791 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds ...)
+ {DSA-4394-1}
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8790
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f83cf5a6b510077d87c329ba2ced0bf54ab48c7e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f83cf5a6b510077d87c329ba2ced0bf54ab48c7e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190219/1ab86451/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list