[Git][security-tracker-team/security-tracker][master] automatic update

Tue Jan 15 08:10:22 GMT 2019

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1e64335e by security tracker role at 2019-01-15T08:10:14Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2019-6293 (An issue was discovered in the function mark_beginning_as_normal in ...)
+	TODO: check
+CVE-2019-6292 (An issue was discovered in singledocparser.cpp in yaml-cpp (aka ...)
+	TODO: check
+CVE-2019-6291 (An issue was discovered in the function expr6 in eval.c in Netwide ...)
+	TODO: check
+CVE-2019-6290 (An infinite recursion issue was discovered in eval.c in Netwide ...)
+	TODO: check
+CVE-2019-6289 (uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows ...)
+	TODO: check
+CVE-2019-6288
+	RESERVED
+CVE-2019-6287
+	RESERVED
+CVE-2019-6286 (In LibSass 3.5.5, a heap-based buffer over-read exists in ...)
+	TODO: check
+CVE-2019-6285 (The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka ...)
+	TODO: check
+CVE-2019-6284 (In LibSass 3.5.5, a heap-based buffer over-read exists in ...)
+	TODO: check
+CVE-2019-6283 (In LibSass 3.5.5, a heap-based buffer over-read exists in ...)
+	TODO: check
+CVE-2019-6282
+	RESERVED
+CVE-2019-6281
+	RESERVED
+CVE-2019-6280
+	RESERVED
+CVE-2019-6279
+	RESERVED
+CVE-2018-20712 (A heap-based buffer over-read exists in the function d_expression_1 in ...)
+	TODO: check
+CVE-2018-20711
+	RESERVED
+CVE-2018-20710
+	RESERVED
+CVE-2018-20709
+	RESERVED
+CVE-2018-20708
+	RESERVED
 CVE-2019-6278 (XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with ...)
 	NOT-FOR-US: JPress
 CVE-2019-6277
@@ -20,8 +60,8 @@ CVE-2019-6269
 	RESERVED
 CVE-2019-6268
 	RESERVED
-CVE-2019-6267
-	RESERVED
+CVE-2019-6267 (The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for ...)
+	TODO: check
 CVE-2019-6266
 	RESERVED
 CVE-2019-6265
@@ -67,6 +107,7 @@ CVE-2019-6251 (embed/ephy-web-view.c in GNOME Web (aka Epiphany) through 3.31.4
 CVE-2019-6249 (An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability ...)
 	NOT-FOR-US: HuCart
 CVE-2019-6250 (A pointer overflow, with code execution, was discovered in ZeroMQ ...)
+	{DSA-4368-1}
 	- zeromq3 4.3.1-1 (bug #919098)
 	[jessie] - zeromq3 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/zeromq/libzmq/issues/3351
@@ -9857,19 +9898,25 @@ CVE-2018-20073 [chromium stores download meta data in extended attributes]
 CVE-2018-20072
 	RESERVED
 CVE-2018-20071 (Insufficiently strict origin checks during JIT payment app ...)
+	{DSA-4330-1}
 	- chromium-browser 70.0.3538.67-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-20070 (Incorrect handling of confusable characters in URL Formatter in Google ...)
+	{DSA-4352-1}
 	- chromium 71.0.3578.80-1
 CVE-2018-20069 (Failure to prevent navigation to top frame to data URLs in Navigation ...)
 	- chromium <not-affected> (Specific to iOS)
 CVE-2018-20068 (Incorrect handling of 304 status codes in Navigation in Google Chrome ...)
+	{DSA-4352-1}
 	- chromium 71.0.3578.80-1
 CVE-2018-20067 (A renderer initiated back navigation was incorrectly allowed to cancel ...)
+	{DSA-4352-1}
 	- chromium 71.0.3578.80-1
 CVE-2018-20066 (Incorrect object lifecycle in Extensions in Google Chrome prior to ...)
+	{DSA-4352-1}
 	- chromium 71.0.3578.80-1
 CVE-2018-20065 (Handling of URI action in PDFium in Google Chrome prior to ...)
+	{DSA-4352-1}
 	- chromium 71.0.3578.80-1
 CVE-2018-20064 (doorGets 7.0 allows remote attackers to write to arbitrary files via ...)
 	NOT-FOR-US: doorGets
@@ -16090,9 +16137,11 @@ CVE-2018-19368
 CVE-2018-19367 (Portainer through 1.19.2 provides an API endpoint ...)
 	NOT-FOR-US: Portainer
 CVE-2018-19966 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
+	{DSA-4369-1}
 	- xen 4.11.1-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-280.txt
 CVE-2018-19965 (An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest ...)
+	{DSA-4369-1}
 	- xen 4.11.1-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-279.txt
 CVE-2018-19964 (An issue was discovered in Xen 4.11.x allowing x86 guest OS users to ...)
@@ -16106,9 +16155,11 @@ CVE-2018-19963 (An issue was discovered in Xen 4.11 allowing HVM guest OS users
 	[jessie] - xen <not-affected> (Only affects 4.11)
 	NOTE: https://xenbits.xen.org/xsa/advisory-276.txt
 CVE-2018-19962 (An issue was discovered in Xen through 4.11.x on AMD x86 platforms, ...)
+	{DSA-4369-1}
 	- xen 4.11.1-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-275.txt
 CVE-2018-19961 (An issue was discovered in Xen through 4.11.x on AMD x86 platforms, ...)
+	{DSA-4369-1}
 	- xen 4.11.1-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-275.txt
 CVE-2018-19366
@@ -17026,7 +17077,7 @@ CVE-2018-19117
 CVE-2018-19116
 	RESERVED
 CVE-2018-19967 (An issue was discovered in Xen through 4.11.x on Intel x86 platforms ...)
-	{DLA-1577-1}
+	{DSA-4369-1 DLA-1577-1}
 	- xen 4.11.1-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-282.txt
 CVE-2018-19115 (keepalived before 2.0.7 has a heap-based buffer overflow when parsing ...)
@@ -22600,8 +22651,7 @@ CVE-2018-16889 [debug logging for v4 auth does not sanitize encryption keys]
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1665334
 	NOTE: http://tracker.ceph.com/issues/37847
 	NOTE: https://github.com/ceph/ceph/commit/ba55e2a96c9dfcc7aa2311431beaaa23cb05c30d
-CVE-2018-16888 [kills privileged process if unprivileged PIDFile was tampered]
-	RESERVED
+CVE-2018-16888 (It was discovered systemd does not correctly check the content of ...)
 	- systemd 237-1
 	[jessie] - systemd <no-dsa> (low priority because this is inherently a bug in the PID file logic)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1662867



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e64335ef412de2b2d656e2a9a3bae3aa9f91e64

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e64335ef412de2b2d656e2a9a3bae3aa9f91e64
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190115/82d6a407/attachment.html>
