[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 9 20:10:59 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5ccc3367 by security tracker role at 2019-01-09T20:10:52Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2019-5753
+ RESERVED
+CVE-2019-5752
+ RESERVED
+CVE-2019-5751
+ RESERVED
+CVE-2019-5750
+ RESERVED
+CVE-2019-5749
+ RESERVED
+CVE-2019-5748 (In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might ...)
+ TODO: check
+CVE-2019-5747 (An issue was discovered in BusyBox through 1.30.0. An out of bounds ...)
+ TODO: check
+CVE-2019-5746
+ RESERVED
+CVE-2019-5745
+ RESERVED
+CVE-2019-5744
+ RESERVED
+CVE-2019-5743
+ RESERVED
+CVE-2019-5742
+ RESERVED
+CVE-2019-5741
+ RESERVED
+CVE-2019-5740
+ RESERVED
+CVE-2019-5739
+ RESERVED
+CVE-2019-5738
+ RESERVED
+CVE-2019-5737
+ RESERVED
+CVE-2018-20680 (Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. ...)
+ TODO: check
+CVE-2018-20679 (An issue was discovered in BusyBox before 1.30.0. An out of bounds read ...)
+ TODO: check
+CVE-2018-20678
+ RESERVED
CVE-2019-5736
RESERVED
CVE-2019-5735
@@ -4365,8 +4405,8 @@ CVE-2019-3583
RESERVED
CVE-2019-3582
RESERVED
-CVE-2019-3581
- RESERVED
+CVE-2019-3581 (Improper input validation in the proxy component of McAfee Web Gateway ...)
+ TODO: check
CVE-2018-20664 (Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via ...)
NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2018-20663 (The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA ...)
@@ -8532,20 +8572,20 @@ CVE-2018-20073 [chromium stores download meta data in extended attributes]
- chromium <unfixed>
CVE-2018-20072
RESERVED
-CVE-2018-20071
- RESERVED
-CVE-2018-20070
- RESERVED
-CVE-2018-20069
- RESERVED
-CVE-2018-20068
- RESERVED
-CVE-2018-20067
- RESERVED
-CVE-2018-20066
- RESERVED
-CVE-2018-20065
- RESERVED
+CVE-2018-20071 (Insufficiently strict origin checks during JIT payment app ...)
+ TODO: check
+CVE-2018-20070 (Incorrect handling of confusable characters in URL Formatter in Google ...)
+ TODO: check
+CVE-2018-20069 (Failure to prevent navigation to top frame to data URLs in Navigation ...)
+ TODO: check
+CVE-2018-20068 (Incorrect handling of 304 status codes in Navigation in Google Chrome ...)
+ TODO: check
+CVE-2018-20067 (A renderer initiated back navigation was incorrectly allowed to cancel ...)
+ TODO: check
+CVE-2018-20066 (Incorrect object lifecycle in Extensions in Google Chrome prior to ...)
+ TODO: check
+CVE-2018-20065 (Handling of URI action in PDFium in Google Chrome prior to ...)
+ TODO: check
CVE-2018-20064 (doorGets 7.0 allows remote attackers to write to arbitrary files via ...)
NOT-FOR-US: doorGets
CVE-2018-20063
@@ -13481,8 +13521,8 @@ CVE-2019-0544
RESERVED
CVE-2019-0543 (An elevation of privilege vulnerability exists when Windows improperly ...)
TODO: check
-CVE-2019-0542
- RESERVED
+CVE-2019-0542 (A remote code execution vulnerability exists in Xterm.js when the ...)
+ TODO: check
CVE-2019-0541 (A remote code execution vulnerability exists in the way that the ...)
TODO: check
CVE-2019-0540
@@ -19807,7 +19847,7 @@ CVE-2018-17483
RESERVED
CVE-2018-17482
RESERVED
-CVE-2018-17481 (Incorrect object lifecycle in PDFium in Google Chrome prior to ...)
