[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Feb 27 20:10:29 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ef7f6ce2 by security tracker role at 2019-02-27T20:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2019-9212 (SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary ...)
+	TODO: check
+CVE-2019-9211 (There is a reachable assertion abort in the function ...)
+	TODO: check
+CVE-2019-9210 (In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer ...)
+	TODO: check
+CVE-2018-20797 (An issue was discovered in PoDoFo 0.9.6. There is an attempted ...)
+	TODO: check
 CVE-2019-9209
 	RESERVED
 CVE-2019-9208
@@ -1825,8 +1833,8 @@ CVE-2019-8412 (FeiFeiCms 4.0.181010 on Windows allows remote attackers to read o
 	NOT-FOR-US: FeiFeiCms
 CVE-2019-8411 (admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to ...)
 	NOT-FOR-US: zzcms
-CVE-2019-8410
-	RESERVED
+CVE-2019-8410 (Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter ...)
+	TODO: check
 CVE-2019-8409
 	RESERVED
 CVE-2019-8408 (OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by ...)
@@ -3728,18 +3736,22 @@ CVE-2019-7543 (In KindEditor 4.1.11, the php/demo.php content1 parameter has a .
 CVE-2019-7542
 	RESERVED
 CVE-2018-20763 (In GPAC through 0.7.2, gf_text_get_utf8_line in ...)
+	{DLA-1693-1}
 	- gpac <unfixed> (bug #921969)
 	NOTE: https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd
 	NOTE: https://github.com/gpac/gpac/issues/1188
 CVE-2018-20762 (GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in ...)
+	{DLA-1693-1}
 	- gpac <unfixed> (bug #921969)
 	NOTE: https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658
 	NOTE: https://github.com/gpac/gpac/issues/1187
 CVE-2018-20761 (GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in ...)
+	{DLA-1693-1}
 	- gpac <unfixed> (bug #921969)
 	NOTE: https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658
 	NOTE: https://github.com/gpac/gpac/issues/1186
 CVE-2018-20760 (In GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in ...)
+	{DLA-1693-1}
 	- gpac <unfixed> (bug #921969)
 	NOTE: https://github.com/gpac/gpac/commit/4c1360818fc8948e9307059fba4dc47ba8ad255d
 	NOTE: https://github.com/gpac/gpac/issues/1177
@@ -5570,6 +5582,7 @@ CVE-2019-6801
 CVE-2019-6800
 	RESERVED
 CVE-2019-6799 (An issue was discovered in phpMyAdmin before 4.8.5. When the ...)
+	{DLA-1692-1}
 	- phpmyadmin <unfixed> (bug #920823)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2019-1/
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/aeac90623e525057a7672ab3d98154b5c57c15ec
@@ -8833,8 +8846,8 @@ CVE-2019-5493
 	RESERVED
 CVE-2019-5492
 	RESERVED
-CVE-2019-5491
-	RESERVED
+CVE-2019-5491 (Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 ...)
+	TODO: check
 CVE-2019-5490
 	RESERVED
 CVE-2019-5488 (EARCLINK ESPCMS-P8 has SQL injection in the ...)
@@ -14554,8 +14567,8 @@ CVE-2018-20246
 	REJECTED
 CVE-2018-20245 (The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior ...)
 	NOT-FOR-US: Apache Airflow
-CVE-2018-20244
-	RESERVED
+CVE-2018-20244 (In Apache Airflow before 1.10.2, a malicious admin user could edit the ...)
+	TODO: check
 CVE-2018-20243
 	RESERVED
 CVE-2018-20242 (A carefully crafted URL could trigger an XSS vulnerability on Apache ...)
@@ -54216,6 +54229,7 @@ CVE-2018-7720 (A cross-site request forgery (CSRF) vulnerability exists in Weste
 CVE-2018-7719 (Acrolinx Server before 5.2.5 on Windows allows Directory Traversal. ...)
 	NOT-FOR-US: Acrolinx Server
 CVE-2018-7752 (GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps ...)
+	{DLA-1693-1}
 	- gpac <unfixed> (bug #892526)
 	[stretch] - gpac <no-dsa> (Minor issue)
 	[wheezy] - gpac <not-affected> (vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef7f6ce2ceeb5f747206f81afb40640214e620c9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef7f6ce2ceeb5f747206f81afb40640214e620c9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190227/09e97379/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list