[Git][security-tracker-team/security-tracker][master] automatic update

Sun Feb 24 20:10:25 GMT 2019

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6d20cb4f by security tracker role at 2019-02-24T20:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other ...)
+	TODO: check
+CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a ...)
+	TODO: check
+CVE-2019-9080
+	RESERVED
+CVE-2019-9079
+	RESERVED
+CVE-2019-9078 (zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter ...)
+	TODO: check
+CVE-2018-20786 (libvterm through 0+bzr726, as used in Vim and other products, ...)
+	TODO: check
 CVE-2019-9077 (An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer ...)
 	- binutils <unfixed>
 	[stretch] - binutils <ignored> (Minor issue)
@@ -1571,8 +1583,8 @@ CVE-2019-8376 (An issue was discovered in Tcpreplay 4.3.1. A NULL pointer derefe
 	- tcpreplay <unfixed> (unimportant; bug #922624)
 	NOTE: https://github.com/appneta/tcpreplay/issues/537
 	NOTE: Crash in a CLI tool, no security impact
-CVE-2019-8375
-	RESERVED
+CVE-2019-8375 (The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 ...)
+	TODO: check
 CVE-2019-8374
 	RESERVED
 CVE-2019-8373
@@ -76165,6 +76177,7 @@ CVE-2018-0497 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allow
 	- polarssl <removed>
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
 CVE-2018-0496 (Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 ...)
+	{DLA-1686-1}
 	- freedink-dfarc 3.14-1
 	[stretch] - freedink-dfarc 3.12-1+deb9u1
 	NOTE: https://savannah.gnu.org/forum/forum.php?forum_id=9169
@@ -188483,7 +188496,7 @@ CVE-2014-8146 (The resolveImplicitLevels function in common/ubidi.c in the Unico
 	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: Patch: http://bugs.icu-project.org/trac/changeset/37162
 CVE-2014-8145 (Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 ...)
-	{DSA-3112-1 DLA-128-1}
+	{DSA-3112-1 DLA-1687-1 DLA-128-1}
 	- sox 14.4.2-2 (bug #773720)
 	[stretch] - sox 14.4.1-5+deb9u1
 	NOTE: The two needed patches were added in 14.4.1-5 but not to the series file



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d20cb4f24b906667036e37f36bb8c6399de09ef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d20cb4f24b906667036e37f36bb8c6399de09ef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190224/309d3156/attachment.html>