+CVE-2018-17481 (Incorrect object lifecycle handling in PDFium in Google Chrome prior ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-17480 (Execution of user supplied Javascript during array deserialization ...)
@@ -19851,8 +19891,7 @@ CVE-2018-17471 (Incorrect dialog placement in WebContents in Google Chrome prior
{DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-17470
- RESERVED
+CVE-2018-17470 (A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 ...)
{DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -19892,12 +19931,12 @@ CVE-2018-17462 (Incorrect refcounting in AppCache in Google Chrome prior to ...)
{DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-17461
- RESERVED
+CVE-2018-17461 (An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 ...)
+ TODO: check
CVE-2018-17460
RESERVED
-CVE-2018-17457
- RESERVED
+CVE-2018-17457 (An object lifecycle issue in Blink could lead to a use after free in ...)
+ TODO: check
CVE-2018-17456 (Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x ...)
{DSA-4311-1 DLA-1533-1}
- git 1:2.19.1-1
@@ -21512,13 +21551,11 @@ CVE-2018-16947 (An issue was discovered in OpenAFS before 1.6.23 and 1.8.x befor
{DSA-4302-1 DLA-1513-1}
- openafs 1.8.2-1 (bug #908616)
NOTE: http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt
-CVE-2018-17458 [function signature mismatch in webassembly]
- RESERVED
+CVE-2018-17458 (An improper update of the WebAssembly dispatch table in WebAssembly in ...)
{DSA-4297-1}
- chromium-browser 69.0.3497.92-1 (bug #908806)
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-17459 [url spoofing in omnibox]
- RESERVED
+CVE-2018-17459 (Incorrect handling of clicks in the omnibox in Navigation in Google ...)
{DSA-4297-1}
- chromium-browser 69.0.3497.92-1 (bug #908806)
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -23389,13 +23426,11 @@ CVE-2018-16090 (In System Management Module (SMM) versions prior to 1.06, the SM
NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16089 (In System Management Module (SMM) versions prior to 1.06, a field in ...)
NOT-FOR-US: Lenovo / System Management Module (SMM)
-CVE-2018-16088
- RESERVED
+CVE-2018-16088 (A missing check for JS-simulated input events in Blink in Google ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16087
- RESERVED
+CVE-2018-16087 (Lack of proper state tracking in Permissions in Google Chrome prior to ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -23404,43 +23439,35 @@ CVE-2018-16086
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16085
- RESERVED
+CVE-2018-16085 (A use after free in ResourceCoordinator in Google Chrome prior to ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16084
- RESERVED
+CVE-2018-16084 (The default selected dialog button in CustomHandlers in Google Chrome ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16083
- RESERVED
+CVE-2018-16083 (An out of bounds read in forward error correction code in WebRTC in ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16082
- RESERVED
+CVE-2018-16082 (An out of bounds read in Swiftshader in Google Chrome prior to ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16081
- RESERVED
+CVE-2018-16081 (Allowing the chrome.debugger API to run on file:// URLs in DevTools in ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16080
- RESERVED
+CVE-2018-16080 (A missing check for popup window handling in Fullscreen in Google ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16079
- RESERVED
+CVE-2018-16079 (A race condition between permission prompts and navigations in Prompts ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16078
- RESERVED
+CVE-2018-16078 (Unsafe handling of credit card details in Autofill in Google Chrome ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -23449,8 +23476,7 @@ CVE-2018-16077
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16076
- RESERVED
+CVE-2018-16076 (Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -23469,11 +23495,9 @@ CVE-2018-16073
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16072
- RESERVED
+CVE-2018-16072 (A missing origin check related to HLS manifests in Blink in Google ...)
