[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2018-20745/yii, itp'ed

Salvatore Bonaccorso carnil at debian.org
Mon Jan 28 20:35:15 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
57ddd1d5 by Salvatore Bonaccorso at 2019-01-28T20:34:13Z
Add CVE-2018-20745/yii, itp'ed

- - - - -
81863e68 by Salvatore Bonaccorso at 2019-01-28T20:34:39Z
Adjust two previous CVE-2018-6009 and CVE-2018-6010 to be tracked for yii

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2019-6980
 CVE-2019-6979 (An issue was discovered in the User IP History Logs (aka ...)
 	NOT-FOR-US: IP History Logs plugin for MyBB
 CVE-2018-20745 (Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into ...)
-	TODO: check
+	- yii <itp> (bug #597899)
 CVE-2018-20744 (The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a ...)
 	TODO: check
 CVE-2019-6978 (The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the ...)
@@ -54271,9 +54271,9 @@ CVE-2018-6012 (The 'Weather Service' feature of the Green Electronics RainMachin
 CVE-2018-6011 (The time-based one-time-password (TOTP) function in the application ...)
 	NOT-FOR-US: Green Electronics
 CVE-2018-6010 (In Yii Framework 2.x before 2.0.14, remote attackers could obtain ...)
-	NOT-FOR-US: Yii Framework
+	- yii <itp> (bug #597899)
 CVE-2018-6009 (In Yii Framework 2.x before 2.0.14, the switchIdentity function in ...)
-	NOT-FOR-US: Yii Framework
+	- yii <itp> (bug #597899)
 CVE-2018-6008 (Arbitrary File Download exists in the Jtag Members Directory 5.3.7 ...)
 	NOT-FOR-US: Jtag Members Directory component for Joomla!
 CVE-2018-6007 (CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/978af421ce42725ac173588ebea63385a49ad2d8...81863e6844858a94771569d8242e21c8255bc9a4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/978af421ce42725ac173588ebea63385a49ad2d8...81863e6844858a94771569d8242e21c8255bc9a4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190128/63902ae3/attachment.html>

More information about the debian-security-tracker-commits mailing list