- chromium-browser <not-affected> (Android-specific)
-CVE-2018-16071
- RESERVED
+CVE-2018-16071 (A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -23487,23 +23511,19 @@ CVE-2018-16069
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16068
- RESERVED
+CVE-2018-16068 (Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16067
- RESERVED
+CVE-2018-16067 (A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16066
- RESERVED
+CVE-2018-16066 (A use after free in Blink in Google Chrome prior to 69.0.3497.81 ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16065
- RESERVED
+CVE-2018-16065 (A Javascript reentrancy issues that caused a use-after-free in V8 in ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50294,13 +50314,11 @@ CVE-2017-18075 (crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles fr
NOTE: Fixed by: https://git.kernel.org/linus/d76c68109f37cb85b243a1cf0f40313afd2bae68
CVE-2018-1000018 (An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 ...)
NOT-FOR-US: ovirt-engine
-CVE-2018-6179
- RESERVED
+CVE-2018-6179 (Insufficient enforcement of file access permission in the activeTab ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6178
- RESERVED
+CVE-2018-6178 (Eliding from the wrong side in an infobar in DevTools in Google Chrome ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50314,23 +50332,19 @@ CVE-2018-6176
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6175
- RESERVED
+CVE-2018-6175 (Incorrect handling of confusable characters in URL Formatter in Google ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6174
- RESERVED
+CVE-2018-6174 (Integer overflows in Swiftshader in Google Chrome prior to ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6173
- RESERVED
+CVE-2018-6173 (Incorrect handling of confusable characters in URL Formatter in Google ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6172
- RESERVED
+CVE-2018-6172 (Incorrect handling of confusable characters in URL Formatter in Google ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50339,13 +50353,11 @@ CVE-2018-6171
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6170
- RESERVED
+CVE-2018-6170 (A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6169
- RESERVED
+CVE-2018-6169 (Lack of timeout on extension install prompt in Extensions in Google ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50354,33 +50366,27 @@ CVE-2018-6168
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6167
- RESERVED
+CVE-2018-6167 (Incorrect handling of confusable characters in URL Formatter in Google ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6166
- RESERVED
+CVE-2018-6166 (Incorrect handling of confusable characters in URL Formatter in Google ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6165
- RESERVED
+CVE-2018-6165 (Incorrect handling of reloads in Navigation in Google Chrome prior to ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6164
- RESERVED
+CVE-2018-6164 (Insufficient origin checks for CSS content in Blink in Google Chrome ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6163
- RESERVED
+CVE-2018-6163 (Incorrect handling of confusable characters in URL Formatter in Google ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6162
- RESERVED
+CVE-2018-6162 (Improper deserialization in WebGL in Google Chrome on Mac prior to ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50389,16 +50395,14 @@ CVE-2018-6161
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6160
- RESERVED
+CVE-2018-6160 (JavaScript alert handling in Prompts in Google Chrome prior to ...)
- chromium-browser <not-affected> (Only affects Chrome on iOS)
CVE-2018-6159
RESERVED
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6158
- RESERVED
+CVE-2018-6158 (A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50422,8 +50426,7 @@ CVE-2018-6154
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6153
- RESERVED
+CVE-2018-6153 (A precision error in Skia in Google Chrome prior to 68.0.3440.75 ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50431,8 +50434,7 @@ CVE-2018-6152 (The implementation of the Page.downloadBehavior backend ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6151
- RESERVED
+CVE-2018-6151 (Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50451,8 +50453,7 @@ CVE-2018-6148
{DSA-4237-1}
- chromium-browser 67.0.3396.79-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6147
- RESERVED
+CVE-2018-6147 (Lack of secure text entry mode in Browser UI in Google Chrome on Mac ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50465,14 +50466,12 @@ CVE-2018-6145
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6144
- RESERVED
+CVE-2018-6144 (Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6143
- RESERVED
+CVE-2018-6143 (Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50483,20 +50482,17 @@ CVE-2018-6142
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6141
- RESERVED
+CVE-2018-6141 (Insufficient validation of an image filter in Skia in Google Chrome ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6140
- RESERVED
+CVE-2018-6140 (Allowing the chrome.debugger API to attach to Web UI pages in DevTools ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6139
- RESERVED
+CVE-2018-6139 (Insufficient target checks on the chrome.debugger API in DevTools in ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50507,8 +50503,7 @@ CVE-2018-6138
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6137
- RESERVED
+CVE-2018-6137 (CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50519,8 +50514,7 @@ CVE-2018-6136
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6135
- RESERVED
+CVE-2018-6135 (Lack of clearing the previous site before loading alerts from a new ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50531,8 +50525,7 @@ CVE-2018-6134
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6133
- RESERVED
+CVE-2018-6133 (Incorrect handling of confusable characters in URL Formatter in Google ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50564,14 +50557,12 @@ CVE-2018-6129
CVE-2018-6128
RESERVED
- chromium-browser <not-affected> (ios specific)
-CVE-2018-6127
- RESERVED
+CVE-2018-6127 (Early free of object in use in IndexDB in Google Chrome prior to ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6126
- RESERVED
+CVE-2018-6126 (A precision error in Skia in Google Chrome prior to 67.0.3396.62 ...)
{DSA-4237-1 DSA-4220-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50586,14 +50577,12 @@ CVE-2018-6125
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6124
- RESERVED
+CVE-2018-6124 (Type confusion in ReadableStreams in Blink in Google Chrome prior to ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6123
- RESERVED
+CVE-2018-6123 (A use after free in Blink in Google Chrome prior to 67.0.3396.62 ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50610,8 +50599,7 @@ CVE-2018-6121
- chromium-browser 66.0.3359.181-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6120
- RESERVED
+CVE-2018-6120 (An integer overflow that could lead to an attacker-controlled heap ...)
{DSA-4237-1}
- chromium-browser 66.0.3359.181-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50626,8 +50614,7 @@ CVE-2018-6118
- chromium-browser 66.0.3359.139-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6117
- RESERVED
+CVE-2018-6117 (Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50639,38 +50626,32 @@ CVE-2018-6116 (A nullptr dereference in WebAssembly in Google Chrome prior to ..
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6115 (Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file ...)
- chromium-browser <not-affected> (windows specific)
-CVE-2018-6114
- RESERVED
+CVE-2018-6114 (Incorrect enforcement of CSP for <object> tags in Blink in Google ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6113
- RESERVED
+CVE-2018-6113 (Improper handling of pending navigation entries in Navigation in ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6112
- RESERVED
+CVE-2018-6112 (Making URLs clickable and allowing them to be styled in DevTools in ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6111
- RESERVED
+CVE-2018-6111 (An object lifetime issue in the developer tools network handler in ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6110
- RESERVED
+CVE-2018-6110 (Parsing documents as HTML in Downloads in Google Chrome prior to ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6109
- RESERVED
+CVE-2018-6109 (readAsText() can indefinitely read the file picked by the user, rather ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50685,8 +50666,7 @@ CVE-2018-6107 (Incorrect handling of confusable characters in URL Formatter in G
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6106
- RESERVED
+CVE-2018-6106 (An asynchronous generator may return an incorrect state in V8 in ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50716,13 +50696,12 @@ CVE-2018-6101 (A lack of host validation in DevTools in Google Chrome prior to .
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6100
- RESERVED
+CVE-2018-6100 (Incorrect handling of confusable characters in URL Formatter in Google ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6099 (A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.106 ...)
+CVE-2018-6099 (A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50732,14 +50711,12 @@ CVE-2018-6098 (Incorrect handling of confusable characters in URL Formatter in G
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6097
- RESERVED
+CVE-2018-6097 (Incorrect handling of asynchronous methods in Fullscreen in Google ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6096
- RESERVED
+CVE-2018-6096 (A JavaScript focused window could overlap the fullscreen notification ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50754,8 +50731,7 @@ CVE-2018-6094 (Inline metadata in GarbageCollection in Google Chrome prior to ..
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6093
- RESERVED
+CVE-2018-6093 (Insufficient origin checks in Blink in Google Chrome prior to ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50765,8 +50741,7 @@ CVE-2018-6092 (An integer overflow on 32-bit systems in WebAssembly in Google Ch
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6091
- RESERVED
+CVE-2018-6091 (Service Workers can intercept any request made by an <embed> or ...)
{DSA-4182-1}
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -50801,8 +50776,7 @@ CVE-2018-6085 (Re-entry of a destructor in Networking Disk Cache in Google Chrom
- chromium-browser 66.0.3359.117-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6084
- RESERVED
+CVE-2018-6084 (Insufficiently sanitized distributed objects in Updater in Google ...)
- chromium-browser <not-affected> (Specific to MacOS)
CVE-2018-6083 (Failure to disallow PWA installation from CSP sandboxed pages in ...)
{DSA-4182-1}
@@ -50941,8 +50915,7 @@ CVE-2018-6057 (Lack of special casing of Android ashmem in Google Chrome prior t
- chromium-browser 65.0.3325.146-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6056
- RESERVED
+CVE-2018-6056 (Type confusion could lead to a heap out-of-bounds write in V8 in ...)
{DSA-4182-1}
[experimental] - chromium-browser 65.0.3325.73-1
- chromium-browser 65.0.3325.146-1
@@ -73584,8 +73557,8 @@ CVE-2017-15429 (Inappropriate implementation in V8 WebAssembly JS bindings in Go
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
-CVE-2017-15428
- RESERVED
+CVE-2017-15428 (Insufficient data validation in V8 builtins string generator could ...)
+ TODO: check
CVE-2017-15427 (Insufficient policy enforcement in Omnibox in Google Chrome prior to ...)
{DSA-4064-1}
- chromium-browser 63.0.3239.84-1
@@ -73620,7 +73593,7 @@ CVE-2017-15422 (Integer overflow in international date handling in International
NOTE: Issue fixed in: https://ssl.icu-project.org/trac/changeset/40654
CVE-2017-15421
RESERVED
-CVE-2017-15420 (Inappropriate implementation in browser navigation in Google Chrome ...)
+CVE-2017-15420 (Incorrect handling of back navigations in error pages in Navigation in ...)
{DSA-4103-1 DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -73695,16 +73668,16 @@ CVE-2017-15406 (A stack buffer overflow in V8 in Google Chrome prior to 62.0.320
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
-CVE-2017-15405
- RESERVED
-CVE-2017-15404
- RESERVED
-CVE-2017-15403
- RESERVED
-CVE-2017-15402
- RESERVED
-CVE-2017-15401
- RESERVED
+CVE-2017-15405 (Inappropriate symlink handling and a race condition in the stateful ...)
+ TODO: check
+CVE-2017-15404 (An ability to process crash dumps under root privileges and ...)
+ TODO: check
+CVE-2017-15403 (Insufficient data validation in crosh could lead to a command ...)
+ TODO: check
+CVE-2017-15402 (Using an ID that can be controlled by a compromised renderer which ...)
+ TODO: check
+CVE-2017-15401 (A memory corruption bug in WebAssembly could lead to out of bounds ...)
+ TODO: check
CVE-2017-15400 (Insufficient restriction of IPP filters in CUPS in Google Chrome OS ...)
{DSA-4243-1}
- cups 2.2.3-2
@@ -83591,8 +83564,8 @@ CVE-2017-12202
RESERVED
CVE-2017-12201
RESERVED
-CVE-2016-10403
- RESERVED
+CVE-2016-10403 (Insufficient data validation on image data in PDFium in Google Chrome ...)
+ TODO: check
CVE-2017-12425 (An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, ...)
{DSA-3924-1}
- varnish 5.0.0-7.1 (bug #870467)
@@ -118407,8 +118380,7 @@ CVE-2016-9652
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-9651
- RESERVED
+CVE-2016-9651 (A missing check for whether a property of a JS object is private in V8 ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5ccc3367638c52653e2347fa17686e5583ada6ae
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5ccc3367638c52653e2347fa17686e5583ada6ae
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190109/85c1b503/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list